![[RSS]](images/icons/feed-icon-16x16.png){kind=icon}
Sxip News RSSIdentity Issues
OpenID Momentum
15 February, 2008 - 3:07pm
Following last week's exciting announcement of numerous tech heavyweights joining the OpenID Foundation, it's great to see the new board move so quickly with their first meeting this week (you can follow their activities on the mailing lists). New to the board are: Google's DeWitt Clinton, IBM's Tony Nadalin, Microsoft's Mike Jones, VeriSign's Gary Krall, and Raj Mata with Yahoo!. Sxip's founder and CEO, Dick Hardt is a community member of the board and is the treasurer as well as the co-chair of the marketing committee. With over 10,000 websites currently supporting OpenID and approximately 350 million OpenID log-ins, we look forward to seeing OpenID momentum build even faster with help from the new board members!
OpenID Gains Major Corporate Backing
7 February, 2008 - 2:53pm
It's great to see Identity 2.0 technologies like OpenID gain yet more traction with today's announcement by Microsoft, Google, IBM, Yahoo!, and VeriSign joining the board of the OpenID Foundation. The Foundation was formed last year by seven community members (including Sxip) with the goal of helping support and promote the technology developed by the OpenID community.
Over half of North American Businesses to Use SaaS in 2008
25 January, 2008 - 4:13pm
Will this year be the tipping point for SaaS usage? New research from many analysts predict it. Saugatuck Technology states that by year end 55% of North American businesses will have deployed at least one Software-as-a-Service application. Similarly, by 2011 Gartner predicts SaaS will grow at double the rate of the total enterprise application market. And Forrester notes that the poster-child for SaaS, salesforce.com, is having a disruptive effect on the entire CRM market, suggesting that SaaS will comprise 25% of all new business software by 2011. With this growth however comes significant management and security challenges.
OpenID 2.0 Triples Adoption With Yahoo Support
17 January, 2008 - 5:47pm
Identity 2.0 got another boost today with Yahoo's announcement of support for OpenID 2.0. As one of the co-authors of the new OpenID 2.0 spec, we're delighted to see major internet portals like Yahoo with their 250 million user IDs, stand behind this emerging user-centric protocol. (For a great overview of OpenID 2.0's new capabilities see last month's ZDNet article, OpenID 2.0 Specification Released).
Identity breaches now over 200 million: losses doubled last year
9 January, 2008 - 4:44pm
The Privacy Rights Clearinghouse reports that identity data breaches as of January 5 have now reached over 215,000,000, more than double the amount reported as of January 5, 2007 of 100,000,000. Based on 2007 trends, it may well get worse. According to the Identity Theft Assistance Center, a non-profit coalition of major financial institutions, this year will bring more challenges for business and law enforcement with data security breaches growing in importance as a business issue. This is precisely why we need Identity 2.0, user-centric technologies that provide for greater privacy online.
Phishing for a decade: From Zero to $3 billion in 12 years
3 January, 2008 - 1:16pm
On this, the 12th anniversary of the first phishing attack it is dismaying to see phishing increasing not only in number to affecting in the US alone 3.6 million people at a cost of $3.2 billion, but also in new consumer and enterprise targets such as facebook and SaaS apps. This is precisely why we need Identity 2.0, with greater privacy and control for users online. Hopefully 2008 will see a reversal of this scary security trend, with the mainstream deployment of secure user-centric technologies such as Information Cards from identity selectors like Microsoft’s Windows CardSpace and Novell’s DigitalMe.
OpenID 2.0 Finalized: User Centric Identity For Christmas
5 December, 2007 - 3:10pm
The internet community got an early Christmas present this morning, after more than 18 months of work the OpenID Authentication 2.0 and OpenID Attribute Exchange 1.0 were released today as final specifications (”OpenID 2.0") at the Internet Identity Workshop. Kudos to David Recordon, Josh Hoyt, and Sxip's Dick Hardt (three of the authors and editors)! There are already several open source libraries shipping these specifications with product support including Drupal and Google’s Blogger (via Sxip’s library). Multiple OpenID Providers including Sxipper also already have support for both of these specifications. Additional security extensions for phishing-resistant authentication are also available with PAPE. The finalization of the specs brings us one step closer to our Identity 2.0 vision of enabling individuals to create and manage their online digital identities. Find out more on OpenID.net.
