The Second Golden Age of Identity
We are now in the second golden age of identity and access management (IAM). Mobile devices, cloud computing, social networks, Big Data, and the Internet of Things (IoT) require radically improved capabilities. They are driving rapid innovation in IAM standards,… Continue reading
Token Bindings to Gear Up Authentication Assurance
In last year’s “Passwords are Overloaded, Not Dead” I voiced skepticism that security’s oldest construct would be replaced anytime soon. But many in the industry continue working to replace passwords, and while their marketing slogans may… Continue reading
Black Sheep or Green Fields?
Privacy By Design and the Online Library
Covert OAuth Redirects and Perverse Incentives
Proposed OAuth 2.0 Assurance Session at IIW
Federated Identity: Broad or Strong?
Piling On OAuth
Social Login Systems May Share too Much
You thought you heard a click behind that site’s “Sign in with Facebook” button. But did you also hear the inaudible sigh of your personal data disappearing into the maw of yet another application?
Social login is the ability to… Continue reading