AuthenticationWorld Papers

Site Map
Privacy Policy
Link To Us
Resources

Papers!

Last year, 2009, I wote numerous white papers on identity and access management and related topics. Older papers are noted at the bottom of this page:

NERC and Identity and Access Management:
These are two papers I wrote this past spring (2009) on identity management and NERC CIP compliance.
NERC CIP and Identity Management - An Overview
NERC CIP and Identity Management - Detailed Analysis

This is a paper from this spring on why utilities should be using identity and access management.

Physical and Logical Security:

I recently did an interview with Sharon Watson from Security Squared. She published an edited version of out interview "Real World Physical-Logical Identity and Access Management". This is an excellent overview on my thoughts and experiences on physical and logical security. I strongly suggest you read it.

She then quoted me in an excellent article she wrote "One Person, One Identity, One Credential: Converging Logical-Physical Identity and Access Management". I also strongly suggest you read this as well.

This is a non-commercial paper discussing the challenges in integrating physical security with IAM:
Integrating the Two Worlds of Physical and Logical Security

These three papers are commercial papers aimed at the C suite describing why Quantum Secure is the best first step in integrating physical and logical security together:
CFO: How to Cut Costs and Streamline Regulatory Reporting
CSO: Improvng Security in Tough Economic Times
Facilities Manager: Reduce Costs Automate Process and Simplify Security Operations

This is a short commerical blurb on my services re physical and logical security

Identity and Access Management in Tough Times
Here is a paper I wrote with Derek Small from Nulli Secundus Inc. on why identity and access management should be an easy sell in tought times.

eHealth
These three papers are aimed at eHealth as it relates to content management. They are mostly the same paper aimed at different audiences (Ontario gov't, Canadian Federal Gov't and the US Gov't)
Ontario
Canada
US

AD:

I was frustrated with how so many enterprises I talk to say they are using AD for identity. It is a NOS directory, and not what they should be using for enterprise identities. Instead they should be saying and using ADAM. Here's a short commercial blurb I wrote on this.

Why Identity Management projects Fail:

I wrote this paper in 2009 as a result of me rescuing several large Fortune 500 identity projects. For newbies, who are contemplating identity projects, I think it's a good read.

OLDER PAPERS

Identity Verification

This is one of my favorite papers yet the most controversial. Three years ago I chatted with Sir Alex Jeffrey's founder of using DNA to identify people. He agreed with my intent to use DNA to link an identity to a person and to restrict who could do a search on your identity. However, many others didn't. They thought this was big brotther. Others raised points about genetic twins where DNA wouldn't suffice. I still believe that the thrust of this paper is the way forward in the future. Please read it and email with your thoughts!
The Challenges With Identity Verification

AuthenticationWorld.com

The business of authentication

Papers!

AD:

Why Identity Management projects Fail:

OLDER PAPERS

Identity Verification

Phishing:

Passwords:

Single Sign On:

Authentication - Enterprise Security:

Network Access Control Security Strategy:

Federated Trust: