Posted February 27th, 2006 As always Bob has an interesting post out there. Taking up the issue of authentication, he issues this challenge:
“I believe that this community should commit itself to achieving the goal, before this decade is out, of providing every computer user with a strong authentication device and the infrastructure required for its universal acceptance.”
The post started my mental wheels turning. I 100% agree with Bob that current state of affairs for user authentication is unacceptable. He provides some great guiding points on what a better authentication system should look like. He says:
We need to get a strong authentication device into the hands of every man, woman, and child on the planet.
To do that, we’re going to need lots of strong authentication device providers and lots of innovation. The devices are going to need to be cheap, they’re going to need to be trivially easy to use, and they’re going to have to come in all shapes, sizes, and colors to fit with the widest possible variety of lifestyles. Continue reading "Authentication Obsession"...
Posted February 20th, 2006 Given a little time and some distance from the RSA Conference last week, I feel ready to comment on all the fun.
First, I can’t wait for RSA to be back in San Francisco next year… for a lot of reasons. The “last call at 11:00″ on Thursday harkened back to drinking in England. 11? Ask anyone in OASIS or the IETF and they’ll tell you, you can’t collude to make a new standard any time before midnight. Bob has an interesting conspiracy theory on why closing time is 11.
Second, RSA is always great to help put faces with names. I got to sit and chat with a bunch of interesting people. Granted, with all the people running around the convention center, it can get a bit overwhelming.
Third, I got to try out some new ideas on a variety of people from the press to analysts to other vendors in our space. Two things came up in these talks: policy interfaces and the second thing. (The second thing will be a separate post.) Reading Sara’s post on policy was refreshing. The Identity lexicon is a strange one. We use words that have multiple meanings. We use terms to hide the realities of market segments. Policy is definitely high on the list of overused and under-defined terms. Continue reading "Thoughts from RSA"...
Posted February 7th, 2006 Roles, Courion and Trusted Network Technologies
Between Rob and Dave, we’ve started a nice little set of discussions on roles. Since the boss and the CTO have weighed in, I figured it was my turn.
Roles have been a touchy subject. The industry has wandered a bit over the years to get to where we are now. I remember when role based access control (rbac) was losing a bit of steam and being upstaged by rule based access control (rbac). I used to tell customers, “NIST has it easy. They don’t have to sell anything. If you find that the first idea you had isn’t working, replace it with a new one with the exact same abbreviation. That way you can change what you are talking about without having to reprint the marketing material.” Now this was back in the day that Access360 and Waveset were going head to head. (Ah… the good old days.)
The industry has grown a lot since then. We (the industry and customer base) are ready to have more meaningful discussion about role lifecycle management. The US market is starting to come around to roles as new forms of technology can turn role lifecycle management from a painful expensive task into an ongoing dynamic process. We can talk about bottom-up versus top-down. We can look at the way policy and role definition intermingle in various applications. It is a great time to be working in this space. Continue reading "Roles, Courion, a Prediction for 2006, and RSA"...
|
|
what others say