[Log In] []

Exploring the science and magic of Identity and Access Management
Wednesday, July 26, 2017

Passwords and Buggy Whips, Revisited

Identity, Information Security
Author: Mark Dixon
Tuesday, May 9, 2017
10:02 am

Whip

StrongPassword large

Eight years ago this month, I posted a short article on this blog entitled, Passwords and Buggy Whips.

Quoting Dave Kearns, the self proclaimed Grandfather of Identity Management:

Username/password as sole authentication method needs to go away, and go away now. Especially for the enterprise but, really, for everyone. As more and more of our personal data, private data, and economically valuable data moves out into “the cloud” it becomes absolutely necessary to provide stronger methods of identification. The sooner, the better.

I commented:

Perhaps this won’t get solved until I can hold my finger on a sensor that reads my DNA signature with 100% accuracy and requires that my finger still be alive and attached to my body.  We’ll see …

So here we are.  Eight years have come and gone, and we still use buggy whips (aka passwords) as the primary method of online authentication.

Interesting standards like FIDO have been proposed, but are still not widely used.

I was a beta tester for UnifyID‘s solution, which used my phone and my online behavior as multiple factors.  I really liked their solution until my employer stopped supporting the Google Chrome browser in favor of Firefox. Alas, UnifyID doesn’t support Firefox!

We continue to live in a world that urgently needs to be as rid of passwords as we are of buggy whips, but I don’t see a good solution coming any time soon.  Maybe in another eight years?

 

 

Comments Off on Passwords and Buggy Whips, Revisited . Permalink . Trackback URL
WordPress Tags:
 

Blockchain – Enabling the Fourth Phase of Identity?

Identity
Author: Mark Dixon
Friday, May 5, 2017
10:49 am

Blockchain

The most intriguing work in the Identity world today is the potential application of Blockchain/Distributed Ledger technology for user-focused Identity Management.

I am certainly not a blockchain expert, but I believe these concepts have the potential to solve several nagging problems that have been facing us for many years, including:

  1. Individual users can confidently leverage their own identities across multiples organizations, including employers, government agencies, online vendors, etc.
  2. Multiple organizations across public and private sectors could rely on digital identities just as confidently as these organizations currently relay on identification documents such as passports, drivers licenses, etc.
  3. The huge proliferation of multiple identity relationships that must be set up for individual users to access and use online resources could be drastically reduced.
  4. The overall digital infrastructure for managing identities could be significantly simplified. 
  5. The ability to secure digital identities could be significantly improved in an increasingly hostile online world.

We certainly aren’t there yet, but I am encouraged by work being done.  Some of the recent articles I have read on the subject include:

BlockChain TechnologiesThat Go Beyond Bitcoin.  Item 3 of 6 is “Digital Identity.”  

Blockchain technologies make tracking and managing digital identities both secure and efficient, resulting in seamless sign-on and reduced fraud.

The Path to Self-Sovereign Identity, blog post by Christopher Allen: 

I want to share a vision for how we can enhance the ability of digital identity to enable trust while preserving individual privacy. This vision is what I call “Self-Sovereign Identity”.

Christopher outlines four broad stages since the advent of the Internet:

  1. Centralized identity
  2. Federated identity
  3. User-centric identity
  4. Self-sovereign identity.

He then proposes “Ten Principles of Self-Sovereign Identity” that appear to provide a foundation upon which to construct standards and systems to build a real “Fourth Phase” identity system:

  1. Existence. Users must have an independent existence. 
  2. Control. Users must control their identities.
  3. Access. Users must have access to their own data.
  4. Transparency. Systems and algorithms must be transparent. 
  5. Persistence. Identities must be long-lived.
  6. Portability. Information and services about identity must be transportable.
  7. Interoperability. Identities should be as widely usable as possible.
  8. Consent. Users must agree to the use of their identity.
  9. Minimalization. Disclosure of claims must be minimized. 
  10. Protection. The rights of users must be protected.

