No, I’m not declaring another thing in identity management dead. Instead, I’d like you to join me in exploring something that has been bugging me quite a bit lately. Risk-based Authentication can cover a spectrum of capabilities, but most generically it is a passive authentication factor that tries to measure the risk of a particular
In part 1 of my blog post expanding on my Cloud Identity Summit talk on Invisible Identity, I proposed ‘The 4 Core Principles of Invisible Identity‘ that ensure that security and usability stay in a symbiotic partnership for an organization. I believe that adopting the concept of Invisible Identity will be vital to securing people
Ever since the Snowden revelations broke, there has been a lot of interest in metadata, with a lot of ink (or should that be bytes?) devoted to defining exactly what it is, where it can be gathered from, who is capable (and how) of doing said gathering, and most importantly of all, if it is
There is a lot to parse in the story about the hacking and illegal distribution online of the very personal and private pictures of a lot of (mainly female) celebrities. First and foremost, this was a despicable crime that no one deserves to suffer, no matter how public a figure they might be. Unlike ongoing
As this Joy of Tech cartoon demonstrates, PRISM seems to have solved that problem for us. All that’s left to do is slap a RESTful Web Service on that data source. Should it be SAML or SCIM? This is pretty much the epitome of “It’s funny because it’s true”. The way that “metadata” can be
Anyone following me on Twitter is well aware of my stance on AddressBookGate. While the tech world’s initial outrage was being directed at Path, I felt that a more balanced conversation would also lay some culpability at the feet of Apple and other API platforms that were exposing data to applications like Path without any
In a prior post I talked about the backlash against the “Real Names” policy that Google has instituted for it’s Google+ social network. The resulting nymwars are in full force, and drew me into a very interesting twitter back-and-forth between Kevin Marks, myself and Tim O’Reilly over the weekend, which Kaliya (or IdentityWoman, as she
The “Real Names” debate has been fascinating to watch, because it such an intriguing melange of issues – social conventions, technical requirements, best practices, community responsibility – rolled into what would on the surface seem to be a very simple problem. After all, what we’re really talking about is what value to let people put
The recent tragedy in Tucson, AZ has gripped the nation in more ways than one. There are so many different story lines unfolding out of that single tragedy – about politics, about rhetoric, about immigration, about dreams. Significantly less visceral, but important from an identity management perspective is this avoidable but all too common story
I just got back from a trip, where I had the opportunity to visit a number of Oracle (including former Sun) IdM customers. During the trip I (quite unintentionally) got some insight into an area of enterprise identity management that I had not considered before – Identity Management for Visitors. Over the last few years