08 Oct 2015

feedPlanet Identity

Mike Jones - Microsoft: ADFS Achieves Key OpenID Connect Certifications

I wanted to bring your attention to Alex Simons' announcement Active Directory Federation Services gains OpenID Certifications! ADFS now is certified for the Basic OpenID Provider and Implicit OpenID Provider profiles of OpenID Connect - adding to its previous certification for the OpenID Provider Publishing Configuration Information profile. I'll also add that ADFS was tested […]

08 Oct 2015 6:46pm GMT

ForgeRock: Identity Summit London 2015: A Recap

Today, the first of three European Identity Summits, hosted by ForgeRock, took place near London's Euston Station, at 30 Euston Square. For the great success of this event, we would first of all thank our partner CDO Summit, and our sponsor Accenture! The presented sessions were a great mix of industry experts, ForgeRock leaders, and ForgeRock…

The post Identity Summit London 2015: A Recap appeared first on ForgeRock.com.

08 Oct 2015 5:04pm GMT

07 Oct 2015

feedPlanet Identity

ForgeRock: Our CEO Mike Ellis’ Keynote at the CDO Summit London 2015

Today, a large group of Chief Digital Officers and other digital leaders were able to see Mike Ellis giving a keynote presentation at the CDO Summit in London. Front and center was one message: "Identity is the center of everything". While Mike stated that growth is a top priority for CEOs, and…

The post Our CEO Mike Ellis' Keynote at the CDO Summit London 2015 appeared first on ForgeRock.com.

07 Oct 2015 2:50pm GMT

06 Oct 2015

feedPlanet Identity

Nat Sakimura: EU司法裁判所、US-EUセーフハーバー協定無効判断

【ブリュッセル時事】欧州連合(EU)司法裁判所(ルクセンブルク)は6日、米企業が個人情報をEU各国から米国に移転することを特別に認めた「セーフハーバー」と呼ばれるEUと米国間の取り決めについて、情報が十分に保護されておら […]

06 Oct 2015 5:22pm GMT

Nat Sakimura: マイナンバー詐欺を初確認〜70代女性、数百万円の損害

消費者庁の6日の発表[1]によると、マイナンバー制度をかたる電話をうけた南関東の70代女性が9月までに、現金数百万円を支払わされる被害にあったらしい。 手口は、以下のとおり。 公的な相談窓口を名乗る人物から、電話で偽のマ […]

06 Oct 2015 3:34pm GMT

Julian Bond: Compare and contrast Theresa May in 2002 when she called the Tory party the "Nasty Party"

Compare and contrast Theresa May in 2002 when she called the Tory party the "Nasty Party"

With 2015,

Theresa May

Jeremy Hunt (the well known euphemism)

George Osbourne

They do like a good authoritarian in the Tory party. So who's next when the party decides they've had enough of Cameron and force him to make good on his promise to leave before the next election?

"I discount Osborne because he appears to be coked up to the gills and after the next financial crash his political profile will be a scorched outline on the steps of the Old Lady of Threadneedle Street.
I discount Boris because he has most if not all of the same weaknesses as Posh Boy Cameron.
I discount Gove because he makes everybody gove uncontrollably.
Of the inner cabal May seems to be most cannily positioned to inherit the mantle of Thatcher 2.0. (Those of you who are British may now shudder convulsively and cross yourselves/spit over your shoulder/engage in the Two Minute Hate.)"

seeAlso: https://www.craigmurray.org.uk/archives/2015/10/racism-works-in-the-tories/
"She may be vicious and dangerous to our society, but she is not stupid. It is the way to become Tory leader.
Nobody ever lost money overestimating the viciousness of the Tories. In fact the arms and security industries and the bankers, the private health companies, the hedge funds and the private agencies enforcing government policy make fortunes out of it every day."

Frankly, Theresa May scares the hell out of me. There's something of the night about her, like a Herzog - Nosferatu, http://www.imdb.com/title/tt0079641/ 
Nasty Party - Wikipedia, the free encyclopedia »

[from: Google+ Posts]

06 Oct 2015 7:36am GMT

05 Oct 2015

feedPlanet Identity

Katasoft: The World's Leading RFID Manufacturer Saves Time, Money, and Sleep with Stormpath

Stormpath Plus Smartrac

SMARTRAC is the world's leading manufacturer of RFID transponders. Used in a variety of applications from U.S. passports, to pet microchips, to electronic toll payment transponders, SMARTRAC produces a staggering 1.7 billion RFID responder tags annually. The possibilities of the technology are virtually limitless.


