Month: August 2007

New Ideas in Password Management

In his Network World on Security newsletter this week, Dave Kearns talks about a new kind of password management product that seems to be picking up traction. Lieberman Software’s Random Password Manager offers interesting new capabilities in password management similar to Cyber-Ark’s Enterprise Password Vault (EPV). I had briefly mentioned Cyber-Ark in a blog post

Forrester Research chimes in on “Identity As A Service”

In a recent blog post, Forrester analyst Jonathan Penn talks about his conversation with fellow analyst Andras Cser on the two definitions that are floating around of Identity As A Service. They essentially agree with the assertion I made a few months ago (see my post “Defining Identity As A Service“) that the standard definition

The Debate over RBAC vs. Entitlement Management

The folks over at Securent are onto a good thing with the community driven blog they started called simply the Entitlement Management blog. They have managed to get posts from an impressive set of contributors, including Burton’s Gerry Gebel and Forrester’s Andras Cser. Check it out when you get a chance. What caught my eye

The Need for Personae in Social Networking

Facebook is attracting a lot of attention from the identity community, with many of us signing up on the site. And the blog entries regarding the experience make for some interesting reading. Pamela Dingle blogged about the basic dilemma that most of us faced when we first signed up – our disinclination to give up

Will RFID force Consumers towards Personal Identity Management?

In a recent blog post (E-Passports equals E-pportunity for Hackers?), I touched on the security and privacy issues arising from the use of RFID technology in the context on the new e-passports. Now Scientific Technology Options Assessment (STOA), an arm of the European Parliament, has released a report (RFID and Identity Management in Everyday Life)

Why Social Websites are really Faux-Social

Wired contributor Scott Gilbertson recently ranted about how social networks are adding to the ubiquitous walled gardens on the web (Slap in the Facebook: It’s Time for Social Networks to Open Up). He talked about something that we are all a little weary of – having to set up the same relationships in each social

Interesting eWeek article on Identity Proofing

You can read here an interesting interview eWeek ran of Burton Group analyst Mark Diodati on the topic of Identity Proofing – that crucial but often tricky process that verifies that someone is indeed who they are claiming to be. This is somewhat different from authentication, which is the process of someone identifying themselves to

E-Passports equals E-pportunity for Hackers?

Electronic passports are not only insecure, they can be used as tools to commit fraud and mischief. That is the contention of an RFID expert that has been investigating the new digital passports and passport readers that make up the next generation of our most definitive identifying document. Wired news covered Lukas Grunwald’s exposure of