Monthly Archives: October 2007

Information Card Miscellany

Bob Blakley summarizes the OSIS User Centric Interop demo at Burton Catalyst Europe. BMC didn’t participate in this one (we were there at the previous one in San Francisco). It sounded like it was a great success. Hopefully we see more events like this soon.

Mike Jones points to updated Information Card Icon usage guidelines from Microsoft.

Kim Cameron points to an interesting white paper on Information Card privacy issues in the EU.

There is an interesting discussion on Information Card usability issues between Paul Masden and Ashish Jain. You can pick up the discussion here.

There is also another discussion going on about Level of Assurance and a potpourri of other issues that you can pick up here.

There is this interesting article about Sharepoint moving towards a claims based model for AuthZ.

(Mirrored from TalkBMC)


Fat and Crazy!

Not a sparrow falls in the forest that doesn’t get blamed on global warming. Now researchers in Australia claim global warming will cause the following maladies: obesity, food poisoning, and mosquito-borne diseases, mental illness, heart attacks, strokes, and respiratory disease. From the article in Herald Sun:

Instances of obesity, food poisoning, and mosquito-borne diseases such as the deadly Ross River fever are also likely to rise as climate change raises average and extreme temperatures.

The Healthy Planet, Places and People report released yesterday, says mental health in rural areas is also likely to suffer from more frequent and more intense droughts.
Commissioned by Research Australia, the report predicts deaths from heart attacks, strokes and respiratory diseases, triggered by an increase in heatwaves, could triple by 2050.

For the sake of efficiency, perhaps they sould refocus their research on finding maladies that global warming won’t cause or worsen.

Global Warming Alarmism and Hypocrisy

The Today Show is going to try to raise awareness of what they see as human induced global warming by releasing an extra 25 tons of CO2 into the atmosphere.

The sad part is that this level of cluelessness doesn’t even surprise me.

Regrettable Privacy Decision

Apple is apparently going to force iPhone purchasers to use plastic. Naturally Apple doesn’t view this as a privacy issue.

But they should.

Basically Apple is saying that you can’t purchase an iPhone unless Apple knows who you are and what you are going to do with it.

[Full disclosure: I don’t own or use any Apple products.]

(Mirrored from TalkBMC)

A Modest Proposal


Sometimes I think Janus, the Roman god typically depicted as having two faces should declared the official deity of Identity. I don’t mean that for the obvious reasons such that two (and sometimes four) faces is an obvious metaphor for multiple personas. I am also not referring the Roman belief that Janus was the god of gates, doors, and doorways.

No, I am proposing Janus because those of us who work in Identity are some of the most two-faced people you’ll ever meet. Take SSNs for instance. We simultaneously preach SSNs as the sacred crown jewels of your identity while giving away our SSN whenever asked for it. Just the other day I had to give my SSN and my dental insurance number to the secretary of an orthodontist that we are trying to schedule an appointment with.

Which leads me to ask the question, why do I consider my SSN so sensitive that I believe it must be protected, yet I am willing to divulge it when requested? It’s because the SSN has evolved over time from being an accounting artifact to being a shared secret used for authentication, a role for which it was not intended and is not suited.

So how then could you change the rules of the game? One person trying to change the rules of the game is Todd Davis the CEO of LifeLock. He publishes his SSN openly in the LifeLock adds and on their web site. He claims to be so confident in their identity theft protection service that he can give the world his SSN without worry.

But I have half-Swiftian Modest Proposal to change the game without needing the LifeLock or similar services. The government could announce a date on which they will start publishing a complete list of names and SSNs. Companies would have until that time to stop using SSNs as an authentication mechanism. Once the SSN is public domain there would be no reason to worry about protecting it. And no one would ask you for it. In fact it would no longer be needed for anything that did not involve tax information.

(Mirrored from TalkBMC)

Sid Doesn’t Do Facebook

Sid doesn’t do Facebook and makes the point about giving identity thieves yet another place to try to get your personal data. An unrelated article discusses the risk posed by session stealing.

I will now relate the two. Facebook doesn’t seem to support SSL for anything other than authentication. I tried going to I could authenticate, but every page I went to after that switched back to HTTP.

Session stealing is the biggest security risk that isn’t being discussed. If your site is not using SSL for all post authentication access, your data is vulnerable. Especially if you are accessing it in a public Wi-Fi network.

Facebook should allow SSL access as an option for the more security minded user. Until that happens I’m sticking with Sid.

(Mirrored from TalkBMC)

IdM-BSM Integration

If you have been following BMC for the past couple of years you have probably noticed a strong emphasis on Business Service Management (BSM). The Identity Management group is no exception.

If you are going to be at the Gartner Identity and Access Management Summit in LA, please stop by and see our booth. We will be talking our integration between IdM and BSM. One really interesting demo to see is our integration between IdM and the Remedy Service Request Manager and Help Desk.

Unfortunately I won’t be there, but if you are interested in either IdM or BSM there will be very knowledgeable people there to discuss it with you.

(Mirrored from TalkBMC)