Hello my friends and colleagues on the East coast of the US!  NASA is watching over you!

Hope you remain safe from the ravages of this big storm.

Ironically, a couple of weeks after the @OracleIDM #authchat Tweet Jam about trends in authentication was held, NIST released DRAFT Special Publication 800-63-2, Electronic Authentication Guideline, over 110 pages of scintillating reading on the subject:

This recommendation provides technical guidelines for Federal agencies implementing electronic authentication and is not intended to constrain the development or use of standards outside of this purpose. The recommendation covers remote authentication of users (such as employees, contractors, or private individuals) interacting with government IT systems over open networks. It defines technical requirements for each of four levels of assurance in the areas of identity proofing, registration, tokens, management processes, authentication protocols and related assertions. This publication will supersede NIST Special Publication 800-63-1.

No, I haven’t read the entire report, but I did skip forward to page 102 because the table of contents promised a discussion of “Password Entropy,” and I really like the word “entropy.”  But alas, the most profound thing I read was the obvious: “Empirical and anecdotal data suggest that many users choose very easily guessed passwords, where the system will allow them to do so.”

Enjoy!

A interesting article published Sunday in Marketing Land was entitled, “Game Over: Twitter Mentioned In 50% Of Super Bowl Commercials, Facebook Only 8%, Google+ Shut Out.”  According to the article,

Twitter was mentioned in 26 of 52 national TV commercials — that’s 50 percent of the spots that aired during CBS’ game coverage. Facebook was mentioned in only four of those commercials — about eight percent. Google+, which is reportedly the No. 2 social network in the world, wasn’t mentioned at all.

At first blush, it would seem that Twitter might be gaining on Facebook in popularity.  However, I think another reality is at play here.  Twitter is really a broadcast medium – ideally suited to quick 30 second commercials of the Superbowl variety.  Plus, hashtags are easy for advertisers tto include in a commercial and easy for readers to reference after the fact.

Facebook is more of a relationship medium – better suited to conversations among people and without the relative ease of using hashtags.

But this is interesting just the same.  Marketing experts and wannabees will be debating over this for months.  Will Facebook start supporting hashtags in some interesting way?

My Dad once told me, “If you keep your eyes and ears open, you’ll learn something new every day.”

Today, I stumbled across that new thing on Twitter.  Thank you @rmogull, for pointing out @451wendy‘s blog, “Idoneous Security.”

What a great word! It describes just how much security we need – the appropriate amount.  Not too much, not too little, just idoneous.

Plus, for good measure, Wendy’s blog post today was hilarious.

This week’s Oracle Information InDepth Security newsletter, “Inside Out Edition,” featured comments from Vadim Lander, Oracle’s chief identity architect on key trends that will shape identity management in 2013 and beyond. The trends he described are:

1. Mobility Is Gaining Momentum
2. Identity Management as a Service Is Emerging
3. A Trend Towards Portable Identity
4. Authentication Services Are Evolving
5. Organizations Continue to Move from Silos to Centralized Systems

I was particularly intrigued by his comments on portable identity:

I expect Oracle customers using Oracle applications via SaaS will increasingly use their Oracle Cloud identity as the identity for a chunk of their user populations, rather than trying to maintain multiple identities in their on-premises system.  Since Oracle is already maintaining a cloud identity for every Oracle Cloud user, that identity is portable as far as the user is concerned. Even if users leave the organization, their Oracle identity can still belong to them as they change jobs. Just as your Google or Facebook identity can provide portability, your Oracle identity may be able to provide the equivalent in a business context.

Oracle as businss IdP?  Intriguing thought.