Video Screencast Help
Authentication (User) Blog
Showing posts tagged with cloud trust
Showing posts in English
nicolas_popp | 20 Apr 2011 | 0 comments

Last week, the White House announced its official National Strategy for Trusted Identities in Cyberspace (NSTIC). NSTIC is the largest-ever effort by the federal government and private sector partners (including Symantec) to develop a secure, standards-based and interoperable online identity system. The goal: Improve the security and privacy of online interactions and more effectively fight cybercrime. Today's announcement marks the culmination of two years of effort by VeriSign (first as an independent company and later as part of Symantec) to help bring this important initiative to life.

At the heart of NSTIC is the concept of an Identity Ecosystem based on trusted identity frameworks. Trusted identity frameworks are the lynchpin to...

nicolas_popp | 02 Jun 2010 | 0 comments

I have been involved with a couple similar initiatives around certification for identity and thought it would be interesting to explain the logic behind these efforts. The first initiative is led by the Open Identity Exchange and is based on the Open Identity stack. The second is more enterprise cloud focused; it is driven by the Cloud Security Alliance (CSA). The CSA is developing a more SAML-oriented technology blueprint within OASIS. The technology protocols are different but the risk controls are similar. Therefore, I am hopeful that both trust frameworks will converge (I will certainly try to help them converge).

But let us re-hash the motivation of the industry that sponsors these efforts. A trust framework is necessary to enable policy...

nicolas_popp | 10 May 2010 | 0 comments

When Achilles was a baby, the oracle predicted that he would die in battle from an arrow. Thetis, Achilles' mother who did not want her son to die decided to dip Achilles' body into the water of a river that would make him immortal. Unfortunately, Thetis had held Achilles by the heel which was not washed over by the magic water. Achilles grew up to be a Great War hero, whose apparent invincibility had turned him into a legend. But one day, an arrow shot at him was lodged in his heel, killing him instantly.

When it comes to consumer identity, Facebook looks more and more like the Achilles' of identity. Every day, it is growing more powerful and invincible. Yet, a growing stream of concerns is gradually exposing the social warrior's vulnerability to security and privacy. Nevertheless, as a website, Facebook...

nicolas_popp | 20 Apr 2010 | 0 comments

For most enterprise and security vendors, the cloud is fascinating both as a technology and a business disruptor. In fact, SAAS CEOs such as Successfactor, SalesForce and NetSuite are hot shots in Silicon Valley these days. Yet, most of us are still wondering how much IT budget is actually going to be thrown at the so-called private, hybrid and public clouds in 2010. So what is in the way of the big shift?

We had a good discussion on this topic at AlwaysOn today. At least, it seems that everyone agrees on the main challenges: integration is harsh, security is dicey and compliance seems out of reach. So, where do we start? I am starting to believe that there too, we need to provide a baseline for cloud security and trust. Like PCI for e-commerce, a certification for the cloud will not make the cloud completely secure, but it will at least provide a set of common definitions and best-practices...