Dealing with privacy issues isn’t as simple as the tech (and all too often the security) industry thinks. There are some real challenges and ethical conundrums to deal with, and we ignore the reality of the society into which our products are going at our own peril. We are seeing this happen full force right
With this years Identiverse just over a month away (and the deadline to get the draft of my talk this year swiftly approaching), I was reminded that I never got around to sharing video of the keynote I gave at last years conference. It was very kind and a tremendous vote of confidence in me
No, I’m not declaring another thing in identity management dead. Instead, I’d like you to join me in exploring something that has been bugging me quite a bit lately. Risk-based Authentication can cover a spectrum of capabilities, but most generically it is a passive authentication factor that tries to measure the risk of a particular
In part 1 of my blog post expanding on my Cloud Identity Summit talk on Invisible Identity, I proposed ‘The 4 Core Principles of Invisible Identity‘ that ensure that security and usability stay in a symbiotic partnership for an organization. I believe that adopting the concept of Invisible Identity will be vital to securing people
Ever since the Snowden revelations broke, there has been a lot of interest in metadata, with a lot of ink (or should that be bytes?) devoted to defining exactly what it is, where it can be gathered from, who is capable (and how) of doing said gathering, and most importantly of all, if it is
There is a lot to parse in the story about the hacking and illegal distribution online of the very personal and private pictures of a lot of (mainly female) celebrities. First and foremost, this was a despicable crime that no one deserves to suffer, no matter how public a figure they might be. Unlike ongoing
As this Joy of Tech cartoon demonstrates, PRISM seems to have solved that problem for us. All that’s left to do is slap a RESTful Web Service on that data source. Should it be SAML or SCIM? This is pretty much the epitome of “It’s funny because it’s true”. The way that “metadata” can be
Anyone following me on Twitter is well aware of my stance on AddressBookGate. While the tech world’s initial outrage was being directed at Path, I felt that a more balanced conversation would also lay some culpability at the feet of Apple and other API platforms that were exposing data to applications like Path without any
In a prior post I talked about the backlash against the “Real Names” policy that Google has instituted for it’s Google+ social network. The resulting nymwars are in full force, and drew me into a very interesting twitter back-and-forth between Kevin Marks, myself and Tim O’Reilly over the weekend, which Kaliya (or IdentityWoman, as she
The “Real Names” debate has been fascinating to watch, because it such an intriguing melange of issues – social conventions, technical requirements, best practices, community responsibility – rolled into what would on the surface seem to be a very simple problem. After all, what we’re really talking about is what value to let people put
