28 Apr 2016

feedPlanet Identity

Kuppinger Cole: Enforcing Fine Grained Access Control Policies to Meet Legal Requirements

Attribute Based Access Control (ABAC) solutions provide an organization with the power to control access to protected resources via a set of policies. These policies express the increasingly complicated legal and business environments in which companies operate these days. However, due to the number of moving parts, it becomes harder to understand the effect a policy change might have in a complex policy set. These moving parts include the policies themselves, attribute values and the specific queries under consideration.

28 Apr 2016 5:40pm GMT

Katasoft: Developer-Friendly SAML Single Sign On Support

Stormpath recently added support for SAML (Security Assertion Markup Language) user management including both Service Provider (SP) initiated and Identity Provider (IdP) initiated authentication. (SAML is an XML-based standard for securely exchanging authentication and authorization information between entities.) Instead of working with XML or even directly with SAML itself (which none of us wants to do), …

The post Developer-Friendly SAML Single Sign On Support appeared first on Stormpath User Identity API.

28 Apr 2016 3:00pm GMT

Kuppinger Cole: Executive View: BeyondTrust PowerBroker - 71504

by Ivan Niccolai

BeyondTrust's PowerBroker product family provides a well-integrated solution with a broad range of capabilities for the mitigation of threats caused by the abuse or misuse of privileged system accounts and entitlements, on endpoints as well as server systems. With dedicated products for major system architectures, PowerBroker provides deep support for privilege management on Windows, Unix/Linux as well as Mac systems.

28 Apr 2016 10:17am GMT

Kuppinger Cole: Executive View: Gigya Customer Identity Management Suite - 71529

by Matthias Reinwarth

A feature-rich customer identity management platform providing strong analytics and tools for business-oriented decision-making processes while enabling compliance with legal and regulatory requirements and an adequately high level of security.

28 Apr 2016 7:22am GMT

Kuppinger Cole: Executive View: SAP Enterprise Threat Detection - 71181

by Martin Kuppinger

In these days of ever-increasing cyber-attacks, organizations have to move beyond preventative actions towards detection and response. This no longer applies to the network and operating system level only, but involves business systems such as SAP. Identifying, analyzing, and responding to threats is a must for protecting the core business systems.

28 Apr 2016 7:10am GMT

Kuppinger Cole: Executive View: Balabit Shell Control Box - 71570

by Alexei Balaganski

Balabit Shell Control Box is a standalone appliance for controlling, monitoring and auditing privileged access to remote servers and network devices. Shell Control Box provides a transparent and quickly deployable PxM solution without the need to modify existing infrastructure or change business processes.

28 Apr 2016 6:42am GMT

27 Apr 2016

feedPlanet Identity

Mark Dixon - Oracle: On April 27, 4877 BC, the universe was created!?

Do we really understand space-time? Two interesting articles have recently crossed my virtual desk. In the first, History.com reported: On this day in 4977 B.C., the universe is created, according to German mathematician and astronomer Johannes Kepler (1571-1630), considered a founder of modern science. Best known for his theories explaining the motion of planets, Kepler first observed the visible […]

27 Apr 2016 4:22pm GMT

Mark Dixon - Oracle: Kuppinger Cole: Computer-Centric Identity Management

Yesterday, I enjoyed attending a webcast entitled, "Computer-Centric Identity Management." Led by Ivan Nicolai, Lead Analyst at Kuppinger Cole, the presentation was subtitled, "From Identity Management to Identity Relationship Management. The changing relationship between IAM, CRM and Cybersecurity." I found the presentation to be concise, informative, and thought-provoking - particularly the concept that the IAM practitioner […]

27 Apr 2016 3:16pm GMT

Katasoft: Lumen And Stormpath As Your Mobile Backend

I am happy to announce that we have now added Lumen to Stormpath's PHP integrations. This integration requires minimal setup and about five minutes to get a PHP backend up and running for your mobile applications - exciting! With our Lumen integration, you can quickly set up user registration and user authentication using OAuth tokens. This tutorial will teach …

The post Lumen And Stormpath As Your Mobile Backend appeared first on Stormpath User Identity API.

27 Apr 2016 3:00pm GMT

WAYF News: WAYF to change metadata in May, 2016

To whom it may concern, regarding your technical connection to WAYF - Where Are you From.

(If you find someone else in your organisation is a more suitable receiver of this correspondence, please send name, email and phone number to sekretariat@wayf.dk)

This is a notification about coming technical changes to the technical connection to WAYF, which will affect all connected web-based services as well as connected institutions.

A detailed description of what needs to changed will follow in the coming week. The purpose of this email is to notify you, so you can allocate ressources for change management in the near future.

The changes must be applied during the time from May 9th to May 30th 2016.

The background for the changes is WAYF's introduction of a hardware security module (HSM) for handling cryptographic keys. The HSM system is already running, using the old keys, which must now be changed.

This implies that all connected services and institutions must update the SAML metadata about WAYF, in order to 'move' to the new setup with the new keys.

