30 Jul 2010

feedPlanet Identity

Nishant Kaushik - Oracle: Beyond SPML: Access Provisioning in a Services World

Another Burton Group Catalyst conference has come to a close, and as always it was a treasure trove of stories, ideas and conversations. Which is why it was great to have the uncertainty around the conference laid to rest when it was announced that it will be back next year (July 26-29 in San Diego, [...]

30 Jul 2010 7:30pm GMT

Tom Kemp - Centrify: Buckle Up With PCI ... It's Becoming the Law

A new Washington state law went into effect earlier this month that makes a business or a credit card processor liable for unauthorized access to credit card information it stores. The key thing with the law is that businesses or processors are not liable if they are PCI DSS compliant, so in effect this further motivates businesses who process credit cards to get compliant. This is part of a growing trend for states to in effect incorporate PCI into state law.

30 Jul 2010 1:59pm GMT

Jackson Shaw - Quest: CA takes cloud to new levels of fluffiness!

This caught my eye today: CA announced that they are executing on their cloud strategy with IAM to and from the cloud. So I decided to look through their press release and associated white papers and was both underwhelmed and amazed with the new height of cloud fluffiness that has been achieved. I would like to award their public relations team and external PR agency medals and trophies on the great, fluffy job they did. Was it done because you had to announce something at the Catalyst conference?

Today's announcement includes the availability of new CA Identity Manager capabilities that extend identity management to cloud applications; it highlights how a customer has leveraged the CA SiteMinder portfolio to control access to its SaaS applications; and it features how CA Technologies is providing IAM as a service from the cloud.

What are these new capabilities I asked? I started trolling around the website and looking at various documents searching on the word "cloud". What I came up with was that CA supports provisioning connectors to Salesforce.com. You can watch a demo of this incredible fluffiness here: http://www.ca.com/media/datacenter-of-the-future/secure1.swf

So, CA can provision to Salesforce.com. Congratulations guys! Job well done!! Is there any value add above provisioning and de-provisioning? Something that would actually be more than just adding or deleting users? Anything? Anything?

With a flashback to the famous "Bueller? Bueller? Bueller?" scene in Ferris Bueller's Day Off I recorded this…



Technorati Tags: ,,,


30 Jul 2010 12:35pm GMT

29 Jul 2010

feedPlanet Identity

Mark Wilcox - Oracle: OTN Licensing Question for our Sun DSEE Customers

I got a comment on my blog asking: " What kind of licensing terms is Oracle using for this release? Are they following the Sun licensing where you can download and use this for free and choose pay for...

29 Jul 2010 9:03pm GMT

Matt Flynn - NetVision: Next Generation Compliance: Expect Answers

As an industry, we've been getting much better with understanding access rights and enabling compliance with access-related regulatory requirements. I know there are nay-sayers out there who focus on the negative - what we haven't done well. But, overall, given the speed at which we've enabled access to sensitive information, it's pretty amazing that we have any control at all.

Having said that, one of the primary problems with our current solutions for tracking changes and enabling audit response is that we just can't make sense of all the data that's being collected. One of the findings in the SANS Log Management Survey for 2010 is that the top two challenges with log management are being able to search through the data and being able to interpret the results. That's no surprise given the mountains of data generated by log management solutions. But it's also alarming because that's the exact value proposition that those solutions are supposed to provide. It's like a car that does everything well except move from one place to another.


Failure: Mountains of Data with No Actionable Information
There's a better way. In this SC Magazine article titled Answers, Not Data: The Key to Access Security, David Rowe explains that next generation audit solutions need to focus on providing answers and enabling continuous audit rather than stubbornly latching on to quantity of data as the success indicator. Give it a read and please let me know what you think.

29 Jul 2010 2:24pm GMT

Jackson Shaw - Quest: Simplifying Unix User Management and Lifecycle

You can tell when I get super busy with my day job as my blog posts slow down. In fact, I've been so busy and traveling so much that I had to miss the Cloud Identity Summit last week - which I really wanted to attend - and I skipped The Burton Group Catalyst conference this week. However, I did get a picture of our Catalyst hospitality suite sent to me. It was Sinatra themed - check it out:


Earlier this week Quest announced the release of Quest Unix Identity Manager. This is a new product for us and congratulations to the team that worked on QIMU. They really did a tremendous job. QIMU is a Java-based application that works from any browser and enables a Unix administrator to discover Unix servers and manage the user (/etc/passwd) and group (/etc/group) files on all the discovered machines. The best part is that QIMU is free. You can download it from http://www.freeunixiam.com or any of the popular shareware or freeware sites that are available on the internet. QIMU is also the new administration console for Quest Authentication Services 4.0. The only difference is with QAS 4.0 there are additional screens or functions that are enabled.

