May is going to be a busy month. I already mentioned I’ll be at the Internet Identity Workshop next week (if only for the first day and a half), where I fully expect to dive into discussions regarding SCIM and OAuth in the Enterprise (picking up from where we left off at the last IIW).
This should be interesting! By all accounts, one of the main reasons that SPML never achieved traction was that application vendors were not involved in developing or deploying the standard. The effort to standardize provisioning of accounts was driven largely by the provisioning engine vendors. The result was an unwieldy standard that nobody could figure
Last week, I gave a well-received talk to a group of CxO and high-level IT managers on a new way to think about security built around entitlements. The premise of the talk was that with the de-perimiterization of the enterprise, the modern enterprise has already become entitlement-based; we in the security industry just haven’t caught
(My original title for this post was “Cardspace, We Hardly Knew Thee”, but Dave Kearns stole that by a nose). RSA is not the best conference for identity related news and topics, but there were more than a few interesting story lines that emerged last week (and no, I am not referring to what went
Computerworld has an interesting article ‘Security fail: When trusted IT people go bad‘ with the even more interesting subtitle “One rogue IT employee can do more damage than an army of hackers“. It’s well worth a read, if only to get a feel for the nightmarish scenarios CIO’s can be faced with. The 3 case
The recent tragedy in Tucson, AZ has gripped the nation in more ways than one. There are so many different story lines unfolding out of that single tragedy – about politics, about rhetoric, about immigration, about dreams. Significantly less visceral, but important from an identity management perspective is this avoidable but all too common story
I just got back from a trip, where I had the opportunity to visit a number of Oracle (including former Sun) IdM customers. During the trip I (quite unintentionally) got some insight into an area of enterprise identity management that I had not considered before – Identity Management for Visitors. Over the last few years
Some recent moves by major players could have a significant impact on the perception of multi-factor authentication technologies. Google recently introduced two-factor authentication for Google Apps. The mechanism they chose to employ relies on a one-time password token delivered to a cell phone either by an SMS text message or a call to the phone
Lest all the recent posts about “pull”-based identity make you think that I have completely forgotten about good old “push”-based identity provisioning, here is some news on that. As I have discussed here in the past, SPML has been under a cloud in recent years, with low adoption and a litany of issues being documented.
Ben has responded to my response by vigorously defending his stance against the pull movement. His statement that “…this will take more effort than it will return in value” is correct in identifying what enterprises should focus on – a cost-benefit analysis – but not in his estimation of how to do the valuation. I