As you might be aware, after 4 years the EU PRIME Project (Privacy for Identity Management in Europe) has come to an end. But it is not all over … The EU PrimeLife Project is going to be one of its follow-ups:
“The European Union is to spend £7.8m on a three-year project to enhance users' privacy in social networks, virtual communities and other Web 2.0 technologies. PrimeLife's short-term goal is to provide scalable and configurable privacy and identity management in new and emerging internet services and applications. In the longer term, it aims to develop tools that will protect individuals' privacy throughout their life.
Jan Camenisch, PrimeLife's technical leader, said everyone who used the internet left "virtual footprints" that others could collect and use without their knowledge. This was made possible by advances in technologies for data collection, unlimited storage, and reuse and lifelong linkage of these digital traces, he said. …” (more details are available in Ian Grant’s article).
Additional details are available in another article by Bryan Betts, Techword:
“PrimeLife's co-ordinator is IBM's Zurich research laboratory, and it follows on from an earlier EU-backed project into identity management systems, called Prime (Privacy and Identity Management in Europe). Where Prime was mostly concerned with identity management (see its white paper here), PrimeLife will go beyond that to address privacy management and trust issues across a user's entire lifespan from childhood to old age, said IBM cryptography researcher Jan Camenisch, who is the project's technical leader.
…”
Finally, this article provides some additional information on its scope and participants:
“Several PrimeLife partners are participants in industry and standardization groups such as the World Wide Web Consortium’s PLING, Liberty Alliance, ISO/IEC JTC 1, and ITU. Furthermore, PrimeLife will work and interact with relevant open-source communities such as Higgins, as well as with other research projects in order to achieve the sustainability of these project results.
PrimeLife’s multidisciplinary consortium consists of the coordinator, the IBM Zurich Research Laboratory, Switzerland, and project partners from various countries: Center for Usability Research & Engineering, Austria; Katholieke Universiteit Leuven, Belgium; GEIE ERCIM, France; Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein, Technische Universität Dresden, Johann Wolfgang Goethe-Universität Frankfurt am Main, Europäisches Microsoft Innovations Center GmbH, Giesecke & Devrient GmbH and SAP AG, Germany; Università degli Studi di Bergamo and Università degli Studi di Milano, Italy; Stichting Katholieke Universiteit Brabant, The Netherlands; Karlstads Universitet, Sweden; and Brown University, United States of America.”
--- NOTE: my original HP blog can be found here ---
Friday, March 28, 2008
Tuesday, March 25, 2008
New HP Security Handbook
The new HP Security Handbook is available for download, online.
This handbook provides a view into all the different threads of security that HP works in. Much of the content is focused on the three pillars of our security strategy: Identity Management, Proactive Security Management and Trusted Infrastructures. The handbook also describes how Governance issues fit into our security strategy and provides an insight into the security research work done by HP Labs.
Additional information about HP security initiatives is available here.
--- NOTE: my original HP blog can be found here ---
This handbook provides a view into all the different threads of security that HP works in. Much of the content is focused on the three pillars of our security strategy: Identity Management, Proactive Security Management and Trusted Infrastructures. The handbook also describes how Governance issues fit into our security strategy and provides an insight into the security research work done by HP Labs.
Additional information about HP security initiatives is available here.
--- NOTE: my original HP blog can be found here ---
Saturday, March 22, 2008
Whitepaper: Risk Management and Compliance Rate High as Drivers of Identity, Access and Security Management
A recent article (appeared on Compliance-Magazin.de) provides an overview of a whitepaper (sponsored by Novell) stressing the importance of risk management and compliance as key drivers for identity management:
“It’s no secret that security and compliance violations today can prove disastrous. Corporate fumbles can quickly become headlines, thrusting customers into the waiting arms of the competition. Well thought-out governance, risk and compliance (GRC) strategies help companies, large and small, to avoid those nasty entanglements.
