Understanding Windows Cardspace - An Introduction to the Concepts and Challenges of Digital Identities. Written by the brilliant Mssrs. Vittorio Bertocci, Caleb Baker & Garrett Serack.
I'll admit that this one was relegated to "Page 7 of 8" on my list of unread Kindle titles for many moons, and I just pulled it up while working out on the elliptical last night. (Best use case ever for the Kindle, I might add - I can stay on the elliptical for an hour at a decent clip without getting bored, since I'm reading.) I think the reason I hadn't gotten 'round to it was because...I'm an enterprise Identity lady, and I just haven't quite gotten my brain around use cases for Cardspace & InfoCard in a corporate environment yet. (Hi BP. Hi Matt.) Now, in the consumer identity space? Boy howdy will Cardspace be a killer thing...I'm just not quite sure where it fits into my happy world of AD domain controllers and ADFS federation agreements yet, still thinking on that one.
But even if you're of a similar mindset/background, you want to read this book. It's kinda Bruce Schneier-esque in its treatment of capital "I" Identity as a concept - how it has evolved on the Internet, what the problems and attack vectors are, and how to think about them conceptually as well as technically. And more to the point, it does all of this in a ridiculously well-written manner (again with the parallels to Schneier). Unlike a lot of technical books that are dry to the point of being a good substitute for Ambien at night, this one is actually erudite, occasionally funny, and an entirely enjoyable read.
So go buy it. And pre-order Vittorio's WIF book as well while you're at it.
]]>Details as follows:
Minasi Conference 2010
May 2nd – May 5th
Virginia Beach, VA, USA
The conference runs from Sunday May 2nd until Wednesday May 5th and has some of the world’s top speakers.
The Minasi conference is unlike any other tech conference you’ve attended before due to its intimacy, favourable student:lecturer ratio, variety of topics and quality of instructors.
The conference is organized and staffed by volunteers from Mark Minasi’s forum and includes well known veteran lecturers like Mark Minasi, Rhonda Layfield, Todd Lammle, Roger Grimes, Microsoft MVP’s and author’s such as Aidan Finn, Nathan Winters and Eric Rux and forum members who just want to share what they’re doing.
The conference has enjoyed some prestigious special guest lecturers and this year is no exception. The chance to rub elbows and ask questions in such a small environment is found only at the Minasi conference. Previous years special guests have included:
-Cisco Guru and all around nice guy, Todd Lammle
-All things Security (now featuring the Cloud), Steve Riley
-Group Policy Experts Jeremy Moskowitz and Darren Mar-Elia
-Super Scripter, Don Jones
-Internet Fixer, Roger Grimes
We invite you to join us both online and in person. Take a look at the website for loads more info and to register –
Pre-Conference Event
For the 2010 Conference we are pleased to offer our first Pre-Conference session.
The aim is to provide a 4 hour event at a small additional cost which will cover a topic that is closely related to the main conference but just slightly different!
In this case Todd Lammle will lead the session on the morning of Sunday 2nd May from 08:30 until 12:30.
The topic is “Configuring Basic Cisco and Router Configurations”
All students would need is their own laptop and we will provide a free copy of Todd’s latest book as well as very slick router and switch simulator that you get to keep.
We are currently working to flesh out the details of this session and will update with a full agenda shortly.
This pre-con session will cost $85 which includes the Book, The Simulator, a light breakfast, Lunch and of course the 4 hours tuition!
For more information check the conference website in the Pre-Conference section.
I look forward to seeing you in Virginia!
]]>So a placement firm that I’ve done some work for, Pro Search Inc. in Portland Maine, has a nice little charitable arm as part of their business model:
“About the Pro Search Gives Back Program: Each Quarter, on behalf of our clients, Pro Search donates 5 cents for every hour our temporary and contract employees work to community organizations and not-for-profits in Southern Maine. In 2009, thanks to the hard work and dedication of you and other Pro Search contractors, this totaled over $11,000.”
Now, clearly all eyes are on the ongoing humanitarian efforts in Haiti right now, and these guys are no exception. Come to find that one of their contractors is a Haitian immigrant with significant family base still in Port-au-Prince. As a directed giving measure, Pro Search is paying to fly this person and his brother home in order to re-connect with family and friends, and to assist in the relief efforts.
Yes indeed. I work with some truly outstanding people.
Now, go give some money to the relief organization of your choice. Mine is the Salvation Army, since having worked in IT Operations for them I know first-hand what percentage of every donation dollar goes directly to relief efforts instead of administrative overhead, and they’re ridiculously efficient…something like 85 cents on the dollar goes into the mission. But there are innumerable others…go get in the game.
]]>Token Issuance Authorization, new feature in the ADFSv2 release candidate. Allows the Identifying Party STS to control which users are authorized to receive tokens, thus decoupling both AuthN as well as certain aspects of AuthZ from the Relying Party.
From the blog post, in describing a scenario in which Contoso users are accessing a Fabrikam online store:
]]>With the new token issuance authorization feature, the administrator of the Contoso STS can create a policy that authorizes token issuance to Fabrikam based on membership in an Active Directory security group. This implements a form of role based access control (RBAC) at the STS. The administrators of the Fabrikam online store need not be aware of the details of the [Contoso] access control policy and no action is required from the vendor if the [Contoso] policy changes.
The lovely Pamela Dingle, recent addition to the brilliant staff of Ping Identity, has joined the OpenID Foundation as a board member representing Ping.
Congratulations!
]]>This flurry of Amazon-related ADFS goodness courtesy of Steve Riley, whom I’m incredibly happy to see speaking with such a passion around my favorite technology in the communities. :-)
]]>There appears to be a list-serv that you can subscribe to without being an ABANet member. Some of the doc links don’t seem to be showing love, though the ones that do make for some pretty cool reading.
]]>In a nutshell - federated identity presents legal and audit challenges that all organizations will need to address before it gains wide acceptance. This is not news; fed zealots have been saying this for years. The thing that keeps me up at night has actually been the fact that the non-technical side of the house isn't ready for this, in my case thinking about auditors.
Current auditing process:
Auditor: "Tell me who has access to Resource Foo."
IT Guy: "Let me dump the ACL on that resource and parse through the groups...okay, here's a list of users."
Auditing in a federated world:
Auditor: "Tell me who has access to Resource Foo."
IT Guy: "The list of users I gave you last week, plus any one of my federated partners' users who presents me with a claim that reads "Marketing." No, I can't tell you who those people are. Yes, the list of who those people are can change from nanosecond to nanosecond without my being aware of it...erm, why are you crying, Mr. Auditor?"
It's these kinds of process problems that need to be resolved even moreso than the technical ones...though PKI is still a big technical one to contend with. :-)
One phrase that jumped off the page at me in the above article: "Recognizing the need to comprehensively address the legal issues raised by identity management, the American Bar Association has established a Federated Identity Management Legal Task Force to undertake such a project."
Shiny. Must Google.
]]>It's a long time in coming, but I'm so happy to see LDS back on the client!
Watch this space for more on incorporating the claims model into the SP2010 Identity model:
]]>