This year theme is on “Services and Identity”. The complete Call-for-Paper can be found here. Please consider submitting a paper.
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
My HP Blog on “Research on Identity Management” is now back, in the in the new HP Communities Hosting Site.
Enjoy …--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
I wanted to let you know that HP blogs will be migrating to a new platform over the next week. As of today, May 23, I won't be posting to my blog and won't be able to receive any comments submitted. Please hold your comments until June 1 when our new site will be live.
In this period I will anyway carry on posting on my “mirror” blog site on “Research on Identity Management”. In the meanwhile, feel free to post your comments to this mirror site.
--- NOTE: use this mirror blog to post anonymous (un-authenticated) comments ---
In a previous post of mine I created awareness about a recent HP News Release, saying that: “HP and Novell announced an exclusive alliance to migrate HP Identity Center customers to Novell identity and security management solutions”.
My HP colleague, Archie Reed, has gone further: he has provided additional background and described HP current approach to Identity Management. Please have a look at his post on “HP and Identity Management”.
Archie, well done: I received a few requests for more information too – your post is addressing them all.
--- NOTE: use this mirror blog to post anonymous (un-authenticated) comments ---
I wanted to let you know that HP blogs will be migrating to a new platform over the next week. As of today, May 23, I won't be posting to my blog and won't be able to receive any comments submitted. Please hold your comments until June 1 when our new site will be live.
In this period I will anyway carry on posting on my “mirror” blog site on “Research on Identity Management”. In the meanwhile, feel free to post your comments to this mirror site.
--- NOTE: use this mirror blog to post anonymous (un-authenticated) comments ---
In a previous post of mine I created awareness about a recent HP News Release, saying that: “HP and Novell announced an exclusive alliance to migrate HP Identity Center customers to Novell identity and security management solutions”.
My HP colleague, Archie Reed, has gone further: he has provided additional background and described HP current approach to Identity Management. Please have a look at his post on “HP and Identity Management”.
Archie, well done: I received a few requests for more information too – your post is addressing them all.
--- NOTE: use this mirror blog to post anonymous (un-authenticated) comments ---
I wanted to let you know that HP blogs will be migrating to a new platform over the next week. As of tomorrow, May 23, I won't be posting to my blog and won't be able to receive any comments submitted. Please hold your comments until June 1 when our new site will be live.
In this period I will anyway carry on posting on my “mirror” blog site on “Research on Identity Management”. In the meanwhile, feel free to post your comments to this mirror site.
--- NOTE: use this mirror blog to post anonymous (un-authenticated) comments ---
HP Identity Management customers might be interested in this recent News Release by HP:
“HP and Novell today announced an exclusive alliance to migrate HP Identity Center customers to Novell identity and security management solutions.
As part of an agreement between the companies, HP and Novell will jointly offer migration services, HP will resell Novell identity and security management solutions and Novell will license HP Identity Center technology.
Earlier this year, HP announced it will focus its investment in identity management products on existing customers rather than selling the products to new customers. To ensure that they continue to have access to exemplary identity management solutions, existing HP customers can take advantage of this program and migrate to Novell’s industry-leading offerings. Customers who choose not to migrate will continue to be supported by HP. …”
--- NOTE: use this mirror blog to post anonymous (un-authenticated) comments ---
As reported in this article, a privacy group (The Anti-Phorm Group) has launched a “Phorm Spoiler”, to deal with the fact that ISPs and Phorm Advertising Services are increasingly collecting personal data and profiles based un users’ surfing behaviours. An Anti-Phorm application is available for download online:
“The AntiPhorm group - which describes itself as "a loose conglomeration of concerned individuals comprised of artists, programmers and designers" - says it wants to prevent ISPs from profiting from their customers' personal surfing habits. …
To throw Phorm off the scent, the team has developed an application called AntiPhormLite that sits in the background, visiting random sites. "It connects to the web and intelligently simulates natural surfing behaviour across thousands of customisable topics," the site claims.”