Compliance is no longer the four-letter word that it used to be, a mandate imposed by outside forces. "Today, compliance is more often self-imposed," says Ross Chevalier, CTO Canada for Waltham, Mass.-based Novell. "It’s a differentiator, an opportunity to prove trust and competence."
Perhaps that change in mindset stems from the fact that getting the corporate house in order and preparing for audits doesn’t have to be as convoluted as once expected. "If we achieve our security goals, proving compliance is simple,” says Mike Johnson, security architect for Ingersoll Rand. And, according to a recent survey by IDG Research Services, that’s exactly what smart business and IT leaders are doing. This report sheds new light on why many companies are implementing identity, access and security management to automate the compliance process …”
Here are some of the key “findings” of the research:
--- NOTE: my original HP blog can be found here ---
“It’s no secret that security and compliance violations today can prove disastrous. Corporate fumbles can quickly become headlines, thrusting customers into the waiting arms of the competition. Well thought-out governance, risk and compliance (GRC) strategies help companies, large and small, to avoid those nasty entanglements.
Compliance is no longer the four-letter word that it used to be, a mandate imposed by outside forces. "Today, compliance is more often self-imposed," says Ross Chevalier, CTO Canada for Waltham, Mass.-based Novell. "It’s a differentiator, an opportunity to prove trust and competence."
Perhaps that change in mindset stems from the fact that getting the corporate house in order and preparing for audits doesn’t have to be as convoluted as once expected. "If we achieve our security goals, proving compliance is simple,” says Mike Johnson, security architect for Ingersoll Rand. And, according to a recent survey by IDG Research Services, that’s exactly what smart business and IT leaders are doing. This report sheds new light on why many companies are implementing identity, access and security management to automate the compliance process …”
Here are some of the key “findings” of the research:
- Risk management and compliance rate high as drivers of identity, access and security management.
- The ability to "prove” compliance is revealed as the top benefit of implementing identity, access and security management solutions.
- When it comes to successfully identifying and managing risk, many companies score lower than one might expect.
--- NOTE: my original HP blog can be found here ---
Monday, March 17, 2008
PRIME Project Closing Event
The EU PRIME Project “Closing Event” is going to happen on Monday, July 21 2008, at the Katholieke Universiteit Leuven.
This event, held in conjunction with the 8th PET Symposium 2008, includes presentations of the PRIME results:
This event, held in conjunction with the 8th PET Symposium 2008, includes presentations of the PRIME results:
- Display of Application Prototypes (integrated Prototype, LBS, Collaborative eLearning, OnionCoffee, PRIME tutorials)
- Social, legal and economic requirements, framework and architecture, policies
More information and registration details are available here.
--- NOTE: my original HP blog can be found here ---
Thursday, March 13, 2008
On 2008 Trends in Identity Management …
A recent article (published by sourcewire.com) provides an overview of the ten predominant topics and trends in Identity Management in 2008, based on an analysis provided by the analyst group Kuppinger Cole + Partners.
Here is the list of these trends:
Here is the list of these trends:
- Trend No. 1: OpenID, InfoCards, CardSpace – Identity 2.0 is becoming part of real life
- Trend No. 2: Governance, Risk Management, Compliance as a “superstructure”
- Trend No. 3: Open systems and modules instead of monolithic suites
- Trend No. 4: SOA and IAM are growing together
- Trend No. 5 Authentication and authorization in the context of the user
- Trend No. 6 Privacy and data protection regain in importance
- Trend No. 7 More, not less vendors
- Trend No. 8 Secure online banking – finally!
- Trend No. 9: Information and identities are linked: “Enterprise Information Management”
- Trend No. 10: Federation is growing up – slowly
I particularly believe that trend number 2 is happening, i.e. the fact that Governance, Risk Management and Compliance (GRC) are more and more influencing the way IT is perceived, managed and run. GRC is influencing CISOs/CIOs and their decision making process, including investments in Identity Management and related requirements.
I really agree that the change we are going to experience is from administration-focussed to business-orientated Identity Management.
