18 Oct 2014

feedPlanet Identity

Nat Sakimura: オンラインサービスにおける消費者のプライバシーに配慮した情報提供・説明のためのガイドラインを策定しました(METI/経済産業省)

検討委員会の委員としてお手伝いしたガイドラインが発表されました。 経産省「オンラインサービスにおける消費者のプライバシーに配慮した情報提供・説明のためのガイドライン」 これは、一昨年のIT融合フォーラム パーソナルデータ […]

18 Oct 2014 11:08pm GMT

Nat Sakimura: 消費者の金融取引の安全性向上のための大統領令発布 – クレジットカードのICカード化や政府サイトの多要素認証対応など

2014年10月17日付で、消費者の金融取引の安全性向上のための大統領令[1]が発布されました。 主な内容は以下の3つです。 Section 1. 政府への支払いの安全性向上 - 2015年1月以降に導入され […]

18 Oct 2014 10:29pm GMT

Anil John: A Simple Framework for Trusted Identities

Guest post by Tim Bouma on the One-page Identity Trust Framework

18 Oct 2014 10:15am GMT

Mike Jones - Microsoft: JOSE -35 and JWT -29 drafts addressing AppsDir review comments

I've posted updated JOSE and JWT drafts that address the Applications Area Directorate review comments. Thanks to Ray Polk and Carsten Bormann for their useful reviews. No breaking changes were made. The specifications are available at: http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-35 http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-35 http://tools.ietf.org/html/draft-ietf-jose-json-web-key-35 http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-35 http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-29 HTML formatted versions are available at: http://self-issued.info/docs/draft-ietf-jose-json-web-signature-35.html http://self-issued.info/docs/draft-ietf-jose-json-web-encryption-35.html http://self-issued.info/docs/draft-ietf-jose-json-web-key-35.html http://self-issued.info/docs/draft-ietf-jose-json-web-algorithms-35.html http://self-issued.info/docs/draft-ietf-oauth-json-web-token-29.html

18 Oct 2014 1:29am GMT

17 Oct 2014

feedPlanet Identity

Kantara Initiative: Kantara Initiative Helps Accelerate Time-to-Market for Digital Citizen Services

Premier US Approved Trust Framework Provider (TFP) supports the Presidential Executive Order and the vision of the US National Strategy for Trusted Identities in Cyberspace Piscataway, NJ, October 17, 2014 - Kantara Initiative, the premier US ICAM Approved Trust Framework Provider (TFP) approving 3rd party Credential Service Providers (CSPs), is positioned to support today's Presidential […]

17 Oct 2014 3:17pm GMT

OpenID.net: The Name is the Thing: “The ARPU of Identity”

The name is the thing. The name of this Open Identity Exchange White Paper, the "ARPU of Identity", is deliberate. ARPU, Average Revenue Per User, is one metric telcos use to measure success. By deliberately using a traditional lens that telcos use, this paper puts emerging Internet identity markets into a pragmatic perspective. The focus of the white paper is [...]

17 Oct 2014 1:49pm GMT

OpenID.net: Crossing the Chasm of Consumer Consent

This week Open Identity Exchange publishes a white paper on the "ARPU of Identity". The focus of the white paper is on how MNOs and telecommunications companies can monetize identity markets and thereby improve their average revenue per user, or ARPU. Its author and highly regarded data scientist, Scott Rice, makes a point that [...]

17 Oct 2014 1:47pm GMT

16 Oct 2014

feedPlanet Identity

Kuppinger Cole: IAM for the User: Achieving Quick-wins in IAM Projects

In KuppingerCole Podcasts

Many IAM projects struggle or even fail because demonstrating their benefit takes too long. Quick-wins that are visible to the end users are a key success factor for any IAM program. However, just showing quick-wins is not sufficient, unless there is a stable foundation for IAM delivered as result of the IAM project. Thus, building on an integrated suite that enables quick-wins through its features is a good approach for IAM projects.



Watch online

16 Oct 2014 7:35pm GMT

Mythics: It’s Time to Upgrade to Oracle Database 12c, Here is Why, and Here is How

Well, it's that time again, when the whole Oracle database community will be dealing with the questions around upgrading to Database 12c from 11g (and some…

16 Oct 2014 6:16pm GMT

Kuppinger Cole: Mobile, Cloud, and Active Directory

In Martin Kuppinger

Cloud IAM is moving forward. Even though there is no common understanding of which features are required, we see more and more vendors - both start-ups and vendors from the traditional field of IAM (Identity and Access Management) - entering that market. Aside from providing an alternative to established on-premise IAM/IAG, we also see a number of offerings that focus on adding new capabilities for managing external users (such as business partners and consumers) and their access to Cloud applications - a segment we call Cloud User and Access Management.