Gartner: Phishing Attacks are Targeting SaaS Applications
4 December, 2007 - 4:54pm
Gartner has just published new research with similar findings to Sxip's Security Bulletin stating, "Targeted phishing attacks will increasingly focus on software-as-a-service (SaaS) offerings that store large quantities of customer and business information" and that "users still are falling for phishing attacks, and the most dangerous of these are focusing on high value targets, like sales force automation and CRM systems." They recommend strong enterprise security programs for SaaS providers. We agree, however we suggest more advanced measures with no web form login by users, such as authentication with emerging Single Sign-On technologies like Information Cards, to substantially reduce the the phishing risk.
CRM Phishing - Brand Theft
30 November, 2007 - 2:51pm
Sxip's founder & CEO, Dick Hardt, has just published on his Identity 2.0 blog a posting on a disturbing new trend concerning enterprise phishing and on-demand applications. He notes, "Previously considered a threat for consumers, phishers are now targeting an enterprise’s customer list and using it to launch attacks against the enterprise customer - exploiting the enterprise brand." The effect this has on the compromised brands alone, (aside from the data and financial losses), is cause for concern -- as cited in a survey published earlier this week that found public confidence in consumer brands is dramatically affected by phishing attacks. Fortunately new phishing-resistant security measures can be undertaken using user-centric technologies such as Information Cards. Read our new Security Bulletin (pdf) to find out more, or join us as IIW next week, where this will be a topic for discussion.
Gartner: SaaS market to surpass $5 billion this year
15 August, 2007 - 10:52am
New research from Gartner predicts that the Software-as-a-Service market will increase 20% this year over last to $5.1 billion and that by 2011 it will more than double to $11.5 billion. The drivers they list for this growth over traditional software include, "Ease of use, rapid deployment, limited upfront investment in capital and staffing, plus a reduction in software management responsibility.” With multiple SaaS application usage however comes traditional enterprise IdM needs, such as securing user access, managing users, and of course web single sign-on. Our on-demand identity management solution, Sxip Access, addresses these issues and more for the majority of popular SaaS applications including Salesforce and Google Apps.
OpenID Code Bounties Awarded: Congrats Drupal, Plone & DotNetNuke
26 July, 2007 - 10:57am
Congratulations to the open source projects Drupal, Plone and DotNetNuke for their integration of OpenID, a user-centric digital identity framework. Announced at this year's O'Reilly Open Source Conference, each project will receive $5000. The OpenID Code bounty program was introduced last year at OSCON with the goal of raising awareness and increasing adoption of OpenID. These three winning projects are the first of ten which will be awarded by the newly formed OpenID Foundation. Sxip Identity is proud to be a part of the Foundation's Board and looks forward to continuing our role in helping manage all of the legal and infrastructure details that come with a large open source project like OpenID. For more details about the bounty program and how you can participate, visit http://iwantmyopenid.org/bounty.
Mitigating Business Identity Theft: SaaS Anti-Phishing & Sxip Access
25 July, 2007 - 10:31am
Analyst James Van Dyke expressed concern in the Javelin Research blog last week about recent phishing emails where a popular software-as-a-service application was being impersonated. He worries about the ramifications of a company with such a huge database being the target of ID theft and recommends a "prevention, detection and resolution" model for battling criminals and keeping customers. Our on-demand identity management solution, Sxip Access, can assist with the prevention component of that battle. We provide enhanced phishing protection for SaaS apps through a number of methods including: two-factor authentication, CardSpace access support, and single sign-on with SAML tokens.