The following two articles appear to draw heavily from the concepts presented by Christopher Allen.

The Journey to a Self-Sovereign Digital Identity Built on a Blockchain.  According to IBM’s Jai Singh Arun

Permissioned blockchain technology provides core capabilities that enable a trusted digital identity network to build and operate.

I agree that blockchain technology is essential to achieving the goals outlined by Christoper Allen.

A Self-Sovereign Identity Architecture. (PDF file) A topic paper from the ID2020 Design Workshop:

to identify what a self-sovereign architecture would look like for the Web as well as a number of technical requirements of such an architecture. This topic paper outlines that proposed architecture and its primary components and actors.

It is good to see that smart people are working together to explore how to transform these foundation principles into reality.

IEEE launches standards program focused on blockchain and identity

Technical organization and standards leader, IEEE, is launching a new program to create standards around consumer and patient data protection, specifically as it relates to blockchain and identity. Called, Digital Inclusion through Trust and Agency, the initiative will bring together technology innovators, policy experts and academic researchers to address the topic.

Standards will be necessary to make blockchain – based identity systems pervasive in the world.

Blockchain-based Identity meets the Sovrin Foundation. According to Phil Windley, Chair of the non-profit Sovrin Foundation:

Sovrin is building a scalable, privacy-protected, auditable (based on time-stamped data written to the distributed ledger) ecosytem empowering individuals to manage their identities, support granular selective disclosure and provide organizations with trusted connections to individuals. 

I am impressed with the work the Sovrin Foundation is doing.  The fact that an independent, non-profit organization has been established to be the independent overseer of a blockchain-based identity service seems to provide a solution to the inevitable conflicts of interest that exist if organizations like banks, credit bureaus, credit card issuers or the government provide identity services.

I am working to better understand the concepts and challenges in this exciting area.  It is going to be a fun ride.

 

 

 

 

Comments Off on Blockchain – Enabling the Fourth Phase of Identity? . Permalink . Trackback URL
WordPress Tags: ,
 

Oracle Identity Cloud Service

Cloud Services, Identity, Information Security
Author: Mark Dixon
Tuesday, October 18, 2016
10:28 am

This morning, I watched the launch webcast for the Oracle Identity Cloud Service  a cloud native security and identity management platform designed to be an integral part of the enterprise security fabric.

This short video, shown on the webcast, provides a brief introduction:

 

Comments Off on Oracle Identity Cloud Service . Permalink . Trackback URL
WordPress Tags: ,
 

Identity as a Business Enabler – A New Concept?

Business, Identity
Author: Mark Dixon
Wednesday, June 1, 2016
4:22 pm

Foundation

Sometimes, I get impatient with the pace of progress in the Identity industry in general and certain companies in particular.  Yesterday, I listened to a presentation where the speaker was extolling the virtues of thinking of Identity and Access Management as an enabler for Digital Transformation, not just a defensive protector of data and systems.  He spoke as if this were a startling new concept.

I looked back in my blog and found a couple of entries that show at least some of us considered Identity to be a key business enabler a decade ago:

From May 2005 (the first month I blogged)

Viewing Identity Management as a business enabler rather than just a cost-reduction vehicle or compliance assistant allows us to think beyond the constraints of how we do business now. Just think of how many more customers you could serve, how many more services you could deliver and how many more partner relationships you could leverage if you knew that identities of all participants were highly secure but highly connectable!

From January 2007

Identity is an essential, core enabler of online business. Identity must not be an afterthought, a necessary evil, or a function forced by government regulation. It is more properly recognized as a key business enabler. The modern business paradigm of delivering highly personalized service to individual consumers demands that Identity is at the core of the business process.

It is a concept that is still valid today.  I’m glad to see more folks are catching on.