--- NOTE: use this mirror blog to post anonymous (un-authenticated) comments ---
People in UK might be interested in this Seminar by Tyler Moore, titled “An Empirical Analysis of Phishing Attack and Defense”, that is going to take place at the University of Bath, UK, on Friday, 23 May 2008. The abstract follows:
“A key way in which banks mitigate the effects of phishing attacks is to remove the fraudulent websites and abusive domain names hosting them. We have gathered and analyzed empirical data on phishing website removal times and the number of visitors that the websites attract. We find that website removal is part of the answer to phishing, but it is not fast enough to completely mitigate the problem. Phishing-website lifetimes follow a long-tailed lognormal distribution -- while many sites are removed quickly, others remain much longer. We have found evidence that one group responsible for half of all phishing, the rock-phish gang, cooperates by pooling hosting resources and by targeting many banks simultaneously. The gang's architectural innovations have significantly extended their websites' average lifetime. Using response data obtained from the servers hosting phishing websites, we also provide a ballpark estimate of the total losses due to phishing. Phishing-website removal is often subcontracted to specialist companies. We analyze three months of 'feeds' of phishing website URLs from multiple sources, including two such companies. We demonstrate that in each case huge numbers of websites may be known to others, but the company with the take-down contract remains unaware, or learns of sites only belatedly. Upon calculating the resultant increase in lifetimes caused by the take-down company's lack of action, the results categorically demonstrate that significant amounts of money are being put at risk by the failure to share proprietary feeds of URLs.”
--- NOTE: use this mirror blog to post anonymous (un-authenticated) comments ---
HP Identity Management customers might be interested in this recent News Release by HP:
“HP and Novell today announced an exclusive alliance to migrate HP Identity Center customers to Novell identity and security management solutions.
As part of an agreement between the companies, HP and Novell will jointly offer migration services, HP will resell Novell identity and security management solutions and Novell will license HP Identity Center technology.
Earlier this year, HP announced it will focus its investment in identity management products on existing customers rather than selling the products to new customers. To ensure that they continue to have access to exemplary identity management solutions, existing HP customers can take advantage of this program and migrate to Novell’s industry-leading offerings. Customers who choose not to migrate will continue to be supported by HP. …”
--- NOTE: use this mirror blog to post anonymous (un-authenticated) comments ---
As reported in this article, a privacy group (The Anti-Phorm Group) has launched a “Phorm Spoiler”, to deal with the fact that ISPs and Phorm Advertising Services are increasingly collecting personal data and profiles based un users’ surfing behaviours. An Anti-Phorm application is available for download online:
“The AntiPhorm group - which describes itself as "a loose conglomeration of concerned individuals comprised of artists, programmers and designers" - says it wants to prevent ISPs from profiting from their customers' personal surfing habits. …
To throw Phorm off the scent, the team has developed an application called AntiPhormLite that sits in the background, visiting random sites. "It connects to the web and intelligently simulates natural surfing behaviour across thousands of customisable topics," the site claims.”
--- NOTE: use this mirror blog to post anonymous (un-authenticated) comments ---
People in UK might be interested in this Seminar by Tyler Moore, titled “An Empirical Analysis of Phishing Attack and Defense”, that is going to take place at the University of Bath, UK, on Friday, 23 May 2008. The abstract follows:
“A key way in which banks mitigate the effects of phishing attacks is to remove the fraudulent websites and abusive domain names hosting them. We have gathered and analyzed empirical data on phishing website removal times and the number of visitors that the websites attract. We find that website removal is part of the answer to phishing, but it is not fast enough to completely mitigate the problem. Phishing-website lifetimes follow a long-tailed lognormal distribution -- while many sites are removed quickly, others remain much longer. We have found evidence that one group responsible for half of all phishing, the rock-phish gang, cooperates by pooling hosting resources and by targeting many banks simultaneously. The gang's architectural innovations have significantly extended their websites' average lifetime. Using response data obtained from the servers hosting phishing websites, we also provide a ballpark estimate of the total losses due to phishing. Phishing-website removal is often subcontracted to specialist companies. We analyze three months of 'feeds' of phishing website URLs from multiple sources, including two such companies. We demonstrate that in each case huge numbers of websites may be known to others, but the company with the take-down contract remains unaware, or learns of sites only belatedly. Upon calculating the resultant increase in lifetimes caused by the take-down company's lack of action, the results categorically demonstrate that significant amounts of money are being put at risk by the failure to share proprietary feeds of URLs.”
