The secret leader in context-based authentication and authorization?
Context-based authentication and authorization is one of the topics which have the potenzial to become the next hype. I’ve posted twice on this subject, here and here and we had, led by Dave Kearns, a...
View ArticleOne approach for policy management
Some weeks ago Evidian, one of the European vendors in the Identity Management market, has announced that they are in the lead of an European research program for multi-domain policy management. The...
View ArticleAccess or Identity? Or Authorization? Or Entitlements?
Recently, I had several discussions around terms like Access Management, Authorization, and Entitlements. And I thought about what is in the center – is it the identity or is it access management? Some...
View ArticleA more efficient approach for managing file server ACLs?
Have you ever heard about Rohati? You should have. They are definitely amongst my list of really interesting vendors in the Identity and Access Management market and the overall security market. And...
View ArticleAgain: Identity Data Theft
Yesterday, news spread about the theft of millions of credit card dates at the US company Heartland Payment Systems, based in Princeton, New Jersey. Even while that might be one of the largest cases of...
View ArticleDynamic authorization management
Authorization management is becoming increasingly popular. But there are, in fact, two very different approaches: Static authorization management, where changes are provisioned to the target systems....
View ArticleWhy we need claims in Windows
Microsoft has introduced the concept of claims-based securitywith it’s “Geneva” project. Claims are sort of attributes which are provided by identity providers in the form of tokens and consumed by...
View ArticleFrom technology to business – the shift in Identity and Access Management
Being involved in a lot of advisory projects at end user organizations for some years now, I’d like to share some of the fundamental changes I observe. There is always a gap between what analysts like...
View ArticleDatabase Security – a strategic perspective
In the recent months I’ve done a lot of research around database security, talking with vendors like Oracle, IBM (Guardium), Sentrigo (now McAfee), Imperva, Bitkoo, and some others as well as with...
View ArticlePersons, Identities, Users, Accounts
Is there a mismatch between the reality in organizations and the implementations of at least several of the Identity Provisioning and Access Governance solutions when it comes to the representation of...
View ArticleSAML, SCIM – and what about authorization?
Cloud Computing is just another delivery model for IT services. However, due to the specifics of cloud services like multi-tenancy and many others, requirements sometimes are even higher than for...
View ArticleAnother dead body in IT? Or is XACML still alive?
Since my colleague Craig Burton has declared that SAML is dead, it seems to be in vogue among analysts to take the role of the public medical officer and to diagnose the death of standards or even IAM...
View Article
More Pages to Explore .....