 

 

My 11 Years Blogging on Identity

Blogging, Identity
Author: Mark Dixon
Friday, May 13, 2016
3:00 pm

Eleven

Eleven years ago today, on May 13, 2005, also Friday the 13th, I wrote my first post for this Discovering Identity blog, then hosted on the Sun Microsystems blog server.  In my maiden post, entitled Sun-Microsoft Interoperability – Focus on Identity Management, I wrote about Scott McNealy and Steve Ballmer speaking about enabling interoperability between Microsoft and Sun platforms.  

In line with my focus on Identity Management, I commented:

Identity Management is the key to enabling interoperability. It is the pivot about which the Microsoft/Sun relationship turns. Why – because Identity, by its very nature, transcends platforms. Regardless of which application or platform is being used, a user’s basic identity doesn’t change. So, in a naturally heterogenous world, an ability to rise above the differences between computer platforms is necessary if companies are to reach goals of efficiency and connectivity they require for business success.

Although I might now change a word or two in that paragraph, the essence of the statement still holds true –  Identity is definitely a key enabler for digital interactions among people, systems, applications and devices.

As a novice blogger, I also commented about my excitement in joining Sun the previous October:

I’m delighted to be here, on the front lines of a market with high customer demand, multiple business benefits, interesting innovation, strong competition and real-world results.

It turned out that publishing my blog was the single most beneficial thing I did for my career at Sun. It opened doors, solidified my credibility, triggered new opportunities and launched new friendships with people all over the world.

A lot of water has passed under the proverbial bridge in the last eleven years. Just think – my blog is older than the iPhone and almost as old as Facebook!  Once a formidable giant, Sun Microsystems is no more. Interesting terms like the “Internet of Things” and “selfie” hadn’t yet been invented when this blog was launched. The number of channels for sharing information on the Internet has skyrocketed exponentially since then. But the content of this blog still hangs around. 

Although the frequency of my posts diminished dramatically after joining Oracle six years ago, and my blog’s popularity in the IAM industry certainly waned, I still find it enjoyable to make my little contribution to the blogosphere every now and then.

It makes me wonder, what will the next eleven years bring?

Comments Off on My 11 Years Blogging on Identity . Permalink . Trackback URL
 

Digital Transformation: Why Security and Privacy Matter

Identity, Information Security, Internet of Things
Author: Mark Dixon
Wednesday, May 4, 2016
12:26 pm

Yesterday, I enjoyed watching a Kuppinger Cole webcast entitled, “Digital Transformation: Why Security and Privacy Matter,” presented by Martin Kuppinger, Principal Analyst, Kuppinger Cole, and Jackson Shaw, Identity Management Expert, Dell Security:

Digital technology has changed our society in an appreciable way. Just as our personal lives are being transformed digitally, the same happens in corporations and with our traditional technology solutions. The digital transformation affects everything from customer experience andoperational processes to business models and IT focus. Even software development is being digitally transformed. This leads to new security and privacy challenges: In IoT and digital transformation, organizations have to deal with more identities and relations than ever before. 

I was impressed by Martin Kuppinger’s discussion about what Digital Transformation really is.  I think some people take a very narrow, IT-centric view of Digital Transformation, but Martin took a much broader view, stating that Digital Transformation impacts every part of an organization.

The eight fundamentals of Digital transformation include:

  1. The Digital Transformation affects every organization
  2. The Digital Transformation is here to stay
  3. Digital Transformation is more than just IoT
  4. Digital Transformation mandates Organizational Change
  5. Everything & Everyone becomes connected
  6. Security & Safety: not a dichotomy 
  7. Security is a risk – and an opportunity
  8. Identity is the glue – who or what may get access to what?
As an Identity guy, I particularly liked the eighth statement.  The biggest thread weaving through the following chart is complexity – expanded interaction among multiples of almost everything.

KCIdentity

Jackson Shaw pointed out that Identity is evolving, from its initial focus on security and lowering operating costs, towards the goal of “Identity Transforming Customer Outcomes.”  Digital Transformation is all about enabling businesses to disrupt the old legacy way of doing things in favor of providing new, innovative products and services that deliver real value.  Certainly, Identity is a vital enabler to make that happen.

