04 Aug 2015

feedPlanet Identity

Courion: Digital & physical security plus a cameo from Ms. Austen- Its #TechTuesday

Access Risk Management Blog | Courion

<p><a href='https://www.listicle.co/l/193353'>#TechTuesday 8.4.15</a></p>


04 Aug 2015 12:03pm GMT

Mark Dixon - Oracle: Educational Resources for Space

Recently, I received some fun suggestions from Jasmine Dyoco from EducatorLabs via the Feedback page on this site. Intrigued by some of the Space Travel posts on this blog, she suggested a number of great links to educational sites related to Space and science: Astronomy Books for Adults Aerospace History: the Space Shuttle The Moon: A Resource Guide The [...]

04 Aug 2015 1:36am GMT

Mark Dixon - Oracle: The Scraping Threat Report 2015

Back in May, I wrote a couple of posts about Illicit Internet bots: Turing Test (Reversed) Bots Generate a Majority of Internet Traffic I recently read a short, but interesting report on "Scraping," a process of using bots and similar tools to steal information. The Scraping Threat Report 2015 published by ScrapeSentry. This reports includes this definition: Scraping [...]

04 Aug 2015 12:33am GMT

03 Aug 2015

feedPlanet Identity

Mark Dixon - Oracle: Coolest Travel Voucher I’ve Seen!

Submitting expense reports is one of the seemingly never-ending exercises I have had to endure in over three decades of professional travel. But last week I saw a copy of the coolest travel expense report I have ever seen. Col. Buzz Aldrin submitted an expense report requesting reimbursement for $33.31 to cover personal expenses for his Apollo 11 trip to [...]

03 Aug 2015 7:45pm GMT

Julian Bond: Some satirical humour.

Some satirical humour.

In view of the acute crisis caused by the threat of exhaustion of uranium and thorium, the Editors thought it advisable to give the new information contained in the article the widest possible distribution.

One wonders what Otto Frisch would have made of oil, gas and lignite as fuels for power stations. Or Solar Thermal.
Feasibility of Coal-Driven Power Stations »
The following article is reprinted from the Yearbook of the Royal Institute for the Utilisation of Energy Resources for the Year MMMMCMLV, p1001. In view of the acute crisis caused by the threat of exhaustion of uranium and thorium, the Editors thought it advisable to give the new information ...

[from: Google+ Posts]

03 Aug 2015 8:41am GMT

31 Jul 2015

feedPlanet Identity

Matthew Gertner - AllPeers: Options for accommodation in Barcelona

Heading to one of Spain's most culturally rich cities soon, but have no idea where to stay? There are many different options for accommodation in Barcelona that will adequately meet your needs - you just need to know what kind of person you are to make a wise decision. Let's break down each category of lodging below… 1) Stay in a hotel Of all the accommodation options open to you in Barcelona, staying in a hotel is by far one of the most popular ways to spend a holiday in one of Europe's most stylish cities. If you've got cash,…

The post Options for accommodation in Barcelona appeared first on All Peers.

31 Jul 2015 12:39am GMT

30 Jul 2015

feedPlanet Identity

Ian Yip: Invisible Identity

My Name Was Michael & The Rest Is History
Photo source: Michael Shaheen - My Name Was Michael & The Rest Is History
In my previous post, I promised to explain the following:

Organisations should care about identity so they can stop caring about it. Identity needs to disappear, but only from sight; it needs to be invisible.

If you've been to any of Disney's theme parks recently, you may have noticed they now have something called the MagicBand. It cost them a lot of money. Disney calls it "magic". The technology powering the MagicBand infrastructure was complicated to build, but they've done it and have the increased revenue to show for it. They've also managed to turn what is effectively a security device into a new revenue stream by making people pay for them, including charging a premium for versions that have Disney characters on them.

While it does many things, arguably the key benefit of the MagicBand is in delighting Disney's customers by providing seamless, friction-less, surprising experiences without being creepy. For example, when you walk up to a restaurant, you can be greeted by name. You will then be told to take a seat anywhere. Shortly after, your pre-ordered meal will be brought to you wherever you chose to sit, just like magic. If you understand technology, you can inherently figure out how this might work. But the key in all this is the trust that the consumer places in the company. Without the trust, Disney steps over the "creepy" line.

How does Disney ensure trust? Through security of course. Sure, the brand plays a part, but we've all lost trust in a supposedly trusted brand before because they screwed up their security.

