Identity and Access Management (IAM)

Recent news and how IAM could have helped

Merritt Maxim — Wed, 23 Apr 2008 15:27:00 GMT

As information security professionals, we are always interested in finding stories or anecdotes to help make a point or to further educate people on the importance and need for strong information security. An item grabbing US headlines recently was the story concerning the inappropriate access to the passport files of the 3 major US presidential candidates, Barack Obama,...

Liberty Alliance Workshop at the RSA Conference Drives Home the Point that Identity Federation is Entering the IT Security Mainstream

Matthew Gardiner — Thu, 17 Apr 2008 13:31:00 GMT

I recently returned from a week at the RSA Conference which is somewhat of an annual pilgrimage for IT security people that takes place in the heart of San Francisco in the Moscone Center. http://www.rsaconference.com/2008/US/home.aspx Even though the Olympic flame relay was also in town on its only stop in North America on its worldwide tour, we RSA Conference...

Some thoughts on e-ID

Mike Small — Fri, 11 Apr 2008 13:22:00 GMT

In late February I gave a talk at a conference on e-ID in Belgium organized by L-SEC http://www.lsec.be. Belgium is one of the first countries in the world where all citizens will have their identity supported by a digital identity card. Unlike Finland, where the e-ID card is optional, in Belgium it is a legal requirement that every resident registers their address. This registration process...

User-centric Identity - a joint CA/Microsoft effort

Jeffrey Broberg — Tue, 08 Apr 2008 15:29:00 GMT

The Identity Metasystem offers a new way to think about the relationship between parties that are interested in either consuming or producing identity information. Sometimes this is referred to as Identity 2.0, or more correctly as User Centric Identity. This new paradigm offers many benefits, from increased security, enhanced privacy, and the opportunity for new business models. It is sometimes...

A visit to the Vasa Museum -- an IT analogy

Mike Small — Thu, 13 Mar 2008 15:04:00 GMT

During my recent visit to Euro CACS - the Computer Audit and Control Symposium - in Stockholm the event night was held at the Vasa museum. This museum contains the preserved remains of the Vasa a 16th century man of war that was recovered from the sea near Stockholm. The story of this ship is one that will have a ring of familiarity to anyone involved in the IT industry. The...

CA Receives SAML 2.0 Certification from the GSA’s E-Authentication Solution

Matthew Gardiner — Mon, 29 Oct 2007 14:25:00 GMT

Excuse me while I blow our own horn a bit via the title of this blog. I recognize that excessive horn-blowing is not blogger couth. I do have a more general point to make in this blog – that the technology particulars of federation systems still do matter. But, first the facts. Recently CA and five other IAM vendors received certification from the GSA’s E-Authentication Solution for the GSA’s...

Thoughts From ISSE/Secure 2007 – We Are All In This Together

Matthew Gardiner — Wed, 03 Oct 2007 15:01:00 GMT

I recently returned from a week in Warsaw, Poland where I presented at, and attended the ISSE/Secure 2007 (Information Security Solutions Europe) conference and reconnected with the city and people with whom I lived some 15 years ago. What is the ISSE/Secure 2007 conference? It bills itself as Europe’s only independent security conference. A primary organizer of the conference is ENISA, which is...

Software Quality: The UK Report on Internet Security

Simon Perry — Tue, 14 Aug 2007 14:08:00 GMT

In 2006, the UK House of Lords undertook a far ranging study of the problem of internet crime and the resultant impact to individuals, businesses, and the economy as a whole. On August 10 th 2007, the results of the study were published under the title...(read more)

The Significance of Identity 2.0

Sam Curry — Mon, 23 Jul 2007 16:35:00 GMT

It’s a little hackneyed to talk about how the Internet is expanding and how the potential to live, work and play on the Internet grows proportionately to this expansion, but it’s still true. We are almost daily exposed to new, “up-and-coming” services and ways to interact with one another, the most recent of which is the loose grouping of “Web 2.0” connections. This includes not only...

Identity Federation: Transitioning to Mainstream use but not the Solution to all IM Challenges

Matthew Gardiner — Mon, 23 Jul 2007 16:24:00 GMT

Being a contrarian by nature, I view the recent session at Burton Catalyst on Federation by Burton analyst Mike Neuenschwander, (Evaluating the Growth of Federation Deployments: Is There a Glass Ceiling?) and a companion research report by Mike (Federation’s Future in the Balance: Teetering Between Ubiquity and Mediocrity), as actually being more positive then the titles suggest. In...

Identity Services Panel – SOA glue

Andy Rappaport — Mon, 16 Jul 2007 21:09:00 GMT

I was on an Identity Services panel at the recent Burton Group’s Catalyst conference in San Francisco. Burton Analyst Mark Diodati summoned architects from several companies (Phil Hunt/Oracle, Nick Nikols/Novell, Bill Dettlebeck/BEA, Don Bowen/Sun as well as CA) to talk about Identity Services. Topics included: Why are identity services needed? Where is the state of the...

The IAM Market - Random Thoughts from the Burton Catalyst Conference

Sumner Blount — Tue, 10 Jul 2007 04:00:00 GMT

Many CA-folks attended the Burton Group Catalyst conference a couple of weeks ago. Not to be a shill for Burton, but I have always found this conference to be one of the most informative of all the major industry events. The sessions typically have more depth than most conferences, and there are a number of specific customer case studies that help to show how IAM is being successfully...

Open ID 2.0: A Step Towards User-Centric Identity

Jeffrey Broberg — Wed, 13 Jun 2007 04:00:00 GMT

Recently I attended the IIW (Internet Identity Workshop) in Mountain View, CA at the Computer History Museum. If you ever get the chance to visit the museum, I highly recommend it. This conference is normally attended by about 100 technology individuals from all walks of life -- major vendors, educational institutions, government bodies, small startups, etc. Basically, a "Who's Who"...