Identityevolution

Comments Off on Digital Transformation: Why Security and Privacy Matter . Permalink . Trackback URL
WordPress Tags:
 

Kuppinger Cole: Computer-Centric Identity Management

Identity, Information Security, Internet of Things
Author: Mark Dixon
Wednesday, April 27, 2016
8:16 am

Yesterday, I enjoyed attending a webcast entitled, “Computer-Centric Identity Management.” Led by Ivan Nicolai, Lead Analyst at Kuppinger Cole, the presentation was subtitled, “From Identity Management to Identity Relationship Management.  The changing relationship between IAM, CRM and Cybersecurity.”

I found the presentation to be concise, informative, and thought-provoking – particularly the concept that the IAM practitioner must transition from the role of “protector” to “enabler”.

I think the following diagram does a good job of illustrating the relationships people have with organizations, mobile communication devices and other devices in the growing world of IoT. Identity Relationships are critical in enabling the potential of Digital Transformation.

Kc

Comments Off on Kuppinger Cole: Computer-Centric Identity Management . Permalink . Trackback URL
 

2016 Data Breach Investigations Report

Identity
Author: Mark Dixon
Tuesday, April 26, 2016
7:39 am

VerizonBIR2016

Verizon’s 2016 Data Breach Investigations Report (DBIR) is now available to download:

The 2016 dataset is bigger than ever, examining over 100,000 incidents, including 2,260 confirmed data breaches across 82 countries. With data provided by 67 contributors including security service providers, law enforcement and government agencies, this year’s report offers unparalleled insight into the cybersecurity threats you face.

Enjoy!

Comments Off on 2016 Data Breach Investigations Report . Permalink . Trackback URL
 

Digital Business – Do We Have the Right Buzzwords?

Business, Identity
Author: Mark Dixon
Monday, December 7, 2015
9:17 pm

Today at the Gartner IAM Summit today I heard the term “Digital Business” dozens of times.  Do you think we have the right collections of buzzwords to describe that trend?

Buzzwords

Thanks to the Marketoonist for the insightful drawing!

Comments Off on Digital Business – Do We Have the Right Buzzwords? . Permalink . Trackback URL
 

Enabling Digital Transformation with REST API

Identity
Author: Mark Dixon
Friday, September 4, 2015
3:39 pm

I was recently introduced to a powerful new tool created by the folks at Persistent Systems, a long time Oracle development and systems integrator partner. The Oracle Identity and Access Management platform has a very rich set of Java APIs that enable developers to access nearly all of the functionality this platform from external applications.  The challenge is not completeness, but complexity.  To take advantage of this rich API set, external developers have to know much about the internal workings of the IAM products and the intricacies of writing the Java code to access the APIs.

The Persistent Systems engineers have developed a REST API on top of the Oracle Identity Governance Java API that exposes OIG capabilities in a much simpler, more “process friendly” way. For example, a few services available are:

  • User Access Request
  • Get User’s Provisioned Roles
  • Acting on Pending Authorizations
  • Authenticate User
  • Authorize User

… and the list goes on.

How would you like to translate those “business level” requests into Java API calls?

To demonstrate the capability of the REST API, a developer at Persistent Systems created the application shown in the image below, with a clean, easy-to use interface for OIG approvals and certifications – all without being an expert in Java or the detailed processes within OIG.  The iPhone and Apple watch images include screen shots from my phone and watch.  It really does work!

The most important thing to consider is not the neat user interface – although it has some cool features – it is how an intelligently constructed REST API can provide development agility, application flexibility and rapid deployment, all essential enablers for digital transformation.

Persistent Systems

 Leonardo Da Vinci has been credited with the wise statement, “Simplicity is the ultimate sophistication.”  I think Leonardo would like this approach.

Comments Off on Enabling Digital Transformation with REST API . Permalink . Trackback URL
WordPress Tags: , ,
 
Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.