There are a number of expectations we have for such solutions. Besides answers on how to fulfill legal requirements regarding data protection laws, especially in the EU, there are a number of other requirements. The ability to manage external users and customers with flexible login schemes and self-registration, inbound federation of business partners and outbound federation to Cloud services, and a Single Sign-On (SSO) experience for users are among these. Another one is integration back to Microsoft Active Directory and other on-premise identity stores. In general, being good in hybrid environments will remain a key success factor and thus a requirement for such solutions in the long run.

One of the vendors that have entered the Cloud IAM market is Centrify. Many will know Centrify as a leading-edge vendor in Active Directory integration of UNIX, Linux, and Apple Macintosh systems. However, Centrify has grown beyond that market for quite a while, now offering both a broader approach to Privilege Management with its Server Suite and a Cloud User and Access Management solution with its User Suite.

In contrast to other players in the Cloud IAM market, Centrify takes a somewhat different approach. On one hand, they go well beyond Cloud-SSO and focus on strong integration with Microsoft Active Directory, including supporting Cloud-SSO via on-premise AD - not a surprise when viewing the company's history. On the other hand, their primary focus is on the employees. Centrify User Suite extends the reach of IAM not only to the Cloud but also to mobile users.

This makes Centrify's User Suite quite different from other offerings in the Cloud User and Access Management market. While they provide common capabilities such as SSO to all type of applications, integration with the Active Directory, capabilities for both strong authentication of external users, and provisioning to Cloud/SaaS applications, their primary focus is not on simply extending this to external users. Instead, Centrify puts its focus on extending their reach to supporting both Cloud and Mobile access, provided by a common platform, delivered as a Cloud service.

This approach is unique, but it makes perfect sense for organizations that want to open up their enterprises to both better support mobile users as well as to give easy access to Cloud applications. Centrify has strong capabilities in mobile management, providing a number of capabilities such as MDM (Mobile Device Management), mobile authentication, and integration with Container Management such as Samsung Knox. All mobile access is managed via consistent policies.

Centrify User Suite is somewhat different from the approach other vendors in the Cloud User and Access Management market took. However, it might be the single solution that fits best to the needs of customers, particularly when they are primarily looking at how to enable their employees for better mobile and Cloud access.

16 Oct 2014 4:56pm GMT

OpenID.net: Crossing the Chasm In Mobile Identity: OpenID Foundation’s Mobile Profile Working Group

Mobile Network Operators (MNOs) worldwide are in various stages of "crossing the chasm" in the Internet identity markets. As Geoffrey A. Moore noted in his seminal work, the most difficult step is making the transition between early adopters and pragmatists. The chasm crossing Moore refers to points to the bandwagon effect and the role standards [...]

16 Oct 2014 3:45pm GMT

Ludovic Poitou - ForgeRock: POODLE SSL Bug and OpenDJ

A new security issue hit the streets this week: the Poodle SSL bug. Immediately we've received a question on the OpenDJ mailing list on how to remediate from the vulnerability. While the vulnerability is mostly triggered by the client, it's also possible to prevent attack by disabling the use of SSLv3 all together on the server […]

16 Oct 2014 1:40pm GMT

15 Oct 2014

feedPlanet Identity

Julian Bond: Hilarious bit of spam email today.

Hilarious bit of spam email today.

illuminatiworld781
Are you a business man or business woman, politician, musical, student and you want to be very rich,powerful and be famous in life. You can achieve your dreams by been a member of the Illuminati. With this all your dreams and heart desire can be fully accomplish, Illuminati cult online today and get instant sum of $25,000monthly for becoming a member and $100,000 for doing what you like to do . so if you have the interest, you can call, +447064249899 or +447053824724

But I'm having trouble finding any 5s in 781, fnord.
[from: Google+ Posts]

15 Oct 2014 7:52pm GMT

Nat Sakimura: 東大は5位から28位に! トップはハーバード大学。ダイヤモンド「使える人材輩出大学」ランキングを再計算してみた [0]

電車の中でFacebookを見ていたら、週刊ダイヤモンド(10/18)に掲載された「使える人材を排出した大学ランキング」が流れてきた[1]。まだ雑誌自体をゲットしていないので、アンケートの詳細が分からないが、添付されてい […]

15 Oct 2014 12:06pm GMT

14 Oct 2014

feedPlanet Identity

Radovan Semančík - nLight: The Old IDM Kings Are Dead. Long Live the New Kings.

