Commentary by Mark Wahl, CISA
Discussions on organizing principles for identity systems
- Last updated 2010 February 27
(RSS 2 of titles and descriptions of this blog's posts from July 2007 to the present)
- (RSS 2 of titles only of this blog's posts from December 2004 to the present)
(SIOC RDF of titles only of this blog's posts from December 2004 to the present)
- Keywords:
assertion assurance attack auditing authentication authorization AX Burton CA CardSpace Catalyst certificate Certification claim DHCP directory disclosure DNS dynamic emerging federation FOAF HTML HTTP HTTPS identification identity IdP IETF independent InfoCard instance interoperability Java LDAP Liberty lifecycle log login mail management metadata metasystem method ontology OpenID phishing platform privacy protocol provisioning RDF Relying reputation resource RFC risk RP SAML schema security selector sessions social SSL standard tag talk transformation trust URI URL user-centric Wahl Windows WS-Trust X.500 X.509 XML
All of this blog's posts by date
RSA Conference 2010 (20100227)
Recent publication on ontology-based translation between directory schemas, 2009/7/6
Recent publications on anomalous directory client activity detection, 2009/4/17
Security, identity and access sessions at the 2009 RSA Conference, 2009/4/17
2009 TEC starts in a week, 2009/3/13
NIST draft SP 800-122 comment period ending, 2009/3/7
2009 TEC Directory and Identity keynote, 2009/3/6
Some Microsoft-led sessions on the metasystem scheduled for the 2009 RSA Conference, 2009/2/23
New NIST list of security controls, 2009/2/11
Recent publications on network authentication, or how can you be in two places at once?, 2008/10/3
Recent publication on validation of middleware failover behavior, 2008/9/3
Wikidentity provider?, 2008/9/3
Microsoft Identity Lifecycle Manager “2” beta news links, 2008/6/14
Trust vs the Distancing Effect, 2008/4/18
RSA Conference 2008 US, 2008/4/14
Peer-To-Patent public community patent application prior-art review and Ontology-based translation between directory schemas, 2008/3/24
Documenting microformats processes, 2008/2/3
Metadata in Personal Content Experience, 2008/1/28
Information Assurance for CS undergrads at UT Austin, 2008/1/4
digital identity book recommendation for 2007, 2008/1/2
(fwd) i-card hero ROCKS!!!!, 2007/12/30
Bob Blakley on outsourcing to the identity oracle, 2007/11/22
Closing ICANN Comment Period on WHOIS, 2007/10/27
52 What-ifs of Identity Science Fiction, 2007/10/4
OT Frivolous Blog and Clothing Store, 2007/10/3
Gartner Magic Quadrants for User Provisioning, 2007/10/2
Digital ID World presentation on CardSpace in credit card txns, 2007/9/25
Digital ID World presentation on LDAP in media asset metadata management, 2007/9/25
Digital ID World keynote by Jamie Lewis, 2007/9/25
Digital ID World Liberty Alliance IDDY Awards, 2007/9/25
Digital ID World and OpenID URLs, 2007/9/25
Digital ID World and an EAP-SIM PoC, 2007/9/25
Digital ID World panel on interoperability partners, and developer difficulties, 2007/9/24
Digital ID World: Convergence of Internet-scale Identity Systems, 2007/9/24
Digital ID World keynote: Kim Cameron on claims, 2007/9/24
Digital ID World keynote: Managing the Decentralization of Identity, 2007/9/24
Digital ID World opening keynote, 2007/9/24
Anti-utopian social networking #3 - the real world and its online representation, 2007/9/17
Data Sharing and fault tolerance, 2007/9/9
Identity Schema Value Syntax Restrictions at Data Sharing Summit Day 2, 2007/9/8
Identity Schema Metadata at Data Sharing Summit Day 1, 2007/9/8
Identity schema element metadata in RDFa, 2007/9/6
Timeline of WHOIS, the original Internet social network service, 2007/8/24