--- NOTE: use this mirror blog to post anonymous (un-authenticated) comments ---
The EU PICOS Project (FP7) is a consortium consisting of eleven partners from seven different countries of the EU. It involves specialists from the fields of science, research and industry.
PICOS stands for “Privacy and Identity Management for Community Services”:
“Within 3 years, PICOS will investigate and develop a state-of-the-art platform for providing trust, privacy and identity management in mobile communities”.
The official PICOS web site is now available online. On this site you can also access the PICOS fact-sheet.
--- NOTE: use this mirror blog to post anonymous (un-authenticated) comments ---
The EU PICOS Project (FP7) is a consortium consisting of eleven partners from seven different countries of the EU. It involves specialists from the fields of science, research and industry.
PICOS stands for “Privacy and Identity Management for Community Services”:
“Within 3 years, PICOS will investigate and develop a state-of-the-art platform for providing trust, privacy and identity management in mobile communities”.
The official PICOS web site is now available online. On this site you can also access the PICOS fact-sheet.
--- NOTE: use this mirror blog to post anonymous (un-authenticated) comments ---
I was wondering if anybody in this community could share references to relevant material/links/documents/research projects illustrating the current status of:
(1) Risk Analysis and Management in the space of Identity Management
(2) Identity Analytics
My current search and assessment of this space has identified various technologies, solutions and work coming from a “compliance management” perspective i.e. (a) assessing events and evidence (e.g. logs) against expected processes/policies and (b) providing results that indicate the level of compliance and risk exposure. This is what I call the “bottom-up” approach where the “risk assessment” is done against predefined policies and/or well defined situations.
So far I have not found good examples of “top-down” solutions that help decision makers (e.g. CIOs, CISOs, etc.) to explore trade-offs in the Identity Management space (e.g. making investments in education vs IT solutions vs outsourcing vs etc.) to understand the impact on factor of relevance for an organisation (e.g. costs, reputation, losses, trust, etc.), make compelling decisions and potentially help them to define suitable policies.
A specific example would be decision support solutions that help understanding the trade-offs between adopting (in an organisation) the usage of strong passwords, SSO, multi-factor authentication, etc. against involved costs, the value of the assets to be protected, the kind of involved users and the actual benefits in terms of security. More in general these solutions should provide insights about potential trade-offs between various possible choices in the IdM space (in terms of authentication, authorization, provisioning, federation/SSO, privacy, etc.) against complex organisational realities and their business objectives. Modelling and simulation might be required to cope with the involved complexity …
Is anybody aware of specific research/work/solutions in this space?
CIOs/CISOs are increasingly asked to justify the reasons behind their security investments and/or have to make investment choices that must “maximise” their “expected outcomes” based on ever-shrinking budgets. I see the opportunity for “top-down” decision support, modelling and simulation solutions that can effectively help these decision makers, specifically in the Identity Management space …
--- NOTE: use this mirror blog to post anonymous (un-authenticated) comments ---
A PLING panel has been held at the WWW 2008 conference (Beijing 23-25 April), discussing policies and Policy-aware Web.
The list of panellists includes: Renato Iannella (Moderator), Piero Bonatti, Llana Kagal, Thomas Roessler.
The slides presented in this panel are now available online.
--- NOTE: use this mirror blog to post anonymous (un-authenticated) comments ---
As announced in a recent press release, HP Labs are opening research opportunities to academia:
“HP today made it possible for colleges, universities and research institutions worldwide to participate in joint research with HP Labs, the company’s central research facility, through an open and competitive process.
The new HP Labs Innovation Research Program invites the worldwide academic community to submit proposals related to current research in the areas of information explosion, dynamic cloud services, content transformation, intelligent infrastructure and sustainability.
The program is the first offering of the HP Labs Open Innovation Office, which was established earlier this year as part of HP Labs’ new approach to research. The office is responsible for deepening HP Labs’ strategic collaborations with academia, the government and the commercial sector to produce mutually beneficial, high-impact research. …
Program guidelines and the online submission tool are available at www.hpl.hp.com/open_innovation/irp. Proposals will go through an extensive review process within HP Labs. Selected winners will be notified in late 2008.”
--- NOTE: use this mirror blog to post anonymous (un-authenticated) comments ---