You are currently browsing the archives for the Identity Management category.
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Dec | ||||||
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | 31 | ||||
- Directories (1)
- Federation (1)
- Identity Management (6)
- Random Stuff (1)
- Uncategorized (8)
- December 9, 2008: Strong Authentication
- April 27, 2008: ID Card Stuff
- March 26, 2008: OSS IDM System - Some Thoughts
- October 9, 2007: Role Based Access in the Enterprise
- September 11, 2007: Open Source IDM Solutions
- September 4, 2007: Marks Apple Hickory BBQ Ribs from the grill.
- August 16, 2007: OpenSuse 10.2 Network install in 6 easy steps.
- May 29, 2007: So, I posted my Resume
- May 11, 2007: This is actually pretty cool.
- May 11, 2007: Started PAM module list
Archive for the Identity Management Category
Strong Authentication
December 9, 2008 by mabatche.
Lately, I have been pondering strong authentication again.
The company I work for uses RSA tokens. I find these quite nice in that they really are a decent form of two-factor authentication. The real problem here is simply cost and management. Tokens work well if you have tons of money to purchase them. So, enter the soft-token. They are nice, and we have used them for a while now. The real problem here, is that they are still just as hard to manage as the hardware tokens. If not harder, since you havee to manage that software on whatever device it is living on.
I have seen other forms of tokens, like the “bingo-card” as I call is, that looks like a bingo card, and is technically cheaper than the RSA solution.
Also, there are a ton of vendors in the two-factor token market now adays so pricing pressure is causing most vendors to lower their prices.
i do think biometrics have a place in the world, but I think the logistics surrounding them, and the general ambiguity of the technology makes it hard to implement for an enterprise.
So, I was wondering (if anyone still reads this blog lol) if anyone has any experience with things other than tokens and biometrics? Or, if anyone has run across anything bizzare that might be of interest to someone looking to change the way authentication is viewed.
When I think of authentication, I tend to think of it from 3 aspects or 3 types. (there certainly are more).
1 - simple authentication that verifies your identity and thats it. Like a username and password combination that simply allows you access to something.
2 - role based access after authentication. I suppose this is really authorization after the authentication piece.
3 - graded authentication that allows you access to resources of some type based on how you authenticated to something.
This third type is the type I have recently been focusing on. What I find strange (well, maybe not strange, but annoying really) is that outside of two-factor and biometric (well, I guess there is out of band, like a cell-phone type of thing), there really hasn’t been a lot of changes to things in this space. I know some vendors will disagree with me, and tell me that their out of band stuff, like doing verifications at a cell phone, or calling a person back after authenticating is an advance, but I really see that as a incremental kind of thing. I also see this approach as a limited one since it relies on something that some people may not have.
There has been the cardspace/id card stuff that allows people to identify themselves in a “card” on their client that is then presented to a website for authentication. This I suppose I do find compelling since it at least is somewhat interesting to me. But, to date it really hasn’t caught on much.
Smartcards are neat, since they are typically cheaper than a token, but I have found that to really do anything strong with them, you still require a password of some kind.
Well, sorry for the rant, I was just sort of brain dumping on the blog… Authentication has been top of mind for me lately, and really, I am astounded at how far we haven’t come.
Posted in Federation, Identity Management | No Comments »
OSS IDM System - Some Thoughts
March 26, 2008 by mabatche.
Been a while since I’ve posted anything. My apologies if anyone is actually reading this stuff.
I’ve been thinking a lot more about that first question I ever posted.. “Wheres my opensource IDM solution”. And I certainly received some messages from a few people that pointed a few out to me - They all looked fairly promising.
But, I keep wondering if it would be possible to write a module that attaches itself to an openldap server (sort of like a persistent search on steroids) that could subscribe to changes that occur there. That way, you could use openLDAP as a “meta-directory”. From there, you could write connectors that connect to target systems.
This seems a lot like Novell’s IDM, only sort of the opensource brother to it.. without the XML/DirXML engine… (which i imagine is patented somehow anyways).
Any thoughts? Im just kind of rambling on here….
Posted in Identity Management | 1 Comment »
Open Source IDM Solutions
September 11, 2007 by mabatche.
In a previous post, I noted that I had not seen any open source IDM solutions that were really focused on provisioning. I had seen quite a few that were focused on SSO and federation. After my post, a blogger pointed out to me a company called Diamelle that had something in that space. To be frank, I havn’t had any spare time to dive into it. But, on the surface, and from what I’ve read, it looks like it could have some good traction.
Another one has popped up since then called Velo. I saw it in response to this post. From the looks of it, it appears to be playing heavily in the provisioning space. Also, it appears to be offered under the GPLv2.
I watched the 2 demos they had up on their website, and it appears to be a descent looking interface. Im assuming its a push/pull type of technology, but I could be wrong since I havn’t actually used it. Either way, more choices in the IDM provisioning space can only be a good thing. Ill be checking this one out next chance I get. So far though given Diamelle, and Velo, at least there are some choice out there.
Posted in Identity Management | No Comments »
This is actually pretty cool.
May 11, 2007 by mabatche.
A few days ago, I put up a little article asking where my open source IDM solution was. Looking across someone elses blog, I was directed to this link here.
Its a very cool mapping tool used to create a map of known open source IDM projects and their status. I found this very helpful. Maybe you will as well.
Posted in Identity Management, Uncategorized | No Comments »
Started PAM module list
May 11, 2007 by mabatche.
I just started putting together a list of all the pam modules I can find that are open source. It can be found here.
I’ve been getting a bit frustrated at finding some of these. Many of these are very useful! And it would be nice to a one place to go to find out about some of these… Sooo.. im starting this little list and updating it as i come across them.
Mark.
Posted in Directories, Identity Management, Uncategorized | No Comments »
Where’s my open source enterprise IDM solution?
April 30, 2007 by mabatche.
I’ve been doing IDM for about 6 years now. With everyone I speak with, IDM pretty much gets talked about in 2 ways.
1 - SSO/Federation solutions. Geared mostly around federation and SSO Access/Authorization. (there are actually a plethora of Opensource projects that can help tackle these problems).
2 - IDM in terms of user provisioning and profiling in the enterprise to enterprise type software. Such as Lotus Notes, Active Directory, eDirectory or even things like RACF on zOS.
For number 1, I’ve found all sorts of stuff in that space.. heres a couple of links for it…
http://www.manageability.org/blog/stuff/single-sign-on-in-java/view
http://www.techworld.com/networking/features/index.cfm?featureid=1681
For number 2 though, I have yet to find anything interesting that gets my attention. Which got me wondering why?
Im well versed in Novell’s Identity Manager product as well as have done *some* work with Sun’s product. There are also a few other companies out there that claim to do some form of IDM in this space, including Microsoft, IBM/Tivoli, CA, and then there are some smaller players.
Most of these products base everything on some sort of a directory technology. Be it eDirectory for Novell, AD for microsoft, or whatever the directory of the day is… they all have some form of directory back-end that serves as a meta-directory. In the opensource world, we have openldap which is certainly a reputable and well proven directory service. Seems to me, that it would be a relativley interesting idea to attempt to build an enterprise class IDM solution that works in conjunction with open-ldap as the back end.
I realize, I’m sort of rambling on here, so if anyone knows of any efforts going on in this space, post a comment.
I’m actually considering attempting this myself. If there is any interest, let me know!
UPDATE: from one of the little handy “Whos linking to you links” Someone pointed this out… http://www.diamelle.com/ . They appear to be working on this exact problem.. ill check it out and let everyone know.
Posted in Identity Management, Uncategorized | No Comments »