22 Feb 2014
A client of mine has asked me to assist them in finding a full-time Senior OpenAM Engineer. They are a startup, based in Northern, Virginia. They are working on some pretty cool initiatives with OAUTH2 and SAML and need an experienced engineer to lead this effort. If you are interested in this please feel free […]
22 Feb 2014 3:20pm GMT
DIAMOND Online に、『「響きの科楽」著者ジョン・パウエル博士が明かすあなたの知らない音楽の秘密』という記事が出ていた。 その中で、「多くの作曲家が誤解していること」として、「最初に使うキー（長短の調）次第で […]
22 Feb 2014 3:00pm GMT
21 Feb 2014
21 Feb 2014 10:10pm GMT
My colleague Warren, who I had the pleasure to work with at Sun and again with ForgeRock, has been playing with Ansible and has produced 2 roles to install OpenDJ and to configure replication. Check Warren's blog post for the details, or go directly to the Ansible Galaxy.Filed under: Directory Services Tagged: ansible, devops, directory, […]
21 Feb 2014 4:57pm GMT
Fifty two years ago yesterday, I was sitting in my aunt's house in Salt Lake City, UT, while John Glenn was orbiting the earth in the Friendship 7 Mercury space capsule. What an exciting, pivotal accomplishment in the history of US space travel! Thanks to NASA for providing the photo and nostalgic reminder.
21 Feb 2014 3:11pm GMT
In developing SCUID, we've been taking a very deep look at how the very nature of online identity (mostly enterprise identity, but a lot of it extends equally well to the broader definition of online identity) is changing in terms of how it is managed and what it needs to support. And in addition to...
21 Feb 2014 1:47pm GMT
Microsoft Rights Management Services (RMS) is a solution that might help Secure Information Sharing become a topic for the masses, at least at the enterprise level. I just recently wrote a report on the product. However, as with any Information Security technology - especially ones that are Cloud-based - there are questions about security details.
For Microsoft Azure RMS specifically, it is worthwhile to look at this post. It describes in detail how RMS protects and consumes documents. The other document worth having a look at is a whitepaper Microsoft published a while ago. That whitepaper goes (among other topics) into detail regarding two important aspects:
- The various deployment options from fully Cloud to "pretty much on premises"
- The BYOK (Bring Your Own Key) approach that allows doing a lot of things based on local HSMs (Hardware Security Modules)
These might answer some of the questions you might have concerning security and confidentiality of Microsoft RMS.
21 Feb 2014 10:00am GMT
20 Feb 2014
20 Feb 2014 9:48pm GMT
As you might have seen on the WebDev blog, today we unveiled the first preview of the new WS-Federation support in Microsoft OWIN Components. In this quick post you'll see the new programming model in action. We will create a basic, no-frills app and configure it to authenticate users via WS-Federation and Windows Azure [...]
20 Feb 2014 8:20pm GMT
With the OpenID Connect specifications expected to be approved on Tuesday, February 25, 2014, a set of answers to Frequently Asked Questions has been published at http://openid.net/connect/faq/ to help answer questions people might have about OpenID Connect. OpenID Connect is an interoperable authentication protocol based on the OAuth 2.0 family of specifications. It uses straightforward [...]
20 Feb 2014 5:40pm GMT
Last week, I posted about a syndrome I called "trapped in the future." We often get stuck in this kind of future dreaming, because even if the target we want to achieve is great, the challenge of getting there seems so high. We tend to overplay the characteristics of the ideal solution, imagining the perfect […]
20 Feb 2014 5:30pm GMT
Julian Bond: Just coming up to 20 Years since the release of Aphex Twin - Selected Ambient Works Vol II.
Which reminds me that I freaked out my 8 year old daughter by playing it loud in the room below hers after she'd gone to bed.
Little known fact. In late 1994, the Japanese anime series Macross Plus debuted. Set in a future time, in its first episode there's a moment when a rotating video ad at a bus stop promises the release of AFX's Selected Ambient Works Vol. 23 2038-2040, complete with that first ambient collection logo.
And by the way. It's not ambient music to fill in the spaces behind whatever else you're doing. It should be played loud and given attention.
Two decades since the release of Aphex Twin's second collection of Ambient Works, Ned Raggett revisits an album whose enigmatic internal logic remains as intriguing and beguiling as ever
[from: Google+ Posts]
20 Feb 2014 4:36pm GMT
20 Feb 2014 3:21pm GMT
In the LDAP information model, a syntax constrains the structure and format of attribute values. OpenDJ defines and implements a large number of syntaxes (you can discover them by reading the ldapSyntaxes attribute from the cn=Schema entry). But infrequently, we receive enquiries on an obscure and non standard syntax, often in the form of "I'm having an error […]
20 Feb 2014 12:17pm GMT
It appears that G+ embeds a live player for soundcloud in the post, but none of this turns up in activities.list. This issue is logged in https://code.google.com/p/google-plus-platform/issues/detail?id=407 but there's been no progress.
[from: Google+ Posts]
20 Feb 2014 10:20am GMT
In my new report "Entitlement & Access Governance", published yesterday, I introduce a new term and abbreviation: EAG for Entitlement & Access Governance. Thanks to Dave Kearns for proposing that term - I like it because it reflects what this is about.
EAG describes approaches that some vendors currently call "Data Governance," but enhanced and extended. It is about combining fine-grained entitlement management at the system level and the cross-system Identity Provisioning and Access Governance. We see an increasing number of vendors moving in that direction, closing the gap between Identity Provisioning and Access Governance on the one hand and the system-level, detailed management of entitlements on the other.
There always has been a predetermined breaking point between the Identity Provisioning layer (and the Access Governance layer on top of Provisioning) and the system-level entitlement management. While Identity Provisioning typically works on the level of, for instance, Active Directory global groups or SAP business roles, many systems (including Active Directory and SAP) have another system-specific hierarchical entitlement structure below that level. System administrators manage these. If a system administrator changes low-level entitlements - instance.g., the ACLs of a local group that is part of a global group - the Identity Provisioning system will not recognize that, at least not in most common deployments today. It will also become too complex to manage everything top-down, so there is a reason for system-level solutions.
EAG balances these requirements, by centralizing functions such as request and approval while leaving system-specific tasks local. I expect EAG to become the next big evolutionary step in core IAM, with some preliminary solutions already out there.
20 Feb 2014 9:22am GMT