Archive for the ‘Identity Management’ Tag

Oracle Puts Sun In Its Pocket

This morning, a piece of news hit me like a stack of bricks: Oracle will acquire Sun for approx $7.4 billion.

We can surmise that Oracle was licking its chops just thinking about MySQL complementing Oracle’s database business. Another huge gain for Oracle is Java, which is what Oracle based their middleware strategy on.

This being an identity management blog, I need to put the question out there. What are the ramifications of this acquisition do in the identity space? Is Oracle now the official big man on campus? Has this effectively strengthened Oracle’s weakness in their Identity Management offering (mainly role management)?


Identity Access Management 2.0

Check out Symplified‘s upcomming webcast to learn about how Services 2.0 and SaaS security are coming together to revolutionize identity and access management.

Date: Friday, Jan 16th

Time: 1:00PM EST / 10:00AM PST

Duration: 1 hour

Next generation approach to provisioning, access management and SSO are redefining IAM

The Identity Enclave

We all have our own distinct identities: at home, at work, and all throughout the internet. Each of these identities used to have its own logical boundaries that separated one from the other. But with more and more of our personal information becoming available on the internet, dots are now easily connected, and suddenly the boundaries are becoming blurred. Now all it takes is knowing how to use Google, and anybody can potentially hijack an identity within your organization. If a genius like David Kernell can do this, then pretty much anybody can. So how can an organization secure its identity enclave?

We can start by closing off this attack vector. David Kernell hacked Governor Palin’s email account by answering the Governor’s question and answer pairs to reset the password on the account. How did he know the answers? Google.

Question and answer pairs are an effective way to authenticate, and it’s probably not going away anytime soon. One way to strengthen the security of this method is to append or prepend a base passphrase to each answer.

Say your base passphrase was “MySecretPassphrase”. A question like “What is your favorite color?” could be answered as “MySecurePasshraseBlue” instead of just “Blue”. Ideally, the base passphrase would be something that is easy to remember such as song lyrics or even an old street address.

There are other ways to secure the question and answer pair method. Have some methods of your own? Leave a comment and let us know.

Also, don’t forget, Ian Yip’s survey on Managed Identity Services will be closed on Sunday October 12 at 11:59PM GMT. Take the survey if you haven’t done so, and share some of your thoughts on implementing Managed Identity Services and Outsourcing.