Browse by Tags

• Salesforce.com adds support for SAML

  Salesforce.com just announced that their new Summer '08 release supports SAML for Secure Internet SSO. Given Google already supports SAML, this is another data point that points to a trend towards universal SAML adoption for enterprise SaaS applications. To their credit, Salesforce.com have listened to their enterprise customers who increasingly expect their SaaS vendors to support open, interoperable standards. Even more important is that Salesforce.com already have a proprietary SSO scheme, but Read More... Posted Tuesday, June 24, 2008 7:17 PM from CTO Talk | 1 Comments Filed under: IdM

• SalesForce for Google Apps

  Salesforce.com and Google have just announced a strategic partnership called “SalesForce for Google Apps”. You can read more about it here and here , but in a nutshell it means that Salesforce customers will be leveraging Google productivity and collaboration tools (such as Gmail, Google Calendar, Google Talk, and Google Docs) from directly within the SaleForce application. Why do I care? In a nutshell, this partnership will further highlight the need for seamless identity integration between the Read More... Posted Monday, April 14, 2008 9:40 PM from CTO Talk | 1 Comments Filed under: IdM

• A Model for an Internet Identity Layer

  The much discussed notion of an identity meta-system is of paramount importance to addressing the issues of de-perimeterization that are facing enterprises. I have personally found the definition of this identity meta-system a little fuzzy, beyond the fact that I know it has to support multiple protocols and technologies. Given some of my background includes coding networking protocols and doing firewall architecture I actually prefer to think of the identity meta-system as an identity layer. This Read More... Posted Thursday, April 03, 2008 10:39 AM from CTO Talk | 1 Comments Filed under: IdM

• Idenety Management and the De-Perimeterization of The Enterprise

  There are a number of significant areas that are driving a sea-change in the way enterprises must think about identity management. In a nutshell we see this need manifesting via five strategic themes. 1. Collaboration & Enterprise 2.0 Organizations will continually strive to get closer to employees, consultants, customers, suppliers and partners. This has been traditionally been phone and email, but is becoming wiki’s, blogs, portals, VOIP, presence, IM, web conferencing, and even social networks. Read More... Posted Wednesday, April 02, 2008 2:58 PM from CTO Talk | 1 Comments Filed under: IdM

• Dynamic SAML Article in IEEE Security & Privacy

  The IEEE Security and Privacy magazine just published an article I co-wrote with Nate Klingenstein and Leif Johansson on Dynamic SAML and how it can be used to simplify SAML deployments. Nate and Leif are two extremely knowledgeable federation and security experts who hail from the Shibboleth community. You can read the article online without a subscription here . It was both interesting and enlightening to work with Nate and Leif on this article as they brought an alternate perspective from the Read More... Posted Monday, March 31, 2008 10:16 PM from CTO Talk | 1 Comments Filed under: IdM

• Adoption and State of the Federation Market

  I was recently asked to participate in a Burton Group podcast with Sun and Covisint on the 'Adoption and State of the Federation Market' . Gerry Gebel did a great job moderating the discussion. The synopsis is below. I think you will find its a worthwhile 20 minute listen. "In January 2008, Burton Group published a report evaluating products in the Federation technology market. Federation is an important tool for deploying cross-domain sign-on and access solutions. With more than a dozen products Read More... Posted Monday, March 03, 2008 3:14 PM from CTO Talk | 1 Comments Filed under: IdM

• SAML Bindings Best Practices

  The majority of SAML deployments we see are standardizing on the front-channel HTTP POST and HTTP Redirect bindings for SSO and SLO. These bindings are proving to be much simpler to implement than the bindings that require back channel communications. Why is this? The use of SAML bindings that require back channel communication (e.g. SAML Artifact and SAML SOAP bindings) are inherently more complex to deploy. We have masked a significant amount of this complexity within PingFederate but there are Read More... Posted Thursday, February 28, 2008 1:30 PM from CTO Talk | 1 Comments Filed under: IdM

