Tag Archives: security

Trade Magazine Hub and whitepapers

I found a [very nice site](http://bit.ly/xPWCpi) that acts as a hub for an extensive number of industries, detailing trade magazines, white papers, downloads and *podcasts* by sector. It is webified so is searchable by keyword and can allow you to consume updates as *rss*. I’m countint 23 industry sectors, ranging from *Agriculture* to *Utility and Energy*, including *Life Sciences*, *Education*, *Healthcare* and *Finance*.

So, the breadth of the curation is good, and there is a clear amount of energy being placed into it by the staff, but they fail to make some simple integrations that would make the resource Web 2.0. When you click through to a particular resource you are exported out to the host site (in at least the cases that I tested) where you are challenged by another information gathering process. Why not simply create a single profile and home it on the hub site, and push that information across to the next site as a roaming profile. There are plenty of to do this, e.g, [openid](http://en.wikipedia.org/wiki/OpenID), [hCard](http://en.wikipedia.org/wiki/HCard), or there is the upcoming [Windows 8](http://www.geek.com/articles/news/windows-8-cloud-powered-roaming-user-profiles-revealed-20110427/) to act as a target for what a large percentage of the public should be able to leverage soon enough.

While I appreciate the efforts gone into by the hub, you can clearly see the tensions of each organization to get what they need out of the experience of the user accessing the site, namely, *their marketing information*. And while I’m certain that those marketing people need that data to sustain themselves, it is not *user-centric* in its approach. It adds clicks (keyboard as well as mouse!) making it onerous.

Several sites dark for SOPA protests

Today is the day that sites have banded together to raise awareness about [SOPA and PIPA legislation](https://www.eff.org/deeplinks/2012/01/january-18-internet-wide-protests-against-blacklist-legislation). There are two bills, SOPA in the House and PROTECT IP ACT (PIPA) in the Senate. Important sites have gone dark, at least on their logos, as a way of raising awareness and protesting the potential legislation. Continue reading Several sites dark for SOPA protests

Tracking in your browser with site cookies, how to monitor, how to stop it

[DuckDuckGo](http://donttrack.us/) has a well worthwhile explanation of what is going on that any heavy user of internet traffic who is privacy minded, or even privacy curious, should read. The fact that these profiles are being sold to the likes of insurance companies is *outrageous*. The link also displays some helpful tools to add to your browser toolbox to combat it. I want to delve a bit into another one not on the site. Continue reading Tracking in your browser with site cookies, how to monitor, how to stop it

ID provisioning with clouds

The architectural ideal is to have a single source of authority for identity and AuthN/Z claims, hopefully based on something nice and open like LDAP. Then we began to see lots of federated identity solutions entering with SAML type federations. This, and SaaS solutions in the cloud take us back to the days of multiple identity silos maintaining duplicate (at least partially) records of identity. SaaS providers even see this identity that they maintain as a business asset with which they can create stickiness with their platforms. Questions arise in terms of comparisons of internal provisioning with cloud use models, typical workflows and functions required for cloud provisioning, synch of id profiles and attrs, and what motivates SaaS providers in terms of identity stores. Continue reading ID provisioning with clouds

SAS 70 -> SSAE 16 – What does it impact?

As you probably know, there is a new specification for the security audit. It
was [SAS 70](http://en.wikipedia.org/wiki/Statement_on_Auditing_Standards_No._70:_Service_Organizations), but is now [SSAE 16](http://www.aicpa.org/Research/Standards/AuditAttest/Pages/SSAE.aspx). This is an important consideration if you are consuming a service from someone else, or if you provide a service to someone. Somewhere in that mix, if you have auditors, you are going to run into the new SSAE 16. Continue reading SAS 70 -> SSAE 16 – What does it impact?

MIT cracker arrested trying to download millions of JSTOR articles

Aaron Swartz, a fellow at Harvard’s Center for Ethics, is a 24-year old online activist who was charged with breaking into a wiring closet at MIT and making unauthorized downloads of 4M+ JSTOR articles. Continue reading MIT cracker arrested trying to download millions of JSTOR articles

Do you have any of the top 25 coding errors in your code?

This year’s list of the [top 25 coding errors]() was released by the [Common Weakness Enumeration]() project. Development teams and management should be aware of these trends and use them as quality requirements lists in their own development processes. Continue reading Do you have any of the top 25 coding errors in your code?

InCommon expands to include research labs

[InCommon](http://www.incommon.org/basics.html) has just added [National Research Labs](https://spaces.internet2.edu/display/InCCollaborate/2011/06/21/InCommon+Expands+to+Include+Research+Organizations) to its federation, but still has an incredible distance to go to get a [significant amount](http://chronicle.com/article/Chasing-the-Single-Password/65343/) of the US HE space on board. But all of these places will not have true, enterprise SSO, since the advent of services across the network will break the single identity model. Are your users using twitter, fb, etc.? probably, even if you don’t know it. [Shadow systems](http://seanmehan.globat.com/blog/2011/06/17/it-empire-balkanizaiton/)! And this breaks your myth of true enterprise SSO and single identity.