So whether you use QIMU just for Unix user lifecycle management - for free - or to help manage your Active Directory integrated users via QAS 4.0 I hope you find QIMU useful.

Let me know what you think of QIMU!

Technorati Tags: ,,,,,,,,,,,,,,,


29 Jul 2010 1:58pm GMT

CA on Security Management: Securing Your Road to Virtualization & Cloud Blog Series: Elasticizing Your Web Access Management Infrastructure

In this blog I'll share how and why some of our customers are leveraging Web Access Management (WAM) to support their virtualization efforts (or is it the other way around?!). As we know, modern web applications rely on WAM solutions for things like authentication, authorization and single sign-on facilities. And this is why WAM solutions are highly transactional. The demand and...

29 Jul 2010 11:46am GMT

Ping Talk - Ping Identity: Ping Celebrates 500th Customer at Burton Catalyst

We achieved a major milestone this week surpassing 500 enterprise and SaaS customers. We want to personally thank you for choosing Ping. If you happen to be in San Diego this week for Burton Catalyst, come celebrate with us tonight at the Marriott Gaslamp Altitude bar.

29 Jul 2010 1:58am GMT

28 Jul 2010

feedPlanet Identity

Mark Wilcox - Oracle: Oracle Directory Server Enterprise Edition 11g is now released.

We released Oracle Directory Server Enterprise Edition 11g.  This is the first Oracle branded release of the directory formerly known as the "Sun/iPlanet/Netscape" Directory. This release also coincided with the release of other key Oracle 11g Identity Management components...

28 Jul 2010 10:33pm GMT

Kaliya Hamlin - Identity Woman: Navigating the New Normal: John Seely Brown at Catalyst

I am here this week at Burton Group Catalyst. The conference kicked off with a what was by all accounts good talk from John Seely Brown talking about "the New Normal". NishantK: John Seely Brown: many of the things that made us successful in the 20th century will make us unsuccessful in the 21st century [...] Related posts:
  1. Identity Gang 2 - How did John get involved?
  2. Catalyst Round UP
  3. Mark Dixon - Best summary of Catalyst

28 Jul 2010 9:49pm GMT

Phil Windley - Kynetx: Remembering in KRL: Using Entity Variables with Forms

Dan asked a question in the Kynetx Developer Exchange about remembering user entered data in KRL. I gave him a brief outline of the solution but thought an example would be nice. This blog post is the detailed answer...

28 Jul 2010 8:33pm GMT

Ping Talk - Ping Identity: Where do we go from here? Thoughts from the Summit

It was a big-brain mixer last week at Ping's Cloud Identity Summit (CIS). If you were a sponge, you went home soaking wet.

Integration, standards, services, security, identity, trust, implementation, cooperation, engineering.

Google, VeriSign, PayPal, Salesforce.com, Microsoft, SafeNet, Bitkoo, SecureAuth, Conformity, Ping, Intuit, Bechtel and other vendors and end-users all hit around those concepts and filled in some details.
Everyone who needs to play in the cloud identity game seemed to be in the rooms at the Keystone (Colo.) Conference Center for CIS.
Ping CEO Andre Durand started with the present, telling password proliferation that it was time to exit stage left. Google concurred. Microsoft's keynote focused on the future and a unity message.
Microsoft technical fellow John Shewchuk highlighted the future with his federation demo, which included a relying party hosted on Amazon EC2, an R-STS running on Windows Azure, an identity provider on Google, and all accessed from Safari running on Windows 7.
Alex Balazs (Intuit), Christian Reilly/Brian Ward (Bechtel Corp.) were among end-users telling their trench stories, along with Doug Pierce (Momentum) who went to video with me to outline his story.
While some of the standards needed to usher in this cloud identity era are here today, others focused on enterprise identity are still in various forms of development even though they are beginning to become widely known and understood from a needs perspective.
OAuth 2, OpenID, trust models, audit, compliance and the like are still on the table, in terms of the enterprise.
Technologies such as SAML have been blazing the trail thus far. Burton Group in its May report "Market Profile: Identity Management 2010" calls out XACML and SAML as the important standards for the coming years for federation and the cloud.
Chuck Mortimore, product management director for identity and security for Salesforce.com, characterized SAML during his presentation as "entering the early majority phase and is the standard for peer-to-peer federation."
He said the current emerging standards better have one thing in common: be simple and easy to implement.
What's working today, he said, includes SAML, static trust, and the OpenID/OAuth 2.0 hybrid. His list of what's not working was topped by passwords.
So what drove the urgency for nearly 200 people to travel up to the Rocky Mountains for three days of cloud identity dissection? And why is it important for these discussions to be carried into this week's Burton Group Catalyst conference and another Cloud Identity Summit next year (ED. - mark your calendars for July 2011)?
Gartner lays it out this way.
Global sales of software-as-a-service (SaaS) in the enterprise application segment will hit $8.5 billion this year. That represents a 14% increase over last year's enterprise spending ($7.5 billion).
Gartner attributes that uptick to the enterprise's growing approval of cloud computing. What they left off is the part about securing it, (and some compliance, auditing, etc.) another message that was on the marquee at CIS.
"IT managers are thinking strategically about cloud service deployments; more-progressive enterprises are thinking through what their IT operations will look like in a world of increasing cloud service leverage. This was highly unusual a year ago," Gartner said.
And while there is a lot more work to be done pulling the infrastructure together to secure cloud computing, the time to make the unusual usual seems to be shrinking. Gartner estimates that in the next five years, companies will spend a cumulative $112 billion on SaaS, platform as a service (PaaS), and infrastructure as a service (IaaS) collectively.
John Seely Brown, visiting scholar at the University of Southern California, grabbed the industry's collective brain stem last night to open Burton's Catalyst conference saying that the old inside/out IT architecture is evolving to outside/in and declared it the "new normal."
This week, the cloud identity focus will shift to Catalyst where the OpenID Foundation, the Information Card Foundation, the Open Identity Exchange, Kantara Initiative and Identity Commons will demonstrate enterprise uses of open identity as a business-enabler.
Ping will be in that mix with a host of others. Part of the work will showcase examples of using OpenID, Information Card, and SAML identities at different levels of assurance across multiple sites.
If you are in San Diego for the conference, try to duck your head in and take a look.
And don't forget to check out other CIS wrap-ups from other conference participants: Anil Saldhana, co-chair of the OASIS IDCloud Technical Committee, Active Directory expert Sean Deuby, and software engineer Travis Spencer,
If you have your own CIS wrap-up, post your URL in the comments section below.
Follow John on Twitter and check out our Identity-Conversation Tweet list

