Identity and Access Management (IAM)

October 2007 - Posts

• CA Receives SAML 2.0 Certification from the GSA’s E-Authentication Solution

  Excuse me while I blow our own horn a bit via the title of this blog. I recognize that excessive horn-blowing is not blogger couth. I do have a more general point to make in this blog – that the technology particulars of federation systems still do matter. But, first the facts. Recently CA and five other IAM vendors received certification from the GSA’s E-Authentication Solution for the GSA’s federation implementation that is based on SAML 2.0. To find out more about the GSA’s E-Authentication initiative please check out their very informative web site here: http://cio.gov/eauthentication/   To get a listing of the currently approved vendors go this page: http://www.cio.gov/eauthentication/documents/EAopensIOlab.pdf   The E-Authentication Solution (nee Initiative) has been around since 2002 (almost as long as standards-based federation itself) and has been very innovatively applying the concepts and standards around identity federation to particular needs of the US government. However, anyone interested in identity federation, whether inside or outside of government, can benefit from the approach that the E-Authentication Solution has taken. They very nicely have posted the main documents that make up their “circle of trust” or “federation ecosystem agreements”, so maybe you could borrow some ideas from their foundational documents. They are on the above web site for free downloading.   Getting back to the SAML 2.0 certification process just completed...many people with an opinion about federation, myself included, say that accomplishing federated SSO across organizations is now 80% about trust and how to accomplish and enforce it, and only 20% about technology. This certification is certainly all about the 20%. However, these types of interoperability activities still remain critically important to federation overall. Because of the nature of complex standards and specifications, reasonable technical people disagree about implementation details. And, of course, nearly every federation partner ecosystem has some unique implementation details and requirements. So, continuing to be diligent about interoperability and conformance testing remains critically important for federation adoptability.   The Liberty Alliance has also been doing important work in this area.  Check www.projectliberty.org for more detail   Getting some further third-party validation around this certainly puts a little bounce in our collective steps here in the CA IAM group and should give you every indication we will continue to stay on the forefront of the SAML federation technology we helped create. Share this post: Email it! | bookmark it! | digg it! | reddit! Posted Oct 29 2007, 10:25 AM by Matthew Gardiner with no comments Tags: IAM Trends, e-auth, authentication

• Thoughts From ISSE/Secure 2007 – We Are All In This Together

  I recently returned from a week in Warsaw, Poland where I presented at, and attended the ISSE/Secure 2007 (Information Security Solutions Europe) conference and reconnected with the city and people with whom I lived some 15 years ago. What is the ISSE/Secure 2007 conference? It bills itself as Europe’s only independent security conference. A primary organizer of the conference is ENISA, which is an offshoot of European Commission (EC) and was formed to advise and assist the EC, member states, and the European business community on network and information security issues and related legislative matters.   What struck me about this conference is that just by looking through some of the topics covered, which included; Identity Management, IT Security and the Law, Internet Crimes, Awareness Raising, and my personal favorite, Web service security (perhaps because I presented in this section), and many more, one quickly gets the sense that this conference really could be anywhere in world. We are all struggling with the same opportunities and challenges brought on by the Internet. From Polish banking regulators, to German computer scientists, American Product Marketing Managers, and many others, we were all there for the single goal of making it possible that the Internet and more particularly ecommerce over the Internet continue to develop and flourish with manageable risks and unbounded opportunities.   In many ways it was very apropos and personally poignant to have this conference in Warsaw, Poland. Once a country that was for nearly 50 years artificially cut off from its rightful place in Europe. Now with modern communication technology and of course the Internet, it is almost impossible to imagine the concept of building a wall to keep your people in and keep them isolated from the rest of the world. Not only is Poland modernizing very quickly relative to when I lived there some 15 years ago, but its scientists, engineers, and lawyers are right in the middle of making positive contributions to the next phase of the Internet’s development through evolved security technologies and legal frameworks.   Closing out this blog, I mentioned that for me personally this was also poignant trip. It was a lot of fun connecting and reminiscing with the family with whom I lived some 15 years ago. In many ways, their development is a microcosm of the country as a whole. For example, when I first lived with them they had a total of zero telephones, now for this family of 5 they have a total of 6 telephones. In addition, while I was explaining to them why I was in Poland, the lady of the house asked my opinion of a strange email that she had recently received apparently from her Polish bank urging her to log-in immediately by clicking the link… So, apparently the phishers are even attacking the Polish banking system and Polish consumers…We certainly are all in this together. Share this post: Email it! | bookmark it! | digg it! | reddit! Posted Oct 03 2007, 11:01 AM by Matthew Gardiner with no comments Tags: Anti-Spyware, Anti-Virus