Visitors Have Identities Too (to manage, use & abuse)

I just got back from a trip, where I had the opportunity to visit a number of Oracle (including former Sun) IdM customers. During the trip I (quite unintentionally) got some insight into an area of enterprise identity management that I had not considered before – Identity Management for Visitors. Over the last few years

Speaking at Oracle Federal Forum on Oracle IdM & ICAM

The 4th annual Oracle Federal Forum is being held this Wednesday (Oct 20th) in Washington, DC. It’s a thought leadership day focused on the concerns of the transforming Federal government, where you’ll hear some real-world best practices and lessons from agencies, industry strategists and thought leaders. Oracle also uses this forum to provide an update

Multi-Factor Authentication going Mainstream

Some recent moves by major players could have a significant impact on the perception of multi-factor authentication technologies. Google recently introduced two-factor authentication for Google Apps. The mechanism they chose to employ relies on a one-time password token delivered to a cell phone either by an SMS text message or a call to the phone

Building a Strong Foundation for Your Cloud with Identity Management

That was the topic of my talk at OpenWorld this year. Fitting, I think, considering the emphasis that was put on Cloud Computing at OOW this year, starting with Larry’s opening keynote on Sunday. In my session, I talked about how, thanks in large part to the emergence of cloud computing, enterprises are moving towards

Introducing Oracle Security Governor for Healthcare

At OpenWorld today, Oracle announced the release of Oracle Security Governor for Healthcare, a unique and comprehensive security governance solution that helps healthcare organizations with proactive detection and prevention of security and privacy breaches (click here for the press release). Oracle Security Governor becomes the second product we have in the identity governance space, taking

Cloud and IdM Together Again – at OpenWorld

It’s that time of year again – when my blog goes silent because I have been heads down preparing for Oracle’s event of the year. And this year’s OpenWorld is jam packed with all sorts of goodness. The lineup in the Identity Management track is loaded with information, especially for anyone looking to learn more

Upcoming Webcast on Service-Oriented Security

You’ve seen me blog a whole lot about Service-Oriented Security over the years; now you can also hear me talk about it. I’ll be doing a live webcast on “Service-Oriented Security: Blazing a New Trail of Innovation in Application Security” on Wednesday, August 25th (that’s tomorrow!) at 11:00 a.m. PT/2:00 p.m. ET . In it,

Pushing forward on Standards-based Provisioning

Lest all the recent posts about “pull”-based identity make you think that I have completely forgotten about good old “push”-based identity provisioning, here is some news on that. As I have discussed here in the past, SPML has been under a cloud in recent years, with low adoption and a litany of issues being documented.

Identity Services should be like Vitamins, not Crack

OK, so it’s a ridiculous title. But hear me out. Matt Flynn brought to my attention an article in which Dale Olds talks about the need for hosters (companies that provide the platform on which you deploy your Cloud/SaaS applications) to provide identity services (and as Matt points out, security services in general) as part

“Pull” is about Evolution, not Revolution

Ben has responded to my response by vigorously defending his stance against the pull movement. His statement that “…this will take more effort than it will return in value” is correct in identifying what enterprises should focus on – a cost-benefit analysis – but not in his estimation of how to do the valuation. I