It can be said that Identity Management (IDM) was born in early 2000s. That was the time when many people realized that a single big directory just won't do it. They realized that something different was needed to bring order into the identity chaos. That was the dawn of a user provisioning system. Early market was dominated by only a handful of small players: Access360, Business Layers, Waveset and Thor. Their products were the children of the dot-com age: enterprise software built on the state-of-the-art platforms such as J2EE. These products were quite terrible by todays standards. But they somehow did the job that no other software was able to do. Therefore it is obvious that these companies got acquired very quickly. Access360 is now IBM Tivoli product. Business Layers was acquired by Netegrity which was later acquired by CA. Waveset was taken by Sun. And Thor ended up in Oracle. By 2005 the market was "consolidated" again.

The development of all the early products went on. A lot of new features was introduced. Also some new players entered the market. Even Microsoft hastily hopped on this bandwagon. And the market became quite crowded. What started as a provisioning technology later became "compliance" and "governance" to distinguish individual products. And even more features were added. But the basic architecture of vast majority of these products remained the same during all these years. One just cannot easily evolve the architecture and clean-up the product while there is an enormous pressure to deliver new features. Therefore the architecture of these products still remains essentially in the state as it was originally designed in early 2000s. And it is almost impossible to change.

That was the first generation of IDM systems.

The 2000s was a very exciting time in software engineering. Nothing short of a revolution spread through the software world. The developers discovered The Network and started to use SOAP. Which lead to SOA craze. And later the new age developers disliked SOAP and created RESTful movement. XML reached its zenith and JSON became popular. The idea of object-relational mapping spread far and wide. The term NoSQL was coined. The heavyweight enterprise-oriented architectures of early 2000s were mostly abandoned and replaced by lightweight network-oriented architectures of late 2000s. And everything was suddenly moving up into the clouds.

It is obvious that the old-fashioned products that built up a decade of technological debt cannot keep up with all of this. The products started to get weaker in late 2000s. Yet only a very few people noticed that. The first-generation products gained an enormous business momentum and that simply does not go away from day to day. Anyway, in 2010 there was perhaps only a couple of practical IDM products left. The rest was too bloated, too expensive and too cumbersome to be really useful. Their owners hesitated for too long to re-engineer and re-fresh the products. But it is too late to do that now. These products needs to be replaced. And they will be replaced. Soon.

This situation is quite clear now. But it was not that clear just a few years ago. Yet several teams begun new projects in 2010 almost at the same time. Maybe that was a triggered by Oracle-Sun acquisition or maybe the time was just right to change something ... we will probably never know for sure. The projects started almost on a green field and they had an enormous effort ahead of them. But the teams went on and after several years of development there is whole new breed of IDM products. Lean, flexible, scalable and open.

This is the second generation of IDM systems.

The second-generation systems are built on the network principles. They all have lightweight and flexible architectures. And most of them are professional open source! There is ForgeRock OpenIDM with its lightweight approach and extreme flexibility. Practical Evolveum midPoint with a very rich set of features. And Apache Syncope with its vibrant and open community. These are just three notable examples of the new generation. A generation of IDM systems that has arrived right on time.

(Reposted from https://www.evolveum.com/old-idm-kings-dead-long-live-new-kings/)

14 Oct 2014 6:04pm GMT

Courion: Courion Named a Leader in Access Governance by KuppingerCole

Access Risk Management Blog | Courion

Kurt JohnsonToday Courion was named a leader in the 2014 Leadership Compass for Access Governance by KuppingerCole, a global analyst firm. Courion's Access Assurance Suite was recognized for product features and Innovation, and as a very strong offering that covers virtually all standard requirements. In the management summary of the report, Courion is highlighted as the first to deliver advanced access intelligence capabilities.KuppingerCole Leadership Compass

Courion was also recognized as a leader in the Gartner Magic Quadrant for Identity Governance and Administration (IGA) and as a leader in the KuppingerCole Leadership Compass for Identity Provisioning earlier this year.

blog.courion.com

14 Oct 2014 1:38pm GMT