Trent Adams's Library tagged idm →  View Popular

This is simple guide to using and verifying ODS-OpenID extended via FOAF+SSL. Covering the following scenarios:

CAIMR was launched in October 2008 and its partners include identity management experts from industry, academia and government. The goal of the organization is to identify key identity management challenges and the existing gaps in knowledge surrounding them in order to provide the much-needed applied research to properly address them. Those societal challenges include cyber crime, identity theft and fraud, attacks on critical infrastructure systems, data breaches, financial crimes including mortgage fraud, protection of the warfighter and more, that impact individuals, public safety, commerce, government and national security.

Most importantly, CAIMR is focused on discovering real world solutions and providing best practices and recommendations.

Using myOneLogin Federation as a Service takes the complexity and work out of identity federation.

The Identity Quartet is a framework for online services that allows users to express their Identity on their own terms. When I use the term “Identity”, I refer to the set of identifiers used in reference to users in online services.

Some people may think me a total whack job, but I think I have a serious plan for making the Internet secure. And it's not a pipe dream. The Internet can be made significantly safer starting today.

However, I did a disservice by not discussing the protocols and standards that already exist today, particularly a number of relatively new security protocols that are already helping to make the Internet a safer place. Created by many, many experts, these protocols aren't pie-in-the-sky dreams, but have already emerged as de facto standards. Any future Internet-based security system will likely use them, and perhaps contain all of them.

The 2009 Privacy and Security Conference is over for another year. As usual I was entreated to some interesting new ideas, issues and solutions.

What is the ‘killer use case’ for user-centric IdM?  Stefan Brands was technically very good in his presentation, but too often user-centric IdM is focused on the model and technology.  We get the technology now — but what are we going to use it for beyond low-value SSO?  (This topic is certainly fodder for future posts on this blog.)

The Identity Brokerage solution supports single-sign-on across a range of domains and technologies. It is also able to handle distributed user profiles and policies for a controlled exposure of user attributes.

Anonymous service access guarantees the user's privacy and distributed policy-based profiles enable privacy-aware personalisation.

Until now, the reference (our “Relationship Layer for the Web” paper, which Kaliya referenced in her blog entry on the addition of Facebook to the OpenID board) has been available only to Burton Group customers.  I’m pleased to announce that as of today, it’s freely available to anyone at this link. 

The relationship data structure is created by someone (in the case of my example in the paper it’s created by Facebook) and it asserts information about the relationship between a set of parties.

I’m writing this from the audience of Bob Blakley’s Data Sharing Summit session (which he also gave yesterday at the Internet Identity Workshop) on The Relationship Layer. It’s based on a paper he and his colleagues Gerry Gebel and Lori Rowland written for the Burton Group (but not published yet - Bob says look for his upcoming “world’s longest blog post”). This will be followed by a session the Higgins Project that will demonstrate a new form of information card called a relationship card (r-card).

FOAF+SSL is an authentication and authorization protocol that links a Web ID to a public key to create a global, decentralized, distributed, and secure authentication system that functions with existing browsers.

Following on my previous post RDFAuth: sketch of a buzzword compliant authentication protocol, Toby Inkster came up with a brilliantly simple scheme that builds very neatly on top of the Secure Sockets Layer of https. I describe the protocol shortly here, and will describe an implementation of it in my next post.

UnboundID
Corp., a developer of identity management software for Internet-driven,
consumer-facing architectures, has released a free software development
toolkit (SDK) that can be used to create directory-enabled applications
to access both the existing and the new emerging class of directory
services. The UnboundID LDAP SDK for Java requires no third-party
components and is also the only public Java-based LDAP SDK currently
being maintained and enhanced. As a result, programmers can rely on it
for current and future development needs.

The UnboundID LDAP SDK for Java leverages the advantages of Java SE 5
versions and later and provides significantly better performance and
ease-of-use over other Java-based APIs. The SDK is made available under
either a free "right-to-use" license or GPLv2 and gives users the right
to embed and redistribute the technology. UnboundID also provides a
commercial version with full technical support.

seminar on the business use of ID cards at the EEMA/Digital Identity Forum seminar sponsored by Consult Hyperion at the British Computer Society.