• PKI and SAML - Friends or Foes

  One of the reasons that SAML based Federation exists is that wide-spread use of user certificates never materialized. If it had, then it is unlikely that SAML would be what it is today as user certificates themselves can securely solve the cross-domain web SSO problem. That said, there have been some industries that have been willing to invest the money to make PKI work at scale for large user communities. As such we at Ping have struggled to justify the value of SAML in these entrenched PKI communities Read More... Posted Thursday, February 14, 2008 9:51 AM from CTO Talk | 1 Comments Filed under: IdM

• Trusting SAML Meta-Data

  We announced the release of PingFederate 5 this month. This release includes support for dynamic federation which our marketing department has called Auto-Connect(tm). One of the more interesting aspects of Auto-Connect is how you establish the trust that allows you to know that the business partner you are federating with is really who they say they are. Andre touched on this a little bit here . Before Auto-Connect an organization had to establish a cryptographic trust relationship with its partner Read More... Posted Wednesday, January 30, 2008 12:17 PM from The Patrick Harding Blog | 1 Comments Filed under: IdM

• Identity Portability as a Key Enabler for Virtualization

  I was recently asked for my thoughts on whether identity portability and identity standards were a key enabler for virtualization . I was also then sent a link to an article about how a lack of industry standards may threaten virtualizations growth. From my perspective choosing to leverage virtualization is currently a system operations driven decision. I seriously doubt that in today’s virtualization world, application functionality such as authentication and authorization is a major consideration Read More... Posted Monday, December 17, 2007 4:51 PM from The Patrick Harding Blog | 0 Comments Filed under: IdM

• Malware as a Service

  We held a webinar ( listen here ) this morning on how federation can help reduce the likelihood of succesful phishing attacks against the enterprise SaaS market. I think this article in CIO magazine is extremely pertinent. This is fascinating reading with a bunch of equally fascinating follow up articles. I actually incorporated some of this information into my webinar material. Read More... Posted Wednesday, December 12, 2007 11:58 PM from The Patrick Harding Blog | 0 Comments Filed under: IdM

• Can Federation help solve the SaaS phishing issue?

  Most people are aware of the recent security issues that SalesForce.com are facing as a result of the successful phishing attacks against them ( more here ). I am expecting that this will be the straw that finally breaks the back of the SaaS market as they come to understand that secure internet SSO via federation is not a ‘nice to have’ but a ‘must have’. One of the attack vectors that make a phishing attack possible is a public web form available on the internet that collects user credentials. Read More... Posted Friday, November 30, 2007 4:01 PM from The Patrick Harding Blog | 0 Comments Filed under: IdM

• Dynamic Federation - Under the Covers

  This morning Andre posted some high level details on our company blog ( here ) around how to automate federation connectivity via what we are calling dynamic federation. I thought it would be helpful to dig a little deeper and describe how we see this working under the covers. It is important to note that nothing defined below is proprietary and that everything is already specified in the SAML 2.0 speciification. For this to succeed we are proposing that two conventions be adopted. The first is for Read More... Posted Tuesday, November 27, 2007 10:33 AM from The Patrick Harding Blog | 0 Comments Filed under: IdM

• User-Centric Identity Within the Enterprise

  I have been asked on a number of occasions for my thoughts on how user-centric identity can apply to employees within the enterprise. This is usually just a poorly disguised technology question (i.e. what are CardSpace and OpenID). On occasion I have had to take this further and explore peoples varying definitions of user-centric identity and relate that back to an enterprise employee setting. There are valuable things some enterprises will do with user centric identity for their customers, but trying Read More... Posted Monday, November 19, 2007 5:05 PM from The Patrick Harding Blog | 0 Comments Filed under: IdM

• Humble Beginnings

  Andre has finally talked me into maintaining my own blog. For better or worse the blogosphere is now stuck with me. My goal is to make sure there is a practical aspect to this blog rather than a bunch of nebulous theorizing. In the event that I am forced down the path of pontification I will promise to at least warn people up front. Further, my intent is that this blog will not only prove to be useful for our customers and prospects, but also to our competitors and partners. Read More... Posted Wednesday, October 31, 2007 3:01 PM from The Patrick Harding Blog | 0 Comments Filed under: IdM