--- NOTE: my original HP blog can be found here ---
Monday, March 10, 2008
PRIME Tutorials
With the EU PRIME Project coming to an end, a few tutorials have been published online:
- General Public Tutorial: “Privacy issues are not only a phenomenon of the digital world. In the offline world, we are also confronted with privacy issues – consciously as well as unconsciously. This tutorial raises awareness for this topic and gives an overview of privacy issues which are typically associated with the use of information technologies in the digital world. Solutions to avoid risks concerning privacy issues were pointed out and possibilities of protecting privacy in the digital world are shown.”
- Advanced Tutorial: “The Advanced Tutorial (for developers, decision makers and privacy commissioners) introduces selected concepts and core ideas which are relevant at current state of the project PRIME and addresses primarily developers and researchers in the field of privacy-enhancing identity management.”
--- NOTE: my original HP blog can be found here ---
Friday, March 7, 2008
Announcing the “Digital Identity Protection 2008” Workshop
The Call-for-Paper of the “Digital Identity Protection 2008 Workshop” is now available online. This workshop is organised in the context of the “International Conference on Security and Management” (SAM 08) at WorldCom 08 (the 2008 World Congress in Computer Science, Computer Engineering and Applied Computing):
“To support emerging online activities within the digital information infrastructure, such as commerce, healthcare, entertainment and scientific collaboration, it is increasingly important to verify and protect the digital identity of the individuals involved. Identity management (IdM) systems have improved the management of identity information and user convenience; however they do not provide specific solutions to address protection of identity from threats such as identity theft and privacy violation. Moreover, current IdM systems do not consider various types of identity information which are increasingly becoming an integral part of an individual's identity; such as biometric, history information, user device ensembles and so on. Such types of identity data also need to be used with other digital identifiers and protected against misuse.”
This workshop aims at discussing solutions for the protection of digital identity. Researchers and practitioners are encouraged to participate and submit papers on topics including, but not limited to the following:
“To support emerging online activities within the digital information infrastructure, such as commerce, healthcare, entertainment and scientific collaboration, it is increasingly important to verify and protect the digital identity of the individuals involved. Identity management (IdM) systems have improved the management of identity information and user convenience; however they do not provide specific solutions to address protection of identity from threats such as identity theft and privacy violation. Moreover, current IdM systems do not consider various types of identity information which are increasingly becoming an integral part of an individual's identity; such as biometric, history information, user device ensembles and so on. Such types of identity data also need to be used with other digital identifiers and protected against misuse.”
This workshop aims at discussing solutions for the protection of digital identity. Researchers and practitioners are encouraged to participate and submit papers on topics including, but not limited to the following:
- Identity threat analysis
- Identity theft by malware
- Protection from social engineering attacks
- Identity security and assurance protocols
- Key management techniques
- Security algorithms for identity protection
- Surveillance technologies
- Location based identity management
- Mobile identity management
- Identity encryption technologies
- Identity management in grid systems
- History based identity reputation system
- Biometric technologies
- Application of trusted computing to identity protections
- Secure identity management for healthcare and finance
--- NOTE: my original HP blog can be found here ---
Wednesday, March 5, 2008
National Security vs. Privacy?
This article provides an overview of a recent survey conducted by Quest Software involving 474 employees of federal, state, local and municipal agencies:
“At least according to a survey conducted in January by Quest Software among 474 employees of federal, state, local and municipal agencies, 53% considered national security more important than personal privacy. Only 33.8% felt that personal privacy concerns were more important than national security. 15% of the federal respondents came from DHS, DOJ and HHS …
The survey indicates that although most government IT professionals (69%) believe that identity management is “very important” to their organization or agency, even more overwhelmingly believe its importance will increase (72%) in the next five years. A large majority of government IT professionals report that their organization or agency has complied with the following steps: secured information systems (76%), secured personnel information (72%), and secured access to facilities (75%).”
This article also reports these interesting comments by Paul Garver, Quest Software vice president:
“I would expect this type of finding if we had a large Defense Department audience, but our audience was mostly civilian agencies. A large part of the government’s position deals with national trust and security. This finding is a result of the focus on national security by so many civilian agencies.”