Identity research presentations at Hotsec: Horton, user-based attestation and opportunistic personas, 2007/8/23
Anti-utopian social networking #2, 2007/8/11
Report on the state of the art in software security assurance, 2007/8/10
"My" Story: biography in social networking services, 2007/8/10
Images in identity protocols, 2007/8/9
Identity Selection at the Data Link, 2007/8/8
Evolving the Category of Identifiers: Iceland in 1997-1998, 2007/8/7
Four scenarios for end user consent and involvement, 2007/8/7
Expressing facts in RDF N-notation, 2007/8/6
Extensible Friendly Predicate Notation, 2007/8/4
interpreting claims, assertions and opinions, 2007/8/2
A friend is someone who'll help you move...a profile, 2007/7/31
Anti-utopian social networking, 2007/7/30
Language options for scripting cross-platform RIAs in 1997, 2007/7/29
Issues with internationalizing domain names, 2007/7/29
Managing PKI trust anchors, 2007/7/26
Embedding SIOC in XHTML with RDFa, 2007/7/25
OpenID and 20 years of distributed systems, 2007/7/24
New MRD from Liberty Alliance, 2007/7/23
Attribute semantics are what you make of them, except when prohibited by law, 2007/7/23
Duck typing in directory access, 2007/7/22
Hello World: 90 years of user-centric graphics design in a global virtual community, 2007/7/21
Spaces vs places in Geraldine Fitzpatrick's Locales framework, 2007/7/21
Unsolved problems in cross-organizational identity protocols, 2007/7/20
Henry Story on FOAF and OpenID, 2007/7/20
Observations 1-5 for identity data sharing, 2007/7/19
Families of entries, 2007/7/19
Whose access controls enforce data sharing across social network services?, 2007/7/18
Metadata handling principles for press photos, 2007/7/18
NRL ontology for security policy, 2007/7/17
Updated Schemat Sources, 2007/7/16
Blog keyword and link clouds, 2007/7/12
Why geographic location specifications matter to identity, 2007/7/12
Beyond the display token, 2007/7/11
The current InfoCard display token, 2007/7/11
Future Directions in Identity Lifecycle Management: Identity Crossing the Firewall, 2007/7/10
Future Directions in Identity Lifecycle Management: Introduction, 2007/7/10
OASIS Provisioning WG work after SPMLv2, 2007/7/9
RDF-directed claim type transformation in the Schemat Selector, 2007/7/6
: John Fontana on the multivendor user-centric identity demonstration, 2007/6/30
: when is selector ceremony time?, 2007/6/28
user-centric technology demonstration, 2007/6/28
the two camps of attribute types, 2007/6/27
InfoCard implementation travails, 2007/6/27
survey of the state of the metasystem, 2007/6/27
Interlinked claims providers, 2007/6/27
Concordia meeting notes for sessions GM and GSA, 2007/6/26
Concordia meeting notes for session BC Government, 2007/6/26
Concordia meeting notes for sessions AOL and Boeing, 2007/6/26
can the IdP be hidden, or irrelevant?, 2007/6/20
composite role-based monitoring for task-structured activities, 2007/6/20
trust and access control papers from KHU, 2007/6/20
extracting data from links in social networks, 2007/6/19
Identity in paths in anonymizing networks, 2007/6/19
Attacks on anonymized social networks and fudging oracles, 2007/6/16
Modelling the effects of interoperability, 2007/6/16
Repositories responding to a breach with an offer of free credit monitoring, 2007/6/13
Some claims are more verified than others, 2007/6/13
Choosing an identity provider by altitude, 2007/6/12
Embedded and pure play identity providers and attribute validity, 2007/6/12
Multiple endpoint references in a WS-Federation AttributeServiceEndpoint, 2007/6/12
Don't touch my claims if you please, Mister IdP, 2007/6/11
User-centric identity metasystem research in the 1990s, 2007/6/11
Making Dynamic DNS more user-centric, 2007/6/11