The event was kicked off by the Parliamentary Under-Secretary for Identity, Meg Hiller.

Web services have played key role in integrating heterogeneous applications, particularly in the cross domains. As part of identity management, Security Token Services (STS) are used for request and response tokens. However, we need multiple communication channels among STS when numbers of applications in different domains try to reach other web services. In this article we have proposed Master Security Token Service (MSTS) which will act as a broker for all security authorization without duplicating the effort at every domain.

Then, Simo presented the FreeIPA project: “Identity Management into FOSS Project”. The project goal is to build a complete platform to identify and authorize users on a network. Based on several strong components (LDAP, Kerberos, Rsyslog, Apache), the project is at the first release. Interesting but features are too limited IMHO. The next version should be stronger.

Your identity is like George Costanza's wallet. Really. Think about it. Do you remember the classic Seinfeld episode? The one where George wouldn't give up his ever-expanding wallet filled with store credit cards, Irish money, a coupon for an Orlando Exxon gas station and several Sweet and Low packets. This, in spite of the obvious physical pain it caused and the security threat all of that imposed.

First, we'll start with defining the identity problem. Then, we'll look at parallels to how entire industries have already solved historically similar kinds of challenges. Next, I'll help you understand where this whole cottage-industry-in-waiting is headed from both a consumer and business perspective. And, finally, I'll paint a vision of what "The Next Identity Model" will look like so that a Costanza-like problem doesn't blow up in your face.

Federation is defined as the ability to make identity portable. With identities, federation enables the concept of an "identity broker': A third-party, trusted and secure source that is independent of both parties transacting business.

Think of it this way: your identity, often one of many username and password combinations today, is tied to each site you visit, each transaction you make. The Next Identity Model dictates that your identity will live outside of any site, any transaction, and become a thing of value, an actual asset, unto itself.

Issue: What credit did. What identity needs to do.

-Trust and security Established a secure, trusted system that ensured people could purchase and business was paid. Establish a secure, trusted system that ensures that identities can access and systems allow that access securely, confidently.

Independence Created an entity independent of the bias of the vendor. This enabled disputes to be resolved transparently and equitably and processes that equally served everyone. Create an entity independent of the bias of the system owner, i.e., Amazon, Yahoo, Walmart.com. This will enable disputes to be resolved transparently and equitably and processes that equally serve everyone.

Ease of implementation Made it painless for vendors and consumers to use their service. Make it painless for service providers and consumers to use the identity brokerage service. This will be a standards-based implementation that serves all equally.

Reduced liability Insulated stores from the liabilities of managing credit, and enabled them to concentrate on what they did best; the making and selling of goods, and eliminating the credit and administrative burden. Insulate the service provider from the vagaries of identity management, policy and liability. Enable business to concentrate on the business, not the technology.

Global access Made it possible to use their cards regardless of geography, taking care of all translation, monetary exchange rates and other previous impediments to global commerce. Allow services to consume location-independent identities, taking care of all local, state and international laws related to identities.

British citizens will be “seriously harmed” by breaches of the Government's identity card scheme and other national databases, a report by technology experts warned today.

The report, whose authors were commissioned by firms including Microsoft, BT and Symantec, says no database can be “100 per cent secure or failsafe” and that accidents and security breaches will occur.

Problems with liquidity and customer retention aren't the only challenges that banks will face in 2009. A report from Deloitte Touche Tohmatsu, "Protecting What Matters: 6th Annual Global Security Survey," says that the pressures brought on by the financial crisis are actually increasing banks' vulnerabilities to data breaches.

The growing popularity of social networks and the proliferation of mobile media such as remote devices and Web 2.0 applications are causing an extra load on internal and external security. More than half of financial institutions surveyed now restrict the use of social networks and instant messaging (53 percent and 58 percent, respectively).