AuthenticationWorld.com
The business of authentication
- Authentication Categories
- Password Authentication
- Single Sign On Authentication
- Access Control Authentication
- Authentication - Enterprise Security
- Authentication Strength
- Authentication Transaction
- Authentication Management
- User Authentication
- Authentication Federation
- Authentication-Biometric
- PKI Authentication
- Token Authentication
- Wireless Authentication
- Document Authentication
- Authentication -Outsourcing
New Papers!
2011
New! The Case For an Open Source Physical Security Software
This paper proposes why I think that the time is right to develop an open soource physical security software.
The Case For an Open Source Physical Security Software
New! Securing Remote Locations
This paper proposes a new , low cost way of securing remote locations to reduce the cost of key management.
Securing Remote Locations
2010
New! Electric Cars, Identities and Peak Saver Programs
I wanted to write a paper that thinks through the implications if electric car sales significantly rise AND the charging system uses large amounts of electricity. If these assumptions are proved to be true, then the likely result is the utility and regulators wanting to adopt a "peak saver" (demand response) program for electric vehciles. This paper dives into my thoughts on what this entails.
Electric Cars, Identities and Peak Saver Programs
New! Revolutionizing Building Physical Security
Paper examines new ways to drop the cost of the physical security system, easily allow your tenants to take over some management of the security system with you still having over-ride, easily integrate with their identity management systems and also quickly purge identities when they leave a tenant.
Revolutionizing Building Physical Security
New! Risk and Trust - PART TWO
This paper examines the impact that risk plays on enrolment, end point secuirty and security context. I end the paper by talking about my vision of risk management from more than 10 years ago.
Risk and Trust - Part Two
New! Risk and Trust
I wanted to put in context the ongoing discussions about RBAC vs ABAC and authentication against the bigger picture of data clouds, push vs pull and programmable internet applications. All of which I propose requires an enterprise risk and trust assessment framework.
Risk and Trust
New! Identity Management Roadmap
This is a commercial marketing blurb on my services to assist your enterprise in creating an identity management roadmap.
Identity Management Roadmap
New! Smart Grid and Identity Management
These are three papers that outline my views on smart grid, the role that identity management has to play in it and the future of smart grid operations.
Smart Grid Identity Management
Smart Gird Ops
Smart Grid and the Home - Privacy, Authentication and Authorization
NERC and Identity and Access Management:
These are two papers I wrote this past spring (2009) on identity management and NERC CIP compliance.
NERC CIP and Identity Management - An Overview
NERC CIP and Identity Management - Detailed Analysis
This is a paper from this spring on why utilities should be using identity and access management.
Physical and Logical Security:
I recently did an interview with Sharon Watson from Security Squared. She published an edited version of out interview "Real World Physical-Logical Identity and Access Management". This is an excellent overview on my thoughts and experiences on physical and logical security. I strongly suggest you read it.
She then quoted me in an excellent article she wrote "One Person, One Identity, One Credential: Converging Logical-Physical Identity and Access Management". I also strongly suggest you read this as well.
This is a non-commercial paper discussing the challenges in integrating physical security with IAM:
Integrating the Two Worlds of Physical and Logical Security
These three papers are commercial papers aimed at the C suite describing why Quantum Secure is the best first step in integrating physical and logical security together:
CFO: How to Cut Costs and Streamline Regulatory Reporting
CSO: Improvng Security in Tough Economic Times
Facilities Manager: Reduce Costs Automate Process and Simplify Security Operations
This is a short commerical blurb on my services re physical and logical security
Identity and Access Management in Tough Times
Here is a paper I wrote with Derek Small from Nulli Secundus Inc. on why identity and access management should be an easy sell in tought times.
eHealth
These three papers are aimed at eHealth as it relates to content management. They are mostly the same paper aimed at different audiences (Ontario gov't, Canadian Federal Gov't and the US Gov't)
Ontario
Canada
US
AD:
I was frustrated with how so many enterprises I talk to say they are using AD for identity. It is a NOS directory, and not what they should be using for enterprise identities. Instead they should be saying and using ADAM. Here's a short commercial blurb I wrote on this.Why Identity Management projects Fail:
I wrote this paper in 2009 as a result of me rescuing several large Fortune 500 identity projects. For newbies, who are contemplating identity projects, I think it's a good read.
OLDER PAPERS
Identity Verification
This is one of my favorite papers yet the most controversial. Three years ago I chatted with Sir Alex Jeffrey's founder of using DNA to identify people. He agreed with my intent to use DNA to link an identity to a person and to restrict who could do a search on your identity. However, many others didn't. They thought this was big brotther. Others raised points about genetic twins where DNA wouldn't suffice. I still believe that the thrust of this paper is the way forward in the future. Please read it and email with your thoughts!
The Challenges With Identity Verification
Phishing:
Myths about protecting your enterprise from phishing attacks
Passwords:
Why your use of ID and Password is Likely A Joke
Single Sign On:
Single Sign On Underneath the Hood
Single Fail-on
101 Things To Know About Single Sign On
Integrating Single Sign On With PeopleSoft
Integrating HRMS With LDAP and Single Sign On
Authentication - Enterprise Security:
Battling Botnets and Rootkits - A Layered Identity Strategy
Network Access Control Security Strategy:
Network Access Control Security Strategy 2006
Federated Trust:
Creating
a Federated Authentication Trust
Password
Authentication
Single
Sign On Authentication Access
Control Authentication Authentication-Enterprise
Security Authentication
Strength Authentication
Transaction
Authentication
Management User
Authentication Authentication
Federation Biometric
Authentication PKI
Authentication Token
Authentication Wireless
Authentication Document
Authentication
Authentication - Outsourcing