We take the opportunity to inform you that WAYF will stop checking the signature of SAML authentication requests, to align better with international practices - without lowering the security of the connected services.

WAYF will also remove the double-signing of both SAML assertions and responses: only the responses will be signed.

Of due diligence we inform you that WAYF has no formal responsibility of your local SAML implementations e.g. simpleSAMLphp or ADFS. This being said, we will do our best to make the process as smooth as possible. Please send inquiries related to metadata update to: sekretariat@wayf.dk

Kind regards

David Simonsen
Head of WAYF - Where Are You From

27 Apr 2016 12:20pm GMT

26 Apr 2016

feedPlanet Identity

Kuppinger Cole: Customer-centric Identity Management

While most organizations are at least good enough in managing their employee identities, dealing with millions of consumer and customer identities imposes a new challenge. Many new identity types, various authenticators from social logins to device-related authenticators in smartphones, risk mitigation requirements for commercial transactions, the relationship with secure payments, customer retention, new business models and thus new requirements for interacting with customers: The challenge has never been that big.

26 Apr 2016 10:37pm GMT

Katasoft: Tutorial: Build an ASP.NET Core Application With User Authentication

We're thrilled to announce our open-source ASP.NET Core authentication library is now available! What's the deal with ASP.NET Core, you ask? ASP.NET Core 1.0 (formerly ASP.NET 5 or "vNext") is the latest version of ASP.NET. Instead of building incrementally on ASP.NET 4, Microsoft opted to do a full rewrite of the ASP.NET stack. The end …

The post Tutorial: Build an ASP.NET Core Application With User Authentication appeared first on Stormpath User Identity API.

26 Apr 2016 4:00pm GMT

Mark Dixon - Oracle: 2016 Data Breach Investigations Report

Verizon's 2016 Data Breach Investigations Report (DBIR) is now available to download: The 2016 dataset is bigger than ever, examining over 100,000 incidents, including 2,260 confirmed data breaches across 82 countries. With data provided by 67 contributors including security service providers, law enforcement and government agencies, this year's report offers unparalleled insight into the cybersecurity threats you […]

26 Apr 2016 2:39pm GMT

Julian Bond: One more time, with feeling. Farr festival is a boutique electronic dance festival on July 14-15-16...

One more time, with feeling. Farr festival is a boutique electronic dance festival on July 14-15-16. Near Baldock on the A1, 30 miles N of London.

For just a little longer, the ticket link below is for weekend camping tickets at a heavy discount.


[from: Google+ Posts]

26 Apr 2016 1:39pm GMT

Christopher Allen - Alacrity: The Path to Self-Sovereign Identity

Today I head out to a month-long series of events associated with identity: I'm starting with the 22st (!) Internet Identity Workshop next week; then I'm speaking at the blockchain conference Consensus about identity; next I am part of the...

26 Apr 2016 12:00am GMT

25 Apr 2016

feedPlanet Identity

Rakesh Radhakrishnan: Threat Centric Cloud Compliance and Security

To me Compliance Centric Security offers a baseline which is a solid baseline and a must for todays Cloud offerings, such as Google Clouds which has achieved an impressive list of compliance certifications including;
1). comprehensive ISO 27001 ( for the systems, applications, people, technology, processes and data centers serving Google Cloud Platform )
2). ISO 27017 specific for cloud services
3). ISO 27018 specific for cloud privacy
4). SOC 2
5). SOC 3
7). FedRAMP (ATO)
8). HIPPA Compliance (BAA)
9). EU Data Protection Directive (EU Model Contract).
Beyond Compliance, enterprise's moving to the Clouds (such as Google Cloud Platform), need to understand the shared responsibility model and leverage "secure by design", "secure development", "secure deployment", "securing run time data" and "secure diagnostics" - the 5 SD principles, to move towards a Target State that is more Threat centric.
1). Secure by Design - involves "password free", "cookie-free", "stateless", "agentless" and "zero footprint" designs.
2). The development processes need to be secure (regardless if one uses Eclipse, Maven, IntelliJ or any other) - that leverages Google PAAS
3). The deployment model (devops) must support (Stride, Octave and SCAP) like standards
4). The run time environment must use a "threat centric CASB" like pallera for google apps (XML, API, and Data)
5). The diagnostics should be secure via supports for virtual firewalls that are FIPS certified and have identity in the stack (traceability).
Join Cloud Security Alliance Silicon Valley today to learn more about what Pallera CASB can do for Google Cloud Platform and Vidder Precision Access for Clouds.

Of course there are nearly a dozen CASB (cloud access security brokers) that partner with Google for specific solutions - like secure gmail (ciphercloud), google apps (netskope), google drive (skyhigh). My favorite is FireLayer as a CASB for Google Clouds as it also supports XACML 3 which is huge as all policies expressed in a standards based XML expression not only will allow for Threat centric Access Exceptions -aka dynamic policies (STIX COA and XACML), it also allows for streamlined auditing of apps hosted in the Cloud.

25 Apr 2016 7:12pm GMT