Network steganography protocols for preceding 802.1X, 2007/6/10
Network steganography protocols for opening holes in the firewall, 2007/6/10
Attribute value security labels and signatures in X.501(2005), 2007/6/9
Basic and Simplified Access Control in X.501(2005), 2007/6/9
Network Egress Control using process graphs, 2007/6/8
Concordia and Catalyst in San Francisco, 2007/6/6
leveraging back-pointer information flow tags in reputation, 2007/6/6
privacy and tagging by image recognition services, 2007/6/5
signature linking and key revocation in direct anonymous attestation, 2007/6/4
Open questions on network admission in network access control, 2007/6/4
TCG Microsoft Statement of Health protocol, 2007/6/4
Paul Vixie on the DNS protocol, 2007/5/30
Value metadata in identity protocols, 2007/5/22
A Theory of Tags, Part 1, 2007/5/18
Unique identifiers for entries in LDAP and avoiding the recycling of names, 2007/5/17
Schema discussion at IIW, 2007/5/16
Unique identifiers for entries in X.500 manage recycling of names, 2007/5/15
Identity protocols in ad-hoc and disconnected networks discussion at IIW, 2007/5/15
Identity protocols in ad-hoc and disconnected networks, 2007/5/13
Issues with OpenID in ZeroConf networks, 2007/5/11
Discovering local identity services, 2007/5/11
Cross-organizational identity service schema discovery matrix, 2007/5/10
Cross-organizational identity service schema discovery: InfoCard, 2007/5/10
Cross-organizational identity service schema discovery: SAML2 and WS-Federation, 2007/5/9
Service (Schema) Modeling Language WG of W3C, 2007/5/8
"User-centric" RDF storage and transfer in the Identity Metasystem, 2007/5/8
Change to the URI of the Enrolled User Policy Profiles Attribute, 2007/5/8
Jeux Sans Frontières for user-centric identity, 2007/5/7
Project Liberty Individuals and Concordia update, 2007/5/3
University of Texas at Austin courses validated to NSTISSI 4011 and NSTISSI 4015, 2007/5/3
Trey Drake's Directory-enabled OpenID IdP implementation, 2007/4/26
Eric Norman's Open Questions for the Identity Metasystem, 2007/4/26
Language tags for OpenID values, 2007/4/26
Expressing identity metasystem attribute definitions in XHTML using RDFa, 2007/4/19
"Future Directions in Identity Lifecycle Management" presentation scheduled for Burton Group Catalyst NA 2007, 2007/4/13
history of identity management: automated payroll processing in the late 1950s, 2007/4/7
You are in a maze of twisty little accounts, all alike, 2007/3/30
Measuring risk in security investigations, 2007/3/30
Information Assurance in science fiction: outrunning the Bounty Bear, 2007/3/26
Information Assurance: audit trail aggregation in science fiction: the Bounty Bear, 2007/3/26
Java API specifications for LDAP-centric and directory-agnostic clients, 2007/3/23
Identity providers, relying parties and authorization claims, 2007/3/5
OpenID identity provider as a relying party, 2007/2/28
Enrolled User Policy Profiles Attribute, 2007/2/27
The Trust is Out There: Do we need practice statements for OpenID Identity Providers?, 2007/2/21
Do you know your OpenID URI?, 2007/2/20
Systems of reputation for identity, 2007/2/18
Capturing metadata of identity schemas, 2007/2/12
Identity relationship management and the Relational Continuity Sockets Layer abstraction, 2007/2/7
A good alignment, though not yet a grand unification, 2007/2/6
Assessment Techniques for Auditing Identity Management, 2007/2/5
Referencing privacy policies in LDAP, 2007/2/5
Multiple authentication, 2007/2/2
Phishing your Customers, Friends and Coworkers, 2007/2/1
A review of "Building and Implementing a Security Certification and Accreditation Program", 2007/2/1
