Converging on authentication

Identity Management This newsletter is sponsored by Nokia Make the most of your mobile gear Download our Free Executive Guide and learn how Network IT professionals are getting the most out of their mobile devices and improving mobile security. You'll also get the scoop on upcoming mobile tools and technologies and how they may impact your enterprise. Network World's Identity Management Newsletter, 06/06/07 Converging on authentication By Dave Kearns Last time out we were talking about how the identity discussion in the late nineties was moving beyond authentication to the many wonderful things we could do with identity. But, as I mentioned, three things converged pushing authentication – as the keystone of all identity-based transactions – back into the forefront where it still can be seen to dominate identity discussions. In 1996, the U.S. congress passed the Health Insurance Portability and Accountability Act (HIPAA) whose primary goal was to allow folks to move their health insurance coverage with them as they changed jobs. It also made provisions for electronically moving health and medical data around, but this wasn’t talked about much (outside of medical circles, that is) for a few years. In 1999, the U.S. congress passed the Gramm-Leach-Bliley act which allowed the merger of financial institutions. But among its provisions were controls on the collection, protection and dispersal of client’s personal information. Finally, in 2002, the U.S. Congress passed the Sarbanes-Oxley bill, setting new standards for accounting and auditability of corporate financial records. In part, this mandated active approval (called “attestation”) of employees’ access to financially important data. All three of these legislative acts (along with others both in the U.S. and around the world) are lumped under the rubric “Regulatory Compliance” and require almost failsafe authentication of users. The Security Standard - The Only Executive Summit Focused on the Business, Management and Strategic Aspects of Security September 10-11, 2007 | The Fairmont Hotel Chicago How do your security initiatives support company business goals? The answer to this question can make all the difference in gaining the corporate-wide support and resources you need to drive your security strategies. Uncover best practices and organizational strategies for achieving success by attending The Security Standard Conference. Click here for more details. Click here for more details In September of 2001, in reaction to the Microsoft announcement of the “Hailstorm” initiative, Sun, some of its partners and some of its major clients in travel, entertainment, finance and retail got together to launch what was supposed to be temporarily called the “Liberty Alliance.” Thus was launched the identity federation market which was really all about Web-based single/simplified sign-on (SSO) – just another phrase meaning “authentication.” Unfortunately for the Liberty Alliance, other events in September, 2001 overshadowed its birth. The 9/11 tragedy unleashed an epidemic of security measures all designed to show that the government was "Doing Something" to protect its citizens. And, fortunately or unfortunately for us, that “something” almost always involved identity and authentication – from the infamous “no fly” lists to the misnamed Real ID Act. Government regulation, Web site ease of usability and misplaced security measures all converged at the start of the 21st century to elevate authentication to a higher level of discussion than ever before. Not only were network managers, e-mail administrators and directory junkies talking about it, but bureaucrats, marketing people and average folks-in-the-street became engaged in the authentication discussion. This produced much smoke (or fog) without any real advancement in the technology. But it has kept us from moving on to other, more interesting, aspects of identity. Perhaps it is time to move the discussion along, but each of us must play a part in doing that if we feel the time is right. Events: My plea last week for an “Identity Faire” has gotten some traction (both good and bad). Mark Macauley, Jackson Shaw and Kaliya Hamlin have each blogged their thoughts. I’d like to hear yours, also.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. 5 new ways to authenticate users 2. FAQ: What Avaya going private is all about 3. What Google bought in the past 12 months 4. Churn in the VoIP market? 5. Will Cisco suffer IBM's fate? 6. Firefox flaws raise Mozilla security doubts 7. Adult filmmakers taking their lumps on ‘Net? 8. Avaya goes private in $8.2B deal 9. Slideshow: 5 new ways to authenticate users 10. Stealthy attack serves malicious code only once MOST-READ REVIEW: How low can your data go with virtual tape libraries?

Contact the author: Dave Kearns is a writer and consultant in Silicon Valley. He's written a number of books including the (sadly) now out of print "Peter Norton's Complete Guide to Networks." His musings can be found at Virtual Quill. Kearns is the author of two Network World Newsletters: Windows Networking Strategies, and Identity Management. Comments about these newsletters should be sent to him at these respective addresses: windows@vquill.com, identity@vquill.com . Kearns provides content services to network vendors: books, manuals, white papers, lectures and seminars, marketing, technical marketing and support documents. Virtual Quill provides "words to sell by..." Find out more by e-mail. This newsletter is sponsored by Nokia Make the most of your mobile gear Download our Free Executive Guide and learn how Network IT professionals are getting the most out of their mobile devices and improving mobile security. You'll also get the scoop on upcoming mobile tools and technologies and how they may impact your enterprise. ARCHIVE Archive of the Identity Management Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007