The final part of the article provides the highlights of the survey …
--- NOTE: my original HP blog can be found here ---
“At least according to a survey conducted in January by Quest Software among 474 employees of federal, state, local and municipal agencies, 53% considered national security more important than personal privacy. Only 33.8% felt that personal privacy concerns were more important than national security. 15% of the federal respondents came from DHS, DOJ and HHS …
The survey indicates that although most government IT professionals (69%) believe that identity management is “very important” to their organization or agency, even more overwhelmingly believe its importance will increase (72%) in the next five years. A large majority of government IT professionals report that their organization or agency has complied with the following steps: secured information systems (76%), secured personnel information (72%), and secured access to facilities (75%).”
This article also reports these interesting comments by Paul Garver, Quest Software vice president:
“I would expect this type of finding if we had a large Defense Department audience, but our audience was mostly civilian agencies. A large part of the government’s position deals with national trust and security. This finding is a result of the focus on national security by so many civilian agencies.”
The final part of the article provides the highlights of the survey …
--- NOTE: my original HP blog can be found here ---
Monday, March 3, 2008
Call For Papers - ACM DIM 2008
The CfP for the 4th ACM Workshop on Digital Identity Management – DIM 2008 (Oct 31, 2008 at George Mason University, Fairfax, VA) is now available online. Please consider submitting a paper. This year DIM’s focus is on “Services and Identity”:
“As the competitive edge of the global economy is shifting to “services” delivered over the Internet, we need a way of making identity available on-demand to the services in an open, scalable, and secure manner. Identity for services is a holistic concern that must satisfy technology, regulatory and business needs for existing and emerging markets, such as Software as a Service (SaaS) and Service Oriented Architectures (SOA). Identity services should introduce consistency, efficiency and scalability in IT infrastructures built on the Internet to form the new “identity layer”. Also, it should be easy for developers to incorporate identity services as part of distributed application logic.
To fully achieve the potential benefits of identity managed as a set of services, such as cost-effectiveness and shorter deployment times, several security and privacy challenges must be addressed. Such challenges arise because of the complex and distributed systems across different organizations involved in identity service offerings. The goal of the workshop is to lay the foundation and agenda for further research and development in this area. Under the broad umbrella of “Services and Identity”, we encourage both researchers and practitioners to participate and submit papers on topics including, but not limited to the following:
“As the competitive edge of the global economy is shifting to “services” delivered over the Internet, we need a way of making identity available on-demand to the services in an open, scalable, and secure manner. Identity for services is a holistic concern that must satisfy technology, regulatory and business needs for existing and emerging markets, such as Software as a Service (SaaS) and Service Oriented Architectures (SOA). Identity services should introduce consistency, efficiency and scalability in IT infrastructures built on the Internet to form the new “identity layer”. Also, it should be easy for developers to incorporate identity services as part of distributed application logic.
To fully achieve the potential benefits of identity managed as a set of services, such as cost-effectiveness and shorter deployment times, several security and privacy challenges must be addressed. Such challenges arise because of the complex and distributed systems across different organizations involved in identity service offerings. The goal of the workshop is to lay the foundation and agenda for further research and development in this area. Under the broad umbrella of “Services and Identity”, we encourage both researchers and practitioners to participate and submit papers on topics including, but not limited to the following:
- Identity management for SaaS
- SOA for identity
- Scalability issues in identity management
- Resilient identity service provisioning
- Dynamic mutual trust negotiation
- SLA for identity services
- Identity based access control
- Migration to identity services
- Identity service discovery
- Virtual directories
- Identity management process assurance
- Identity life-cycle
- Externalization of identity
- Risk management for identity
- Identity oracles
- Translation and resolution of namespaces
- Network transport as a service
- Privacy and hosted services
- Mobile identities
- Balance between de-centralization of identity and centralization of controls
- Privacy preservation during orchestration of services in multiple domains”
Subscribe to:
Posts (Atom)