Back Again!

Its a been a while getting used to a new city and new organization. Well consulting has its own owes of travelling but its fun to meet new people and expand ones network. And now that I’m doing something more close to my heart – information security.

For the past few days, I’ve been trying to catch up with my reading and the blogrolls I follow. And there is a lot catching up…

Few things happened in the IAM world in the past few months, well other than the very important fact that I moved to a new position as a consultant, there have been a few new initiatives. One of those that I find interesting is Liberty Identity Assurance Framework . This is an attempt to formulate an Identity Trust service framework for the authentication especially in terms of federation. The framework is based partly on the e-Authentication Partnership (EAP) and the US E-Authentication Federation. This is being delivered by the Identity Assurance Expert Group of the alliance. They are focused on creating on ‘a framework of baseline policies, business rules, and commercial terms against which identity trust services can be assessed and evaluated’.

The IAF in its first version 1.1 presents a concept of assurance levels – which defines the degree to which the relying party (RP) would be confident of the electronic identity of the information that the Identity Provider presents to it. The framework presents four levels – 1 through 4 which correspond to 1 for little or no confidence, 2 for some confidence, 3 for High Confidence and 4 for a Very High Confidence in the asserted identities validity. It also defines these levels to a rationalized set of potential impact of the authentication errors. It also presented a Service Assessment Criteria which define the requirement for attaining these levels.

So this looks to be a positive step towards Identity Services especially in the SaaS domain. Albeit we will have to wait to see that open source solutions built around it and the framework remains vendor neutral.

The Password Conundrum

Sounds somewhat familiar right! Well most of us have this dillema everyday… I dont think I have to hire a ghost writer to write this puzzling story for me… My daily email vocab should be good enough to express the challenge we face everyday as we try to remember more and more passwords!

The First Login: Your System!
Imagine getting up in the morning on the 31st morning and trying to login into your system after a few failed attempts because you were forced to change the password after the mandetory 72 days you set for yourself…

The Second Login: Your eMail Account!
Wheather you want to check your personal email or official ones, you need to login somewhere. Even setting up your POP or IMAP accounts need you to have your passwords set in the outlook or netscape! So if unluckily you changed that too, you know there is another one little messy thing in the secret note you keep in your wallet!

The Second Login: Your bank account!
… then trying to login into your bank account to check if your salary was posted and you changed that too hurriedly to sync it up with your system password and then realized that the online site doesnot allow silly passwords and you end up setting up a super secret sleazy password! You mostly forgot it because it had to be a special character and you dont know what you chose. So you want to mail it to you… Grrrrr now this is bank site, its extra secure and you have to provide a primary and secondary ID to get the password mailed to you.
May be you were success full and had it mailed… but now you don’t remember which mail id you registered with! OMG! that is a tough one! So you frantically search through your old emails and finally recover it…

Well I am kind of scared about the whole scenario and wanted to end it there… but you know it very well that this is not the end of it… there is always one more to remember and one more to change each day!

The best you could do one day is get 8/10 passwords sync’d up! Lucky you, my best is 5/15! Now if I have to chose a bank, I go by how long they have the online password change and how easily I can reset it… not secure, but you know what I have had enough!

This is where I need some industry wide sign-me-once standard! Well I belive with federation there is going to be one and we will have remember less and less number of passwords to remember. There has been a lot of progress in this quest of a single sign on, including OpenSSO, Windows Live ID, SAML (federation), CAS, Shibboleth, OpenID etc. Two strong contenders in this race to create a single sign on experience is the OpenID project and SAML implementations. And I think each has its own strengths and limitations. In this ID wise trail we will discuss each of the existing and prevalent solutions as well explore new possibilities.

Meanwhile till the next stop, I came across this pretty interesting blog from Justen Stepka… Bon Reading..
http://www.jstepka.name/blog/2006/12/17/crowd-vs-saml-vs-liberty-alliance-vs-openid-vs-cas-vs-shibboleth/

Welcome to IAM Wise

Welcome readers and curious blog hunters, “digg”ers and “slash-dot”ters to my new blog! So what do you think about the blog title – the proclamation of a pompous, self conceited, egotist who’s up to no good! Well whatever you choose to use as the prefix, the ever so deceptive acronym for Identity and Access Management will turn out to be some profound self proclamation! And for those who know what IAM is, I believe, have learned to live with that perception.

Lets get back to business – more about this post, about the technology, business and the over all idea and finally of course something about me – the humble soul behind this profound proclamation!

I am (and now this is the real me:)) – trying to piece together all my blogs, scraps and notes together into one consolidated blog which will cover the Identity and Access Management space.
I will cover topics like, how to come up with a security model for identity management and access management. What are the tools and methods available. What are the analysts talking about when it comes to products. … and of course my usual rantings!

Why a new blog on Identity Management?! Well of course, everyone’s got a different perspective and the more the number of new ideas in any field, the better it gets. Its just my two cents space that I would like to contribute and expand this exciting field of technology. I would like to bring in the experience I have got as an application developer, a infrastructure analyst and a system architect together into this field and give it a holistic perspective.

Well… what’s the waiting for now! Lets get started… Hope you get here what you are looking for in the ever expanding field of IAM – and it makes you IAM Wise!

This blog is also available at: http://valmikim.blogspot.com/