Browser EV certificate validation for anti-phishing: an early study, 2007/1/26
The stockings were hung by the chimney with care, 2006/12/19
FYI Identity Schemas wiki, 2006/12/12
Is this your card?, 2006/11/22
Social engineering: Trust is just a five letter word, 2006/9/26
Assessing Identity Management Controls at the RSA Conference 2007, 2006/9/25
The trust is out there: PKI root certificates and risks to importing a managed card, 2006/9/20
The trust is out there: the mythology of PKI, 2006/9/18
PKIX specifications for cross-organization certificate discovery, 2006/9/11
Key management deployment concern for the InfoCard regions of an identity metasystem, 2006/9/11
discussion on schema mapping, 2006/9/11
Schemat, tools for ontology-driven identity schema mapping, 2006/9/9
Some recent internet-drafts, 2006/8/31
Burton Group Catalyst 2006: Burton Group Identity Keynotes, 2006/6/14
Schema ontologies: some considerations, 2006/6/8
Mail order selective disclosure of organizational role, 2005/11/30
Browsers Leveraging PKI for Anti-Phishing, 2005/11/23
Johannes Ernst's proposal for alternative to FOAF, 2005/9/13
Catalyst North America 2005: Identity Geometries: descriptive or restrictive?, 2005/7/15
ontologies for schema, continued, 2005/7/14
Catalyst North America 2005: Flaws of Identity?, 2005/7/13
Data loss and protection in an identity metasystem, 2005/6/23
Reverse engineering of schema, 2005/6/17
Schema and the single entry, 2005/6/17
Background: Web Ontology Language OWL, 2005/6/16
Background: SP-DNA metaschema, 2005/6/14
Directory access via Open Search RSS and reader annotation, 2005/6/9
Location and other attributes (Bob Blakley's response), 2005/6/6
Location and other attributes, 2005/6/6
Opting out of airport security checks, 2005/6/4
returning after parking, 2005/6/3
returning after parking, 2005/6/3
Digital ID World 2005, day 2, 2005/5/12
Digital ID World 2005, day 1, 2005/5/11
Repurposable identity management systems (part 2), 2005/5/10
Repurposable identity management systems (part 1), 2005/5/5
Privacy Policy Attributes for LDAP, 2005/02/28
Risk and liability in personal and enterprise identity management, 2005/2/12
Some naming attribute criteria, 2005/2/4
Historical review: Origin of LDAP personal naming attributes, 2005/2/2
Convergence in services vs protocols, 2005/2/1
Client implications of Kim's fifth law, 2005/2/1
105 years of person schema, 2005/1/26
Use of the term "laws", 2005/1/21
Questions on key retrieval in LID, 2005/1/14
Principle of contractual disclosure, 2005/1/8
Identity systems without discovery or public entities, 2005/1/3
Disclosure policy statements, 2004/12/17
On comparison functions and the Axiom of Identity, 2004/12/11
A user applies an identity function to themselves, 2004/12/10
Identity Management for devices, 2004/12/9
Comments on Kim Cameron's third law, 2004/12/9
- Domains of links from this blog:
amazon.com appft1.uspto.gov blogger.com blogs.msdn.com blogs.oracle.com blogs.sun.com burtongroup.com catalyst.burtongroup.com ceppi.blogs.com cnss.gov conference.digitalidworld.com cs.utexas.edu csrc.nist.gov digitalidworld.com docs.oasis-open.org download.boulder.ibm.com eclipse.org eternaloptimist.wordpress.com ftc.gov identityblog.burtongroup.com identityblog.com idschemas.idcommons.net ietf.org iiw.windley.com informed-control.com ios.windley.com itu.int java.sun.com microsoft.com msdn2.microsoft.com networkworld.com notabob.blogspot.com oasis-open.org openid.net projectconcordia.org projectliberty.org research.microsoft.com self-issued.info support.microsoft.com tec2009.com tools.ietf.org trustedcomputinggroup.org us.imdb.com vquill.com w3.org wiki.idcommons.net xmlns.com
Opinions expressed here are the personal opinions of the original authors.