Identity, Security & Me

Is the Olympics necessary?

Paul — Sun, 26 Oct 2008 22:50:19 +0000

In the current global economic crisis, it is really prudent to spend £9.2bn on the 2012 London Olympics. I’m sure the money could be put to better use…..

My First YouTube Post

Paul — Mon, 13 Oct 2008 22:08:03 +0000

I’ve decided to start posting videos to YouTube. Therefore, if you want a laugh at my poor attempt at Beethoven, please see here.

Is ALL water a wishing well?

Paul — Sat, 30 Aug 2008 22:22:47 +0000

I have this theory which seems to bear out no matter where I travel to in the UK…..

When I was a child I used to throw pennies into wishing wells and make a wish. As I grew up I noticed the security protecting the coins getting stronger (however, I digress).

What I have noticed now for a number of years is that any expanse of water contained in a public place becomes a public wishing well. You may notice that all of these places have coins thrown into them. These include water features in shopping centres as well as water fountains outside.

What happened to the good old wishing well and why do people find an urge to thrown money anywhere where there is water?

Date of Birth on Facebook

Paul — Sat, 30 Aug 2008 22:18:52 +0000

It still amazes me that so many of my friends are displaying their date of birth on their public facebook profile.

Don’t they realise how useful this is to potential Identity thief?

Identity Fraud has finally happened to me

Paul — Sat, 30 Aug 2008 22:17:35 +0000

Well its finally happened to me.

After been very careful with my credit card details over the years, last week I finally fell victim to Identity Fraud. Yes, whilst checking my credit card transactions online, I noticed a airline ticket that I certainly didn’t buy. A call to my credit card company revealed two further airline transactions that had not yet been posted onto my statement.

Within one day, 3 separate airline tickets had been bought on my card. Fortunately, the bank had noticed something suspicious and put a stop on my card. Of course, i’m fully covered by my credit card company. However, I can’t help thinking now whether my stolen details were a result of something careless I have done or whether it was a problem over which I had no control (i.e. insider fraud). Still, irrespective of which it is, I will be ever more vigilant when my replacement card arrives.

iPod Graveyard

Paul — Mon, 23 Jun 2008 21:00:53 +0000

Where have all the original iPods gone?

I have an 4GB iPod Mini. Its not that old and it serves my purpose. However, I seem to be the only person on the planet that has a pre-video iPod. What has happened to all of the people who bought older iPods. Do they just throw them away and buy new ones or is there some sort of iPod graveyard that they send them to?

Strange Acquisitions

Paul — Fri, 11 Apr 2008 10:40:24 +0000

There are some acquisitions within the Identity space that come as no surprise. For example, when Sun acquired Vaau as a knee-jerk reaction to Oracle’s acquisition of BridgeStream (sorry, I had to get that jibe in), it came as no surprise. Equally, as the other independent role management vendors get bought up, that will be expected also. The only slight surprises may come from who buys who.

However, every now and again a complete left field acquisition shocks the industry. This occurred at RSA with Hitachi announcing it had bought a major share in M-Tech. Everyone seems to be talking about it. Burton, Digital ID World, Dave Kearns, Bruce Schneier etc.

What next, Amstrad buying Courion?

iPlayer on Wii

Paul — Thu, 10 Apr 2008 10:24:24 +0000

Yesterday, the BBC announced the their iPlayer can now be run on the Wii through the use of the Internet Channel and that they even hope to provide a separate channel to remove the dependancy on the Opera browser.

I had to try it. How cool!!

Social Networks galore!!

Paul — Sat, 05 Apr 2008 22:41:02 +0000

I’m sure like me you are constantly getting invitations to the myriad of different social networking/web 2.0 sites out there. Personally, I have accounts on:

Facebook
LinkedIn
MySpace
Naymz
Plaxo
Del.icio.us
ClaimID
Technorati
and i’m sure there are others……

I don’t have the time to keep all of these up to date, never mind joining any more.

Looking specifically at the number of social networks out there, surely there has to be a point when these must start to consolidate their functionality. I can see it has already starting happening to a certain extent.

LinkedIn is designed for business relationships. Plaxo extends that so you can categorise people as either business or friends. Similarly, LinkedIn allows you to write an endorsement for someone, whereas, Naymz whole philosophy is based on reputation and references.

I don’t see how all of these sites can be sustainable as we move further into 2008.

OpenID in the Enterprise

Paul — Sat, 05 Apr 2008 22:30:32 +0000

As always, I am constantly talking to new people about Identity Management in the Enterprise. We always talk about the usual topics; provisioning, authentication, authorisation, audit etc. More and more recently I have been asked by people what my thoughts are on OpenID. Previously, these types of discussions were limited to the hardcore ID people such as the Identity Gang. But now, I seem to be getting asked the question more and more by people within the Enterprise. A number of times it has been people who don’t really understand what OpenID is, other than its one of the ‘new terms’. Others are more informed.

So what do I think of OpenID and its application in the Enterprise……

I think OpenID so far has done a lot for pushing forward Identity 2.0 and has seen a reasonable adoption within the ’social internet’ (blogs, wikis etc). There is definately a good use case for its application there. However, organisations have not yet really started to adopt this technology. There have been a couple, including Sun who announced an internal OpenID server for employees last year. However, in the main its uptake has been extremely limited.

I have no doubt that eventually OpenID will start to find a place within the Enterprise. However, at the moment, I really can’t see its application within the arena. The problem that I see Enterprises facing when looking at OpenID is the lack of trust in the Identity provider. Anyone can set up an OpenID server (indeed this blog is one) and use it to sign-on to OpenID enabled sites. However, where is the trust that I am indeed Paul Toal when I hit the target site. For enterprise, cross domain single sign-on, federation based on SAML (and the other standards) provides that pre-defined trust agreement. Clearly, what it lacks (and OpenID goes towards addressing) is the user consent.

As long as the trust issue is outstanding I don’t see why Enterprises would adopt OpenID for any transactions of any value (financial or otherwise). There is a big difference from posting a comment on a blog that I have signed onto with my OpenID Identity, to performing a business transaction with an Enterprise partner using my self-asserted OpenID.

The answer to this might be to ensure Enterprises host the OpenID server so that their partners can be assured of trust. However, isn’t that what standard federation today gives us. Do we actually want our employees deciding whether, as an employee their Identity information can or can’t be shared with other business partners?

Maybe I am missing the point (feel free to correct me), but at the moment, I just don’t see where OpenID fits within the Enterprise.

Technorati Tags: OpenID, federation, enterprise, trust