AuthenticationWorld.com

The business of authentication


Papers


2012 - NEW!
A Story of the Wellness Portal of the Future
A story illustrating the new relationship a patient will have with their medical practitioners. It uses Google Glasses, wellness portal cockpit, wristbands monitoring calories, smart phones, devices implanted and pills swallowed that transmit medical data. 
A Story of the Wellness Portal of the Future

2012 - NEW!
Changing Healthcare - From the Patient's Perspective
Calls for a open source, cloud based,  patient wellness portal as well as an open source patient portal.
Changing Healthcare - From the Patient's Perspective

2012 - NEW!
Mobile Patients - How Your Practice Can Profitable Leverage Change
Aimed at private medical practitioners, the paper begins with a story of a patient, Jane Doe, who interacts with your practice using their smart phone in new ways.  Then the paper discusses key componnets required to enable this as well as illustrating how practitioners can use this themself with their staff.
Mobile Patients - How Your Practice Can Profitably Leverage Change


2012 - NEW!
Mobile Customers - Retail's New Age
This paper discusses significant change approaching retailers due to use of smart phones, voice, Google type glasses, etc.  It calls out for new customer relationship marketing, identity,  authentication and network architectures enabling retailers to profit from this. 
Mobile Customers - Retail's New Age

2012 - NEW!

How Can I Easily Authenticate Myself?
This paper is written from the perspective of a user.  It discusses the technology changes occuring that will require numerous choices for the user to authenticate from wherever they are.
How Can I Easily Authenticate Myself?

2012 - NEW!

Vision: A New Learning Era
This paper summarizes the author's many experiences in schools and sets forth a new learning vision.
Vision: A New Learning Era


2012 - NEW!

Using Voice and Other Biometrics  -
User Friendly Authentication and Authorization Architecture
This paper discusses architecture that is secure but also user friendly.
Using Voice and Other Biometrics - User Friendly Authentication and Authorization Architecture

2011
The Case For an Open Source Physical Security Software
This paper proposes why I think that the time is right to develop an open soource physical security software.
The Case For an Open Source Physical Security Software

Securing Remote Locations
This paper proposes a new , low cost way of securing remote locations to reduce the cost of key management.
Securing Remote Locations


2010
Electric Cars, Identities and Peak Saver Programs
I wanted to write a paper that thinks through the implications if electric car sales significantly rise AND the charging system uses large amounts of electricity.  If these assumptions are proved to be true, then the likely result is the utility and regulators wanting to adopt a "peak saver" (demand response) program for electric vehciles.  This paper dives into my thoughts on what this entails.
Electric Cars, Identities and Peak Saver Programs

Revolutionizing Building Physical Security
Paper examines new ways to drop the cost of the physical security system, easily allow your tenants to take over some management of the security system with you still having over-ride, easily integrate with their identity management systems and also quickly purge identities when they leave a tenant.
Revolutionizing Building Physical Security


Risk and Trust - PART TWO
This paper examines the impact that risk plays on enrolment, end point secuirty and security context.  I end the paper by talking about my vision of risk management from more than 10 years ago.
Risk and Trust - Part Two

Risk and Trust
I wanted to put in context the ongoing discussions about RBAC vs ABAC and authentication against the bigger picture of  data clouds, push vs pull and programmable internet applications.  All of which I propose requires an enterprise risk and trust assessment framework.
Risk and Trust

Identity Management Roadmap
This is a commercial marketing blurb on my services to assist your enterprise in creating an identity management roadmap.
Identity Management Roadmap

Smart Grid and Identity Management
These are three papers that outline my views on smart grid, the role that identity management has to play in it and the future of smart grid operations.

Smart Grid Identity Management
Smart Gird Ops
Smart Grid and the Home - Privacy, Authentication and Authorization


NERC and Identity and Access Management:
These are two papers I wrote in the this spring of 2009 on identity management and NERC CIP compliance.
NERC CIP and Identity Management - An Overview
NERC CIP and Identity Management - Detailed Analysis

This is a paper from this spring on why utilities should be using identity and access management.

Physical and Logical Security:

I
recently did an interview with Sharon Watson from Security Squared.  She published an edited version of out interview "Real World Physical-Logical Identity and Access Management".  This is an excellent overview on my thoughts and experiences on physical and logical security. I strongly suggest you read it.

She then quoted me in an excellent article she wrote "One Person, One Identity, One Credential: Converging Logical-Physical Identity and Access Management". I also strongly suggest you read this as well.

This is a non-commercial paper discussing the challenges in integrating physical security with IAM:
Integrating the Two Worlds of Physical and Logical Security

These three papers are commercial papers aimed at the C suite describing why Quantum Secure is the best first step in integrating physical and logical security together:
CFO:  How to Cut Costs and Streamline Regulatory Reporting
CSO: Improvng Security in Tough Economic Times
Facilities Manager: Reduce Costs Automate Process and Simplify Security Operations

This is a short commerical blurb on my services re physical and logical security

Identity and Access Management in Tough Times
Here is a paper I wrote with Derek Small from Nulli Secundus Inc. on why identity and access management should be an easy sell in tought times.

eHealth

These three papers are aimed at eHealth as it relates to content management.  They are mostly the same paper aimed at different audiences (Ontario gov't, Canadian Federal Gov't and the US Gov't)
Ontario
Canada
US

AD:


I was frustrated with how so many enterprises I talk to say they are using AD for identity.  It is a NOS directory, and not what they should be using for enterprise identities.  Instead they should be saying and using ADAM.  Here's a short commercial blurb I wrote on this.




Why Identity Management projects Fail:


I wrote this paper in 2009 as a result of me rescuing several large Fortune 500 identity projects.  For newbies, who are contemplating identity projects, I think it's a good read.



OLDER PAPERS



Identity Verification


This is one of my favorite papers yet the most controversial.  Three years ago I chatted with Sir Alex Jeffrey's founder of using DNA to identify people.  He agreed with my intent to use DNA to link an identity to a person and to restrict who could do a search on your identity.  However, many others didn't.  They thought this was big brotther.  Others raised points about genetic twins where DNA wouldn't suffice.  I still believe that the thrust of this paper is the way forward in the future.  Please read it and email with your thoughts!
The Challenges With Identity Verification


Phishing:


Myths about protecting your enterprise from phishing attacks 


Passwords:


Why your use of ID and Password is Likely A Joke 

Single Sign On:


Single Sign On Underneath the Hood

Single Fail-on

101 Things To Know About Single Sign On

Integrating Single Sign On With PeopleSoft

Integrating HRMS With LDAP and Single Sign On

Authentication - Enterprise Security:


Battling Botnets and Rootkits - A Layered Identity Strategy

Network Access Control Security Strategy:


Network Access Control Security Strategy 2006

Federated Trust:


Creating a Federated Authentication Trust




Password Authentication Single Sign On Authentication Access Control Authentication Authentication-Enterprise Security Authentication Strength Authentication Transaction
Authentication Management User Authentication Authentication Federation Biometric Authentication PKI Authentication Token Authentication Wireless Authentication Document Authentication Authentication - Outsourcing