28 Apr 2016
Attribute Based Access Control (ABAC) solutions provide an organization with the power to control access to protected resources via a set of policies. These policies express the increasingly complicated legal and business environments in which companies operate these days. However, due to the number of moving parts, it becomes harder to understand the effect a policy change might have in a complex policy set. These moving parts include the policies themselves, attribute values and the specific queries under consideration.
28 Apr 2016 5:40pm GMT
Stormpath recently added support for SAML (Security Assertion Markup Language) user management including both Service Provider (SP) initiated and Identity Provider (IdP) initiated authentication. (SAML is an XML-based standard for securely exchanging authentication and authorization information between entities.) Instead of working with XML or even directly with SAML itself (which none of us wants to do), …
28 Apr 2016 3:00pm GMT
BeyondTrust's PowerBroker product family provides a well-integrated solution with a broad range of capabilities for the mitigation of threats caused by the abuse or misuse of privileged system accounts and entitlements, on endpoints as well as server systems. With dedicated products for major system architectures, PowerBroker provides deep support for privilege management on Windows, Unix/Linux as well as Mac systems.
28 Apr 2016 10:17am GMT
A feature-rich customer identity management platform providing strong analytics and tools for business-oriented decision-making processes while enabling compliance with legal and regulatory requirements and an adequately high level of security.
28 Apr 2016 7:22am GMT
In these days of ever-increasing cyber-attacks, organizations have to move beyond preventative actions towards detection and response. This no longer applies to the network and operating system level only, but involves business systems such as SAP. Identifying, analyzing, and responding to threats is a must for protecting the core business systems.
28 Apr 2016 7:10am GMT
Balabit Shell Control Box is a standalone appliance for controlling, monitoring and auditing privileged access to remote servers and network devices. Shell Control Box provides a transparent and quickly deployable PxM solution without the need to modify existing infrastructure or change business processes.
28 Apr 2016 6:42am GMT
27 Apr 2016
Do we really understand space-time? Two interesting articles have recently crossed my virtual desk. In the first, History.com reported: On this day in 4977 B.C., the universe is created, according to German mathematician and astronomer Johannes Kepler (1571-1630), considered a founder of modern science. Best known for his theories explaining the motion of planets, Kepler first observed the visible […]
27 Apr 2016 4:22pm GMT
Yesterday, I enjoyed attending a webcast entitled, "Computer-Centric Identity Management." Led by Ivan Nicolai, Lead Analyst at Kuppinger Cole, the presentation was subtitled, "From Identity Management to Identity Relationship Management. The changing relationship between IAM, CRM and Cybersecurity." I found the presentation to be concise, informative, and thought-provoking - particularly the concept that the IAM practitioner […]
27 Apr 2016 3:16pm GMT
I am happy to announce that we have now added Lumen to Stormpath's PHP integrations. This integration requires minimal setup and about five minutes to get a PHP backend up and running for your mobile applications - exciting! With our Lumen integration, you can quickly set up user registration and user authentication using OAuth tokens. This tutorial will teach …
27 Apr 2016 3:00pm GMT
To whom it may concern, regarding your technical connection to WAYF - Where Are you From.
(If you find someone else in your organisation is a more suitable receiver of this correspondence, please send name, email and phone number to email@example.com)
This is a notification about coming technical changes to the technical connection to WAYF, which will affect all connected web-based services as well as connected institutions.
A detailed description of what needs to changed will follow in the coming week. The purpose of this email is to notify you, so you can allocate ressources for change management in the near future.
The changes must be applied during the time from May 9th to May 30th 2016.
The background for the changes is WAYF's introduction of a hardware security module (HSM) for handling cryptographic keys. The HSM system is already running, using the old keys, which must now be changed.
This implies that all connected services and institutions must update the SAML metadata about WAYF, in order to 'move' to the new setup with the new keys.
We take the opportunity to inform you that WAYF will stop checking the signature of SAML authentication requests, to align better with international practices - without lowering the security of the connected services.
WAYF will also remove the double-signing of both SAML assertions and responses: only the responses will be signed.
Of due diligence we inform you that WAYF has no formal responsibility of your local SAML implementations e.g. simpleSAMLphp or ADFS. This being said, we will do our best to make the process as smooth as possible. Please send inquiries related to metadata update to: firstname.lastname@example.org
Head of WAYF - Where Are You From
27 Apr 2016 12:20pm GMT
26 Apr 2016
While most organizations are at least good enough in managing their employee identities, dealing with millions of consumer and customer identities imposes a new challenge. Many new identity types, various authenticators from social logins to device-related authenticators in smartphones, risk mitigation requirements for commercial transactions, the relationship with secure payments, customer retention, new business models and thus new requirements for interacting with customers: The challenge has never been that big.
26 Apr 2016 10:37pm GMT
We're thrilled to announce our open-source ASP.NET Core authentication library is now available! What's the deal with ASP.NET Core, you ask? ASP.NET Core 1.0 (formerly ASP.NET 5 or "vNext") is the latest version of ASP.NET. Instead of building incrementally on ASP.NET 4, Microsoft opted to do a full rewrite of the ASP.NET stack. The end …
The post Tutorial: Build an ASP.NET Core Application With User Authentication appeared first on Stormpath User Identity API.
26 Apr 2016 4:00pm GMT
Verizon's 2016 Data Breach Investigations Report (DBIR) is now available to download: The 2016 dataset is bigger than ever, examining over 100,000 incidents, including 2,260 confirmed data breaches across 82 countries. With data provided by 67 contributors including security service providers, law enforcement and government agencies, this year's report offers unparalleled insight into the cybersecurity threats you […]
26 Apr 2016 2:39pm GMT
Julian Bond: One more time, with feeling. Farr festival is a boutique electronic dance festival on July 14-15-16...
For just a little longer, the ticket link below is for weekend camping tickets at a heavy discount.
[from: Google+ Posts]
26 Apr 2016 1:39pm GMT
Today I head out to a month-long series of events associated with identity: I'm starting with the 22st (!) Internet Identity Workshop next week; then I'm speaking at the blockchain conference Consensus about identity; next I am part of the...
26 Apr 2016 12:00am GMT
25 Apr 2016
4). The run time environment must use a "threat centric CASB" like pallera for google apps (XML, API, and Data)
Of course there are nearly a dozen CASB (cloud access security brokers) that partner with Google for specific solutions - like secure gmail (ciphercloud), google apps (netskope), google drive (skyhigh). My favorite is FireLayer as a CASB for Google Clouds as it also supports XACML 3 which is huge as all policies expressed in a standards based XML expression not only will allow for Threat centric Access Exceptions -aka dynamic policies (STIX COA and XACML), it also allows for streamlined auditing of apps hosted in the Cloud.
25 Apr 2016 7:12pm GMT