The breadth of applications for RFID technology gives SMARTRAC a presence in nearly every market sector. Increasingly, those applications connect through cloud services. "Take a pair of jeans," explained Jason Weiss, Vice President of Cloud Platform and Applications at SMARTRAC.

"A pair of jeans typically is not connected to the cloud, but the moment you affix an RFID tag to them, those jeans suddenly can have dynamic content associated with them. You can create a relationship between their brand owner and the consumer that previously wasn't possible."

To that end, SMARTRAC created SMART COSMOS, a new cloud services platform built around RFID data. SMART COSMOS enables comprehensive Machine-to- Machine and Machine-to-Product communication, and a wealth of pre-built services and extension points. Using the platform, system integrators and software developers can easily create new applications for authentication, identification and tracking of goods.

The use cases are compelling: brands can track product authenticity to reduce counterfeiting and piracy; supply chain workflows efficiency can be managed at the item level, in real-time to reduce loss and waste; RFID data can enable extended consumer experiences with a beloved brand item long after the sale.

The Cloud-Enabled Football Jersey

The lifecycle of a football jersey demonstrates the power of the SMART COSMOS platform at each step of the supply chain.

SMARTRAC helps customers in vertical markets prove the correct royalties were paid for an item. That licensing enforcement information is tracked with RFID and in the SMART COSMOS "Profiles" service. 1000 football jerseys under that license are manufactured in Vietnam and assigned serial numbers and date of manufacture. Details about the jerseys, such as team, player, and season, is linked to the SMART COSMOS "Objects" service through the RFID tag for rich product data.

After leaving the manufacturing plant, only 994 jerseys are actually delivered to the port, and by the time the ship arrives in the port of Los Angeles, a whole box is missing. Somewhere in the port another box falls off a forklift, and now only 894 jerseys reach the distribution center.

"SMART COSMOS provides the infrastructure for brands to delay the authenticity licensing until they have reclaimed possession and are in control of the item in their distribution center." Weiss explained. "The 106 jerseys lost along the way have labels, but never went through the RFID reader at the distribution center. Therefore, authenticity was never turned on in the cloud."

Once the authentic jerseys are in the retail market, their RFID transponder can enhance the fan experience in their home team's stadium and solve a critical problem for the stadium operator - how do you motivate a fan to buy a jersey and spend money at the concession stands?

One way is to incentivize them with offers, which can be powered by the SMART COSMOS "Flows" platform service, an RFID-centric, BPMN 2.0 compliant workflow management solution. It allows a very junior software developer or even a business analyst to design a workflow around RFID.

An example offer might instruct stadium visitors to bring a current-season jersey to the concession stand to get $5 off their first beer at every home game. An RFID reader in the concession point-of-sale reads the jersey's RFID tag, and triggers a workflow that retrieves the jersey's "Profile" and "Object" from SMART COSMOS. It verifies this is an authentic jersey from the current season. Then the workflow checks SMART COSMOS again, to see if the visitor already redeemed their beer coupon for today's game. They have not, so the light at the register turns green, and the information for that sale is connected back to the RFID data in SMART COSMOS: location, timestamp, value of sale, etc.

"This ecosystem would allow a stadium operator to deploy a system like that in a matter of a few weeks instead of months of engineering time," says Weiss.

Stormpath: Secure Multi-Tenant User Data With Flexible Deployment

Stormpath helps SMARTRAC by powering identity infrastructure across SMART COSMOS, using a multi-tenant data-partitioning model. Every developer on SMART COSMOS Profiles, for example, gets a unique, secure directory partitioned from other company's data.  "Users get access with that one username and password to the software as a service hosted in our cloud," Weiss explained. "We don't have to worry about managing our customer's users. We let them manage their own users within their own directory."

This user data model also protects customer data in a way that is easy for SMARTRAC to maintain. Stormpath encrypts and protects all the passwords, so there is no way for SMARTRAC to actually see any of the end-user passwords. As a former naval cryptologist, Weiss understands the importance of security, and Stormpath's advanced security features were a deciding factor in SMARTRAC's choice.

"We know Stormpath is following the best practices that are out there today for security," Weiss said. "I don't have to worry that somebody screwed up the implementation, because it's all managed by the Stormpath service."

In the retail market, Stormpath has also proved advantageous, helping SMARTRAC position itself as highly reputable and ultra-secure, and helping avoid embarrassing security breaches. "I remember at one of my last positions, a developer left a debug statement turned on in the code that logged the password," Weiss recounted. Even though there was no breach, the company had to tell its entire customer base to change their passwords.

"That's a very embarrassing conversation to have with paying customers. Been there, done that. I never want to do that again."