The key pieces of that security? Identity proofing, authentication, access control and privacy, none of which is possible without a functional, secure identity layer.

Conveniently (for me), Ian Glazer recently delivered 2 presentations that go into a little more depth around the points I'd otherwise have to laboriously make:

  1. Stop treating your customers like your employees
  2. Identity is having its TCP/IP Moment
If you have some time, do yourself and favour and follow those links - you might just learn something :)

What Disney has managed to achieve within their closed walls is exactly what every organisation trying to do something with omni-channel and wearables would like to achieve. Disney is a poster child for what is possible through an identity-enabled platform, particularly in bringing value to the business through increased revenue and customer satisfaction. Identity truly is the enabler for Disney's MagicBand.

The reason it works is because no one notices the identity layer. Not every organisation will be able to achieve everything Disney has managed, but even going part of the way is worth the effort. Only by ensuring the identity layer is there, can you really make it invisible.

Until people stop noticing the identity layer, you need to keep working on it. Only then will the business see the full potential and value that identity brings to increasing revenue.

30 Jul 2015 1:29pm GMT

Courion: 4 Employees Putting Your Business At Risk

Access Risk Management Blog | Courion

4 Employees Putting Your Business At Risk from Courion Corporation


30 Jul 2015 12:56pm GMT

Katasoft: Hello, Stormpath!


My name is Nate, and last week I joined Stormpath as a Developer Evangelist, focusing on C# and the .NET stack.

I've used Stormpath in some small .NET projects before, but in the absence of a native C# library for use in ASP.NET, .NET and C# users like me have had to connect straight to the API. It's a pain point I'm looking forward to solving. I'm excited to jump in!

About Nate

I've always had a huge passion for computers and technology. When I was six I asked my mom to read me technical software manuals; she admitted a decade later that she had no idea what she was reading, but I ate them up! To me, technology represented endless possibilities. If I didn't know how to do something, I could get a book at the library or look it up on AltaVista and learn it. That thrill has never gone away.

My first foray into programming was Visual Basic, version 3.0. Throughout high school, I wrote lots of code for hobby and freelance projects. Most of it was terrible, but I learned valuable lessons about why object-oriented programming and test coverage are beautiful things. Studying Computer Science in college by way of Java drove home the point.

After college, I took a detour to follow another passion (filmmaking), starting and running a video production company in Texas. While our primary business was producing corporate and marketing videos, one of my side art film projects was selected for and screened at the Filming Shakespeare festival in Stratford-upon-Avon, UK.

I returned to coding after a few years of doing video, and jumped into building applications using ASP.NET Web API and AngularJS for a software company in Kansas City. From my old-school beginnings with Visual Basic, through studying Java in school, to building API-first SPAs with C# on the backend, I came to appreciate C# as a well-built and beautifully-constructed language. It's my current go-to for building APIs and backends.

A new adventure

While I was able to do some pretty cool stuff in my previous role as a developer, I wasn't able to contribute and give back to the community as much as I'd like. When the role of .NET Developer Evangelist came up at Stormpath, I decided to make the jump to California and help this awesome team build an equally-awesome C# library.

What excites me about this position is not only the opportunity to work with some of the best security experts in the business, but also to work on open-source libraries that will be used and hacked on by other developers, and ultimately giving back to the .NET community.

.NET, OWIN, Nancy; Oh My!

I get it: .NET isn't sexy like the Gos and nodes and Rubys of the world. It sits on top of a stack that not everyone loves. Microsoft hasn't been too friendly to open-source in the past.

I think it's a shame that C# doesn't get more attention. In my humble opinion, it's a well-designed language. The C# team has incorporated many lessons learned from other languages, as well as from earlier iterations of C# itself. The result is a powerful, clean language that has strong object-orientation and modern features. I'm an unapologetic fan.

There's been a lot of open-source development taking place in the .NET space. The legacy ASP.NET stack is still around, but now it's joined by OWIN, and some great frameworks like Nancy and Web API 2.

With the advent of Roslyn and Microsoft's moves towards open-sourcing major chunks of the .NET framework, I think the future is even more exciting. Speaking of the future…

A Feature-Rich C# SDK for the Stormpath API

I'll be building a feature-rich C# SDK for the Stormpath API, and high-quality framework integrations with ASP.NET, vNext, Nancy, and more. The underlying SDK will be fully asynchronous with support for async/await and other standard language features like LINQ. Soon, you'll be able to install a few lightweight Nuget packages and get the powerful and robust authentication layer you'd expect from Stormpath, natively in .NET!

