Wednesday, February 20, 2008

The Laws and Flaws of Identity

Kim Cameron's Seven Laws of Identity

  1. Technical identity systems must only reveal information identifying a user with the user’s consent.
  2. The solution that discloses the least amount of identifying information and best limits its use is the most stable long-term solution.
  3. Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.
  4. A universal identity system must support both “omni-directional” identifiers for use by public entities and “unidirectional” identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.
  5. A universal identity system must channel and enable the inter-working of multiple identity technologies run by multiple identity providers.
  6. The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human-machine communication mechanisms offering protection against identity attacks.
  7. The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies.


And Mike Neuenschwander's Seven Flaws of Identity

  1. Failure of the weakest links mustn't lead to catastrophe - encrypting the channel doesn't stop dumpster diving.
  2. Not putting the role before the start role engineering is important, but it doesn't drive the project.
  3. Not every identity nail requires the technology hammer - technology may be fine, but without governance, it will fail.
  4. Use of a system invites abuse of it so test the architecture with attack vectors.
  5. Identifying things doesn't make them more secure - identification can improve security, but it's not the inevitable outcome.
  6. Identity isn't about the individual - it's about the relationship; identity management encompasses the services communities need for organization.
  7. There are a lot more than seven flaws.

posted by Tejas Lagad @ 3:40 AM 1 comments

Friday, June 23, 2006

Online articles...

Banking Security Summit, 2006
http://www.cxotoday.com/cxo/jsp/article.jsp?article_id=74090&cat_id=909

Network Computing feature on multi-factor authentication
http://www.nc-india.com/features/stories/64796.html

Technology Senate, 2005
http://www.networkmagazineindia.com/200511/eventsts200520.shtml

Access Management
http://www.cxolinux.com/India/News/Enterprises_Secure_With_Novell_Access_Manager_3/551-76894-1200.html

Access Management
http://www.expresscomputeronline.com/20061211/technology07.shtml

Next generation security threats - InfoSecurity June 2009
http://fanaticmedia.com/infosecurity/archive/June09/Portwise.htm

Identity and Authentication: Securing Future Digital Access
http://fanaticmedia.com/infosecurity/archive/Sep09/IDA%20Cover%20story.htm

Trends in Internet Banking Security
http://www.24framesdigital.com/iba/081009/tejas_lagad.html

How mobile is your banking?
http://economictimes.indiatimes.com/money-banking/How-mobile-is-your-banking/articleshow/5217563.cms

CRO Magazine (Nov 2009) - PortWise 4.8 Supports Cloud Security
http://www.finsight-media.com/html/int.htm

Cyber Crime: Gaining New Threat Vectors - InfoSecurity Nov 2009
http://fanaticmedia.com/infosecurity/archive/Nov09/Cyber%20Crime%20-%20Gaining%20New%20Threat%20Vectors.htm

Authentication Tokens: A paradigm Shift - InfoSecurity Feb 2010
http://fanaticmedia.com/infosecurity/archive/Feb10/Authentication%20Tokens%20story.htm

posted by Tejas Lagad @ 6:16 AM 0 comments

Tuesday, January 31, 2006

Seven identity management project risks

Mark Dixon has intiated a discussion on the Seven identity management project risks. Here they are:

1) Poor pre-project preparation.
2) Poor requirements definition.
3) Large initial scope.
4) Inexperienced resources.
5) Poor project methodology.
6) Scope creep (the project grows bigger each time someone takes another look at it).
7) Not using available support.

http://blogs.sun.com/roller/page/identity?entry=seven_identity_management_implementation_risks

posted by Tejas Lagad @ 4:39 AM 0 comments

Tuesday, January 10, 2006

Identity Management

Starting this new blog to focus on the concept that has taken the IT world by storm - Identity Management. Will post information, comments, trends, product reviews, best practices.

posted by Tejas Lagad @ 11:38 PM 0 comments