Posts Tagged ‘security’

Newer posts »

Digital 9/11

08Jul10

This post is probably going to get me into trouble, but this stuff needs saying. There’s been a sudden outburst of sanity today about this topic, so I feel obliged to throw in my 2¢. A few weeks back I heard somebody say that we hadn’t yet seen a ‘digital 9/11’. I think what they […]


Filed under: security   |  Comments
Tags: , , , , , ,

The MAC hullabaloo

08Jun10

Kim Cameron has had lots of interesting things to say over the past few days about the security and privacy implications of harvesting MAC addresses in the wake of Google being somewhat caught out with their activities in this area. Today though he has a piece where I think he’s crossed over the Chicken Little line. In […]


Filed under: identity, security   |  Leave a Comment
Tags: , , , , , , , ,

Become a VIP for free (and get secure on the web)

06Oct09

A little while ago I put out a plea for stronger authentication for Google Apps, and it seems that my wish has been granted with Tricipher launching their myOneLogin for Google Apps[1]. I had tried myOneLogin before, and frankly wasn’t too impressed. This time things are different though, the issues I’d seen before with Chrome compatibility and […]


Filed under: identity, security   |  Comments
Tags: , , , , , , , ,

A good week for identity management

04Aug09

Two wishes granted – an API for XACML, and OpenID from Google Apps. Wish three – strong(er) authentication for Google Apps to make SaaS more secure.


Filed under: identity, security   |  Comment
Tags: , , , , , , , , , , , ,

Security conferences

30Apr09

Having dragged James into the debate about Pamela’s post, and having spent most of the week at a security conference I thought I’d throw some of my own thoughts into the ring. Let’s start with attendees, or ‘plankton‘ as Pamela calls them, and the idea that attendees learn something by going to conferences. I think […]


Filed under: security   |  Comments
Tags: ,

Persona – one year on

13Jan09

It seems that the term Persona is finally finding its way into common usage, and I’m encouraged by the recent posts by Nishant Kaushik and Mark Dixon.


Filed under: security   |  Comments
Tags: , , , , ,

Why I’m a NAC nonbeliever

12Jun08

I was recently speaking at a conference, and the subject of network access control (NAC) came up. At the time I gave a rather glib answer that ‘it’s not the network that you wish to control access to, but the data and services that wrap it’. That’s been my position for some time, but it’s […]


Filed under: security   |  Comments
Tags: , , , ,

Why trust != management, and what can be done about it

12Jun08

For most enterprises the essence of trustworthiness is their internal build, which normally comes in client and server flavours for a variety of ‘supported’ operating systems. Machines running this build are trusted to access corporate resources, anything else is kept out with policies, firewalls and mechanisms like network access control (NAC). That internal build is […]


Filed under: security   |  Comment
Tags: , , , , , ,

More on (limited liability) persona

16Jan08

Despite the lack of comments (yet) the post on persona has resulted in some good behind the scenes debate. Something that came out of this is that I agreed to post an illustration of how a legal entity fits into the persona illustration in order to effect the LLP concept: Sadly this still leaves us […]


Filed under: security   |  Comments
Tags: , , , , ,

Persona

09Jan08

OK, it’s time for my first serious post, and it’s not about a brand of fertility monitor. Persona is a term that’s increasingly being used in conversations around digital identity, but it’s not one that I typically find to be well defined.  The Wikipedia entry doesn’t help much, as it is about the more general […]


Filed under: security   |  Comments
Tags: , , , , ,
Newer posts »