Is there something specific you want to see? Feel free to reach out at nate@stormpath.com or @nbarbettini and let me know! Stay tuned to the sdk-csharp repo for plenty of code to come.

30 Jul 2015 5:00am GMT

29 Jul 2015

feedPlanet Identity

Kantara Initiative: Leaders of Industry and Government Converge to Launch the Kantara Initiative UMA Dev WG to Develop Tools for Global Adoption of UMA

July 29th, 2015 Piscataway, NJ: Today Kantara Initiative announced the formation of the User-Managed Access Developer Resources Work Group (UMA Dev WG). Leaders from industry and government have come together to call on all interested parties to join the UMA Dev WG to advance global adoption of UMA. Interested parties can learn more here: https://kantarainitiative.org/confluence/x/n4VtB […]

29 Jul 2015 3:14pm GMT

Matthew Gertner - AllPeers: San Francisco: A Hipster’s Paradise!

If you're looking for a hip, trendy North American city to visit, you'll probably want to put San Francisco, California at the top of the list on your travel itinerary. San Francisco offers everything a hipster could possibly hope for in a vacation destination, from eco-conscious coffee shops to sophisticated boutiques offering the latest skinny jeans and graphic t-shirts. Let's take a look at some of the top 8 hotspots where San Francisco's hipsters congregate. Mission Dolores Park Dolores Park is the place to go to spend a day relaxing in the sun. It's also a favorite destination that hosts…

The post San Francisco: A Hipster's Paradise! appeared first on All Peers.

29 Jul 2015 2:21pm GMT

ForgeRock: No, Wanting to Share Your Data Doesn’t Make You Weird – UMA Will Protect You

Seen on Twitter last week: This isn't a weird sentiment at all - and OAuth helps some - but unfortunately OAuth doesn't specialize in consumer-driven data sharing. Businesses are leaving data-sharing opportunities on the table. But to take advantage of those opportunities, they'll need a different standard, User-Managed Access (UMA), the OAuth-based Kantara Initiative…

The post No, Wanting to Share Your Data Doesn't Make You Weird - UMA Will Protect You appeared first on Home - ForgeRock.com.

29 Jul 2015 12:00pm GMT

Katasoft: Include BrianRetterer.php


Hello, I'm Brian, the new PHP Developer Evangelist for Stormpath! I'm currently based at home in Dayton, Ohio with my wonderful wife, Heather, and our purebred mutt, Sophie.

My background is not what you would expect: I have a BFA in Communications Arts with a concentration in International Theatre Production (specifically sound design and engineering) from Ohio Northern University. My post-college path started with six months on a cruise ship (doing sound engineering), then writing code for a start-up educational website, then working as a PHP developer and a system administrator and, now, a PHP Developer Evangelist! This job will combine all of the skills I have learned over the years, making it a perfect fit!

wget http://wordpress.org/latest.tar.gz

My jump into computers started even before my love for theatre.

In the early days of the internet, we had an ISP-based webpage. You know, the ones with the /~username on a www2 subdomain of the ISP's main webpage. Playing around with this (for quite some time), sparked a huge interest in the web. Through college, I dabbled a little bit more in the campus-provided domain and created awesome framed web pages with flashy animated gifs and under construction diggers. Dabbling in WordPress and PHP ensued from there (starting with version 1.2).

In 2006, I registered my first domain, brianretterer.com, where I created a simple WordPress blog to post images and blogposts about my study abroad semester in New Zealand. From that point, I found a love for Wordpress as an accessible website development tool. This love has led to me co-chairing the local Wordpress Meet-up group and co-founding the Dayton, OH Wordcamp.

composer require stormpath/sdk:1.3.0-beta

I first got to know Stormpath when I was looking for a way to manage my users for a weather alerter app I developed, Public Alerter. I hated dealing with the issues of user security, and although there was not much personal information as part of this app, I knew I didn't want to manage a bunch of other users.

Eventually, the application evolved into a chrome extension, and does not have users. However, being a beta user - and giving the team early feedback - created a relationship with Stormpath that would, ultimately, lead me to working here. A few years after this initial meeting I began to do some freelance work on the PHP SDK. I was enjoying working with the people at Stormpath and was thrilled when I was offered the PHP Developer Evangelist job.

