Tag: Service-Oriented Security

An Entitlement-Centric Approach to Security

Last week, I gave a well-received talk to a group of CxO and high-level IT managers on a new way to think about security built around entitlements. The premise of the talk was that with the de-perimiterization of the enterprise, the modern enterprise has already become entitlement-based; we in the security industry just haven’t caught

Upcoming Webcast on Service-Oriented Security

You’ve seen me blog a whole lot about Service-Oriented Security over the years; now you can also hear me talk about it. I’ll be doing a live webcast on “Service-Oriented Security: Blazing a New Trail of Innovation in Application Security” on Wednesday, August 25th (that’s tomorrow!) at 11:00 a.m. PT/2:00 p.m. ET . In it,

Identity Services should be like Vitamins, not Crack

OK, so it’s a ridiculous title. But hear me out. Matt Flynn brought to my attention an article in which Dale Olds talks about the need for hosters (companies that provide the platform on which you deploy your Cloud/SaaS applications) to provide identity services (and as Matt points out, security services in general) as part

“Pull” is about Evolution, not Revolution

Ben has responded to my response by vigorously defending his stance against the pull movement. His statement that “…this will take more effort than it will return in value” is correct in identifying what enterprises should focus on – a cost-benefit analysis – but not in his estimation of how to do the valuation. I

“Push vs Pull” in Identity Management

My friend Ben Goodman over at Novell recently wrote a blog post arguing against the “future of identity is pull” movement that seems to be sweeping the nation (well, at least the hallways at the recent Catalyst conference). I’ll give him credit for having the conviction to go against the grain here, since the idea

The Challenge of Security Questions

Jackson Shaw just wrote about a website called goodsecurityquestions.com. As the name indicates, it’s a site that purports to distinguish between good and bad questions to employ when setting up for your identity re-verification challenges (for when you forget your password or need to execute a high-value transaction, for instance). The same site also (correctly)

Announcing Oracle Identity Management 11g

Well, the press release went out a few hours ago, and the launch webcast just finished minutes ago, announcing the arrival of Oracle Identity Management 11g, the next phase in our rollout of the most complete, integrated and open suite of identity management products. As Amit Jasuja shared in the webcast, there is over 750

It’s All in the Cooking – 11g Drops Today

Last week I was at Oracle HQ for our annual Identity Management Customer Advisory Board meeting. It was an absolutely jam-packed two and a half days. I cannot tell you how great it was to spend time with our customers, those that have been with us for a while, and those that just joined the

Learn About Oracle Identity Management 11g

This is going to be a huge month for the Identity Management team at Oracle. And no, I am not talking about my upcoming talk at Burton’s Catalyst conference. Actually, the reason for all the excitement is that we are about to roll out the next set of components in the Oracle Identity Management 11g

Podcast on Identity Management for Cloud Computing

As part of Oracle’s Identity Management Think Tank Podcast Series, I recorded a podcast on “Identity Management for Cloud Computing” with our Chief Identity Architect Vadim Lander. You can listen to it by clicking here. In the podcast, we cover What are the key security concerns about cloud computing How security requirements vary between Private