Stormpath has not only saved the SMARTRAC team development time and engineering man hours, it cut down on the team's stress. "I would have lost sleep thinking, 'We're deploying this at a federal institution. Did we get everything coded correctly? Did we have all the right unit tests to make sure it's safe?'" Weiss explained.

With Stormpath, the entire SMARTRAC team can rest easy without having to stress about data security. 

05 Oct 2015 9:11pm GMT

Julian Bond: For those of us who like collecting doomsday scenarios, here's another one. It's the low earth orbit...

For those of us who like collecting doomsday scenarios, here's another one. It's the low earth orbit collision cascade as seen in films like Gravity.

The usual entertaining comments in this RFC about the likely social effects of a 2030 Kessler event..
Kessler syndrome - Wikipedia, the free encyclopedia »

[from: Google+ Posts]

05 Oct 2015 7:47pm GMT

Matthew Gertner - AllPeers: Our top fashion tips for autumn 2015

The summer is fading into the orange leaves and dusky suns of autumn. And with a new season's palette, you'll need a brand new set of clothes to help you look great! But what's 'in' this season? What's hot and what's not? What are the A-list fashionistas donning on the catwalks of Paris, Milan and London? To help you avoid any fashion faux pas, we've come up with a few tips for when the leaves start falling from the trees. Take a look and you'll be the envy of catwalk superstars everywhere. Get fluffy Your boyfriend has piles of bum-fluff…

The post Our top fashion tips for autumn 2015 appeared first on All Peers.

05 Oct 2015 1:45pm GMT

03 Oct 2015

feedPlanet Identity

Julian Bond: Apparently Google Chrome has decided that .rar files from zippyshare are malicious and you're not allowed...

Apparently Google Chrome has decided that .rar files from zippyshare are malicious and you're not allowed to download them. They've also decided that several famous torrent index sites are malicious and has blocked them as well.

I'm sure this has nothing to do with the music and entertainment biz and is just a temporary glitch. It seems to cover sites that contribute to bending the rules on copyright as well as sites trying to attack you. The trouble with false positives like this is that it encourages you to turn off all the safety controls which defeats the object of having them in the first place. And of course most users of Chrome will leave most of the settings on default.

It's also possible this will migrate to Firefox as well since they use Google's dangerous site blacklist and virus checker services.

Interestingly, this is beginning to affect small software developers as well. You have to jump through all the hoops or Google marks you as untrustworthy. Made worse because you're distributing an .exe or .msi rather than just an .mp3

Meanwhile, open All downloads, click on recover file, click on Yes, I'm sure and there's your file. You just shouldn't have to do this.
[from: Google+ Posts]

03 Oct 2015 7:32am GMT

01 Oct 2015

feedPlanet Identity

Mark Dixon - Oracle: First Model T Introduced 107 years ago today

One hundred and seven years ago today, on October 1, 1908, the first Model T Ford was introduced. According to the Ford media center: The car that established a mass market for automobiles, the Model T, was introduced on Oct. 1, 1908. The first Model T had a 20-horsepower, four-cylinder engine, reached a top speed of [...]

01 Oct 2015 10:48pm GMT

30 Sep 2015

feedPlanet Identity

IS4U: FIM2010: Localize Self Service Password Reset


If you ever had the pleasure of installing one or multiple language packs in FIM, you know that not everything is covered. The question and answer gate is a good example and is very visible to the end user. This blog post discusses how you can localize such a configuration and shows how it is possible to automate this task using powershell.


Self service password reset consists of the following configuration blocks:

The workflow defines which actions are necessary before a user is allowed to reset her password. This can be an otp email, sms or a question and answer gate. The management policy rule links the users that are allowed to reset their password to the correct authentication workflow. The set is linked to the MPR as the target resource field, because the requestor of a password reset authentication workflow is always an anonymous user.


The language packs that come with FIM do not include localized configuration objects. So, we have to configure these ourselves. Once you know how the mechanism works, it is pretty simple. You duplicate the three configuration items that are required to have a working SSPR configuration for each language you want to support and make sure you define the correct population in the MPR target set. Then you disable the default MPR to avoid confusion. A sample configuration could look like this:
sspr_mpr sspr_mpr2

You make sure that the authentication workflow uses the language corresponding to the target population. It is also recommended to configure one of the languages as default for the user accounts that do not have a proper language configured. This can be configured as follows:


As last step, you need to add these new objects to the Password Reset Objects Set. Otherwise SSPR will not work.


