Monday, June 04, 2007

Are we bogged down in authentication discussions?

Network World

Identity Management




Network World's Identity Management Newsletter, 06/04/07

Are we bogged down in authentication discussions?

By Dave Kearns

Identity gadfly James McGovern recently noodled on about the need to move the discussion from authentication to authorization (“XACML and Provisional Authorization”). He says, “The conversation needs to shift away from identity and authentication towards authorization as this is a bigger unmanaged problem within large enterprises that folks …in the identity crowd aren't talking about.”

Funny, that, as authorization – especially in terms of role-based authorization (known as “Role-Based Access Control, or RBAC) has been discussed up, down and sideways for a few years now. From the title of McGovern’s posting, you might get the idea that it’s really the thought of using the eXtensible Access Control Markup Language (XACML) that James wishes we’d do. But, as a quick look at the Oasis archives shows, the first paper on using XACML for RBAC came out over three years ago!

Still, there does need to be a determination that the authentication is done right before moving on. Because once the user is authenticated as a particular account-holder, it’s too late to impose safeguards on false identifications. Role-based access control, context-based access control and even directly granted access controls are all dependent on correctly identifying the entity seeking access.

The Security Standard - The Only Executive Summit Focused on the Business, Management and Strategic Aspects of Security

September 10-11, 2007 | The Fairmont Hotel Chicago
How do your security initiatives support company business goals? The answer to this question can make all the difference in gaining the corporate-wide support and resources you need to drive your security strategies. Uncover best practices and organizational strategies for achieving success by attending The Security Standard Conference. Click here for more details. Click here for more details

Ten years ago, we thought we had nailed authorization. Username/password was already recognized as generally insecure. Multifactor authentication was on the rise as smart cards and biometrics were introduced into the authentication mix. The discussion had actually moved beyond authentication to what I call the “three P’s”: Personalization, Prioritization and Privacy. The identity datastore was destined to become the holder of personalization data but with privacy protections for the user while the identity of the user, in an early use of role-based access controls, would determine the bandwidth and license use of applications (in the day when apps were licensed by concurrent usage). We thought the authentication discussion was over. But three unrelated events converged to change that. I’ll talk about those next time.

Event: The Association for Computing Machinery (ACM) will be sponsoring a “Workshop on Digital Identity Management” at it’s conference in Alexandria, VA, November 2, 2007. The topic is “Usability Issues for Identity Management,” and requests to present papers are due by June 21. See the Web site for details.

Webinar: Securent, Sun and First American Corp. are teaming up for a presentation called “Unified Access Management for the Secure, Compliant Enterprise” on Tuesday, June 12, 2007 at 10:00-11:00am PDT (1:00-2:00pm EDT). Register at the Securent Web site.

Things to do: My friend Marcus LaSance, at Siemans, has posted a survey of IdM practices, which he invites you all to participate in. This isn't to be a marketing tool for the company, but an effort to establish a current baseline for the identity landscape. Do take a few moments to complete the survey, honestly and accurately, and I'll be sure to let you know the results.


  What do you think?
Post a comment on this newsletter

TODAY'S MOST-READ STORIES:

1. Did Google's Street View spook even Eric Schmidt?
2. The IT department as corporate snoop
3. MLB doesn't get it
4. Avaya buyout rumors reveal VoIP market churn
5. Google Desktop vulnerable to new attack
6. Michigan man fined for using free Wi-Fi
7. Dell + Linux + Wal-Mart
8. Researcher: Don't trust Google Toolbar
9. E-mail scammers hide malware in fake IRS notices
10. Google makes Web applications work offline

MOST DOWNLOADED PODCAST:
Twisted Pair: No lonely cowboys at Interop 2007


Contact the author:

Dave Kearns is a writer and consultant in Silicon Valley. He's written a number of books including the (sadly) now out of print "Peter Norton's Complete Guide to Networks." His musings can be found at Virtual Quill.

Kearns is the author of two Network World Newsletters: Windows Networking Strategies, and Identity Management. Comments about these newsletters should be sent to him at these respective addresses: windows@vquill.com, identity@vquill.com .

Kearns provides content services to network vendors: books, manuals, white papers, lectures and seminars, marketing, technical marketing and support documents. Virtual Quill provides "words to sell by..." Find out more by e-mail.



ARCHIVE

Archive of the Identity Management Newsletter.


BONUS FEATURE

IT PRODUCT RESEARCH AT YOUR FINGERTIPS

Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details.


PRINT SUBSCRIPTIONS AVAILABLE
You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today.

International subscribers, click here.


SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here.

This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription.


Advertising information: Write to Associate Publisher Online Susan Cardoza

Network World, Inc., 118 Turnpike Road, Southborough, MA 01772

Copyright Network World, Inc., 2007

No comments:

Post a Comment