28 Jul 2010 4:20pm GMT

CA on Security Management: Identity is at the Center of Security Management for the Cloud

The identity industry has come a long way from the days of access control on the mainframe and the arrival more than 10 years ago of LDAP directories. Identity management is now a multi-billion dollar market in its own right and has grown to be central to how organizations manage their security operations. Now that the cloud has captured the attention of just about everyone in the...

28 Jul 2010 3:34pm GMT

JISC Access Management Team: Counting the Costs of FAM10

After a lot of soul searching with regards to the current funding cuts, I have decided that it will be appropriate to go ahead with FAM10 this year with a real focus on practical benefits for librarians and developers. This decision was based on: The excellent feedback we received for FAM09; The fact that I had [...]

28 Jul 2010 1:20pm GMT

CA on Security Management: Access certification & attestation: Best practices for avoiding the rubber stamp syndrome

Access certification is an ongoing process where managers and designated approvers review who has access to what to confirm that each user/role has access only to the resources necessary to perform their job function. In doing so, organizations prevent users from accumulating unnecessary privileges and decrease their risk profile. Accordingly, the risk mitigation benefits of access...

28 Jul 2010 6:10am GMT

Ping Talk - Ping Identity: Who is Kathi Becker?

My final #cis2010 blog entry is about Kathi Becker, the wizard that organized the 2010 Cloud Identity Summit. When Andre Durand, Ping Identity's CEO, conceived of this 5 short months ago, he turned to his old friend, Kathi Becker, to make it happen.

Andre was one of the partners in the Digital ID World (DIDW) conferences, along with the founder, Phil Becker, Kathi's husband. When the first DIDW was getting organized, Kathi could see that they were really struggling. So she offered her talents, pulled it off, and the rest is, as they say, history.

Kathi's long-time day job is as a management consultant with PLB Ventures where she is a Managing Partner. For over 30 years she has provided management consulting and leadership education. She is an expert in developing educational programs that "cut through the noise and get to the meat of the matter" helping executives develop leadership capabilities to achieve goals they never thought possible. Her ability to craft and deliver thought-provoking programs always leads to well attended, critically acclaimed sessions with measurable long-lasting results.


Kathi's clients include IBM, Microsoft, American Airlines, British Petroleum, U of Chicago Medical Center, Kaiser Permanente and Ford Motor Company.

The 2010 Cloud Identity Summit was by all accounts a huge success. The partnership between Andre and Kathi is another example of the power of community to work together to achieve great things. Next year should be even better as Andre, Kathi and team put their heads together to come up with the 2011 Cloud Identity Summit in Keystone.

When I saw Phil last week at the Summit, I told him that the secret in life for us guys was "marrying up". He laughed knowingly and nodded his head in agreement.

28 Jul 2010 12:22am GMT