Building the Stormpath PHP Community

What will I be doing as as PHP Developer Evangelist?

In short, I'll be blogging, speaking, and writing code. While I don't call myself a writer, I do love to teach people about technology world and the advantages understanding it can give people. I'm looking forward to developing blog posts and letting people know what Stormpath is up to!

All that is true for the speaking aspect as well. Until I started speaking at WordCamps around Ohio, I didn't realize how much I enjoyed educating and informing people about anything related to the web, designing great systems, and applications. When I learned this job would allow me to grow my audience base and speak about all sorts of amazing nerdy things (as my wife puts it), I was excited to jump at the chance.

Finally, I would definitely call myself a code-writer. I am a self-taught software developer and constantly learning new things; I especially enjoy that programming is a world that is always growing and changing.

With my new role at Stormpath, I will be available to help all the PHP developers use Stormpath's PHP SDK. I am happy to be working on it and making it a tool that I think everyone who has a webpage or application with a user system will be able to use!

I've been welcomed into the Stormpath family and am looking forward to sharing with the world what we are doing here and getting to know all of the PHP Developers out there.

Ways to get ahold of me

(PS. You may notice a trend here, Most of my user accounts are bretterer)

29 Jul 2015 5:00am GMT

28 Jul 2015

feedPlanet Identity

Paul Madsen: NAPPS has left the building (but is still on the front lawn)

A good standards effort defines specifications that build on the existing stack of underlying protocols, cryptographic techniques, data formats and platform capabilities. A better standards effort defines specifications that can adapt accordingly as that existing stack changes and evolves. The very best standards efforts know when to announce victory, pack their bags, and go home when that stack evolves in such a way to mitigate the value of the standard in the first place.

By this measure, NAPPS, the OIDF WG chartered to define mechanisms in support of an SSO experience for native applications, is an awesome standards effort.

As has been previously pointed out by John Bradley and myself, the mobile OSs are evolving their support for native SSO, both iOS and Android are adding new features that make SSO possible 'out of the box', without the introduction of specialized application software on the device, as the NAPPS group had been proposing. Consequently, the value of the 'Token Agent' model that NAPPS was proposing and standardizing is diminished - fundamentally we don't need to supplement the mobile OSs to achieve native SSO when they provide sufficient capabilities on their own.

Consequently, as John writes, the NAPPS WG is 'pivoting' and, rather than delivering a normative specification for the Token Agent role, will instead:

"...document best practices for Single Sign-on for Enterprise and Software as a Service Providers using these new features in combination with the PKCE specification, as well as filling in any remaining gaps to allow SaaS providers to fully support OAuth and OpenID Connect enabled native applications in a secure way without forcing users into extra unproductive logins."

In addition to these sort of guidelines, there is discussion about the development of open source SDKs that would wrap up all these features and flows - simplifying for application developers how to hook into this native SSO model. Discussions are underway as to where development of these libraries make sense.
Interestingly, while the value of a Token Agent has been marginalized by the new mobile OS features for the native SSO use case, the TA model may yet find a home in the Internet of Things.

Many IoT devices are characterized by limited UI capabilities for display and user input - both of which are critical for the initial binding of the device to a user account and corresponding provisioning of credentials. But if Things are constrained in this way, mobile devices aren't - and so can facilitate this initial setup step.

Shown here is a scenario where a native application on a device plays the role of a Token Agent on behalf of a Thing. The TA obtains an OAuth access token for the Thing and then delivers that token using some short range wireless protocol such as BLE or NFC. Once the Thing has its token, it can use that to authenticate itself when interacting with cloud endpoints or even other Things.

Should the TA model be eventually applied to IoT use cases, perhaps my not insignificant $$ investment in a large supply of 'There is nothing token about my agent' t-shirts will not be wasted. Let us hope.

28 Jul 2015 5:32pm GMT

Courion: The Government Under Cyber Attack & A Hit To The #IoT: It's #TechTuesday!

Access Risk Management Blog | Courion

<br /><br /><br /><p><a href='https://www.listicle.co/l/191034'>#TechTuesday 7/28/15</a></p>


28 Jul 2015 12:23pm GMT

27 Jul 2015

feedPlanet Identity

Mythics: Practical Strategies for Data Security

Data breaches have become an everyday occurrence. The remediation is very expensive and resolution of a breach costs much more. The overall impact of a…

27 Jul 2015 5:51pm GMT