Latest Entries

RSS Feed
  • FIDO Authentication – Down boy!


    Granted, no one is saying FIDO is the silver bullet for two-factor authentication. However, I get the impression that many people (and many senior executives in particular…) are thinking or at least hoping that maybe it is.  With the goal of putting FIDO into the proper perspective, this blog will go over some of the … Read more >>

    Email
  • Impact of Heartbleed for Gluu Customers


    This blog provides a good analysis to understand the impact of Heartbleed: http://www.gluu.co/cacert-heartbleed If you are running a Shibboleth IDP front ended by an Apache HTTPD server, the private SAML IDP key in the JVM’s memory (i.e. tomcat) would not be exposed to the Apache httpd process. However, if the web server’s private key is … Read more >>

    Email
  • CACert Heartbleed Notification


    This note I received from CACert today. It provides a good overview of the HeartBleed vulnerability.See also Shibboleth Security AdvisoryDear customer, there are news [1] about a bug in OpenSSL that may allow an attacker to leak arbitrary information from any process using OpenSSL. [2] We contacted you, because you have subscribed to get general … Read more >>

    Email
  • 2FA for every site on the Internet?


    You’ve probably seen http://twofactorauth.org: This site totally misses the point. I think Walmart should be congratulated for not rolling out 2FA. A tightly bundled solution that just solves two factor authentication for their website (which I almost never visit) or in their stores (which I am almost never in), is fantastic. Nice work Walmart!!! The … Read more >>

    Email
  • The Intersection of SaaS, Enterprise Software, and Open Source


    The delivery of software has fundamentally changed over the last decade. SaaS applications have enjoyed broad adoption across SMB’s and large enterprises. But let’s not get carried away… not all enterprise IT services will move to SaaS. And when it comes to the keys to the kingdom — enterprise identity and credential management — SaaS … Read more >>

    Email
  • SCIM versus LDAP !


    When it comes to pushing users to the Gluu Server, customers can use either the LDAP interface, or the SCIM interface. Which one should I advise them to use? Ok, I admit it… I love LDAP. Me and about a thousand other weirdos scattered across the globe. What more do programmers want? UnboundID has written … Read more >>

    Email
  • Who Are You? From Meat to Electrons and Back Again


    SXSW 3/10/14 From our perspective, websites are in cyberspace. But from the website perspective, you and I… are in “meat-space.” In 1984, William Gibson coined the term “MeatSpace” in his book Neuromancer. “Meat Space” is the physical world where our bodies (“pieces of meat”) move around and do meat-like things, like go shopping, brush our … Read more >>

    Email