Of course it is a lot of work to localize SSPR if you have more than two languages. That is why we wrote a powershell function to do this for us. It is also very handy to update an existing configuration. So if you want to add or change a secret question, powershell is a lot easier and faster than doing this job manually. Sample code can be found at github. The module Is4uFimSspr.psm1 provides following functions:

The first two enable and disable builtin MPR's for SSPR. The last one localizes the default question and answer gate based on information provided in an XML configuration file: sspr.xml. The function assumes that the default configuration of Password Reset AuthN Workflow is untouched. It copies the XOML field and does a string replace of the questions, constraints and error messages with the values from the configuration file.


30 Sep 2015 7:44pm GMT

Nat Sakimura: 11月13日 第5回バイオメトリクスと認識・認証シンポジウムで講演します

来る11月13日(金) 15:50分より、「第5回バイオメトリクスと認識・認証シンポジウム」で講演します。 プライバシートラストフレームワークとパーソナルデータの利活用 Privacy Trust Frameworks […]

30 Sep 2015 5:53am GMT

Katasoft: Stormpath Raises $15M Series B Financing

Stormpath Hosted Login Screen

When we first started Stormpath, most people rejected our product vision:

"I would never outsource my user data and functionality - the most important part of my application - to a third-party service."

In 2011, the objections to a Customer Identity API were many, and they were valid. Cloud adoption was nascent. API services were primarily used to replace non-core functionality. Everyone was skittish about the rise in large-scale user data breaches. Developer service companies had spotty records when it came to revenue. A slew of investors turned down our seed round, and developers were generally skeptical.

At the time, there were no other funded Identity API companies focused on developers. But we believed, very deeply - that cloud-based services built by third-party experts would become the default for core application plumbing like Identity. We also believed that developers would embrace how we can make their lives easier and their applications and user data more secure.

"The goal of Stormpath is to free up developers' time so they can focus on what really matters to their product and business. Managing users in the cloud is complicated and risky; we can put years of security expertise and best practice in their applications in less time than it takes to make coffee."

- Les Hazlewood, Stormpath CoFounder and CTO, Public Beta announcement

In just a few years, developers have broadly embraced third-party cloud services. Rather than perceived as dangerous, the microservices approach to building web and mobile applications has become default.

That sea change in the way web application teams approach cloud services, has not only driven our rapid growth, it has also formed the basis of an entire customer identity market.

Today, Stormpath is used - and loved - by thousands of developers.

We've gone from a basic authentication API, to a powerful identity platform that can handle not only high scale authentication and registration events and workflows, but also complex authorization, deep user security, multi-tenancy for SaaS applications, OAuth connections, token authentication, API keys, social login, and single sign-on across your applications from a centralized user store. The Stormpath Identity API allows businesses to launch their web applications and services faster, and with better user security.

We are proud to have customers who range from Fortune 100 Security companies to major media publishers to high-growth tech startups using Stormpath in production.

With the announcement today that we have closed $15M in Series B Funding, led by Andy Vitus from Scale Venture Partners with continued support from our prior investors NEA and Pelion Venture Partners, we now embark on a new stage in Stormpath history.

We're 30-strong (come join us!), and it's time to build out our team with more passionate people. We have a strong core identity product, and it's time for us to build more advanced features like SAML and deeper authorization. It's time for easier-to-use docs and SDKs. It's time for deeper client side support for mobile, single sign-on across customer services, and foolproof token authentication to connect users, applications and devices securely. We will continuously enhance our service to make it more useful and easier to use, for more companies and developer communities.

To our early and current users, who helped shape our vision for the first customer identity API, thank you. To our teammates, who have passionately argued how to best serve our developer community, thank you. To our families and investors, who supported our vision and challenge us to shoot higher, thank you.

To everyone who swears to never outsource identity to a third-party SaaS, I hope you will try the API. We would love the opportunity to change your mind. And if we can't change your mind, then we'd love your feedback on how to make a better product.

30 Sep 2015 5:00am GMT

29 Sep 2015

feedPlanet Identity

Vittorio Bertocci - Microsoft: 9 demos, 6 platforms, 32 minutes, one IDaaS service – at AzureCon 2015

I hope you guys are checking out the awesome AzureCon 2015 live feed on the c9 home page right now!

I had the honor and privilege of recording one of the virtual sessions that were made available today. This time I had an interesting challenge - I had only 30 mins [...]

29 Sep 2015 6:51pm GMT

28 Sep 2015

feedPlanet Identity

Nat Sakimura: NASA、火星に液体の水があることを発表

NASAが日本時間0時30分、火星に液体の水があることを発表しました。 液体の水と言っても非常に塩(perclorate)の濃度が高いものですが、その証拠を発見したとのことです。もっとも、直接観測したのではありません。化 […]

28 Sep 2015 4:09pm GMT