In a very refreshing article, Brendan Williams talks about the fallacies of securing systems based on compliance models, with an army of clerical staff working checklists to determine the security architecture for a new system. For a lot of my…
Category: Security
When reading Henk’s thoughts on DLP, I have to concur that DLP must go beyond simple dirty word filtering and similar technical attempts. DLP properly done must include a comprehensive scheme to protect proprietary information that should likely include a…
If (and that’s a big IF, I know) you know someone who is looking for a job in Identity Management, we have a job opening at MITRE right now: Goto http://tinyurl.com/ku3ax and search for req ID: 17068BR Job Title: Identity…
The Kantara User Managed Access (UMA) work group just published a press release about the recent Internet Draft they published with the IETF. Since the beginning, hData has looked into the UMA model as a very attractive patient-centric discretionary access…
Long overdue, here is a paper I published last fall on use cases and integration templates for distributed service architectures. While this is not necessarily the most advanced set of use cases, it is intended to guide implementation of technologies…
I meant to put this up for some time now – here is a paper I wrote on classifying a couple of functional service chaining use cases and potential security integration templates. It is intentionally not very intense, but I…
Service chaining is – in my mind – somewhat underappreciated as use case is identity management. It is being paid some lip service, but often put off as too hard to solve. Yet, many of the issues I face in…
Today, we released the hData technical specifications: hData Record Format and hData Packaging and Network Transport. This is the mail that went out to the mailing lists: Today we are releasing the first public version of the hData specification for…
IBAC, RBAC, ABAC … a lot of folks in identity land are currently investigating authorization models with a little more scrutiny. Mark Dixon has a nice piece up on his blog, covering some of the current trends in the commercial…
In an earlier article I talked about data ownership – or lack thereof – at a low, technical level. There are three principal technical actors: the physical custodian, the logical custodian, and the data originator. This article deals with the…