The Cost of Online Fear: $2 billion and counting
6 June, 2007 - 2:14pm
Today's report by analysts eMarketer finds that the undermining of consumer confidence in online security has resulted in a substantial decrease in e-commerce activity. American internet users are adjusting their online behavior to avoid identity theft by visiting fewer sites, ceasing to bank online and purchasing less online. The study claims that approximately 3/4 of Americans are concerned about identity theft and 1/4 are now limiting their e-commerce use. Ben Macklin author of the study states, "not even counting the actual losses to fraud and theft suffered by internet users and businesses, which are not insubstantial, the loss of potential online revenue is enormous."
Microsoft to Work With the OpenID Community, Collaborating With Sxip, JanRain, and VeriSign
6 February, 2007 - 9:01am
Sxip, JanRain, Microsoft, and VeriSign will collaborate on interoperability between OpenID and Windows CardSpace to make the internet safer and easier to use.
Identity Breaches Tops 100 Million: US President Seeks Public Input
4 January, 2007 - 11:56am
The Privacy Rights Clearinghouse recently reported that there have now been over 100 million incidents of compromised identity records in the US. As of today, the security breaches containing sensitive information totaled 100,453,858. In response, the Federal Identity Theft Task Force announced that they are seeking public comment on ways to improve the effectiveness and efficiency of federal government efforts to reduce identity theft. The Task Force was established last summer and will accept comments on their website until January 19.
EC Threatens War on Spammers and Phishers
27 November, 2006 - 12:50pm
The European Commission today warned member states to better their efforts to "address 'professional' spammers, phishers and the spreading of spyware and malware" or they would face legislative controls to combat it. The warning follows publication of a study that found up to 85% of all email received in the European Union is spam.
Phishing Attacks Almost Double in Two Years Costing Billions in Losses
17 November, 2006 - 9:54am
A new study from Gartner Research found that over 100 million US adults have received phishing scams this year, almost twice the number of attacks in 2004 of 57 million. They estimate that financial losses from the attacks have amounted to more than $2.8 billion for 2006.
The Globalization of Personal Data and Surveillance
15 November, 2006 - 11:23am
Queen's University published a fascinating study yesterday, on the effects of surveillance by governments, employers, and the private sector via technologies such as personal computers, biometrics, and GPS. The largest international survey of its kind, they found a high level of concern in many parts of the world about the intrusiveness of post 9/11 laws. The issues covered include: control over personal data, consumer surveillance, national ID cards, workplace privacy, knowledge of privacy regulations, and public trust in government.
Canadians protect data privacy best
3 November, 2006 - 8:12am
It's great to be a Canadian company, eh? Canada received the highest score of five for its legal limits on the keeping of private data in a study released yesterday on privacy protection. The report by London-based Privacy International, ranks countries on various privacy-related issues. Overall, Canada placed second in the world (behind Germany) with signficant privacy protections and safeguards in place. The only two countries to receive that ranking.
Kudos to Jotspot and Google for Supporting User Data Privacy
1 November, 2006 - 5:20pm
I just read that following Jotspot's acquisition by Google, they sent an email out to customers offering to not transfer their data over to Google if so desired, and offered to help them export it if they want. Otherwise, the data, which in an application wiki like Jotspot could be anything from a collaboratively edited family site to a small business's internal communication hub, would be sent to Google. They stated, "Your data is yours — that doesn't change at Google... we want to provide you with the opportunity to retrieve your user information and cease usage of the JotSpot service before the transition." Kudos to both companies for providing this type of proactive privacy protection!
Tired of logging into stuff?
31 October, 2006 - 2:30pm
Darren Barefoot and the rest of us need Identity 2.0. He discussed the problem of web single sign-on in his blog posting earlier today. He shows the tedium of repeated username and password login into the many sites he accesses on a daily basis in this entertaining short video. He states, "I don’t know much about identity management, but it isn’t high time somebody solved this problem? Smart people have been working on this issue for, like, a decade and I still don’t have a ID that I can even transfer between a few sites." Darren, it's coming! Identity 2.0 technologies like Whobar allow websites to offer web SSO for login with user-centric solutions such as OpenID and Microsoft CardSpace. Tell the websites you use to end the identity silo madness and support us.
Why 79% of enterprises will need delegated authentication
26 October, 2006 - 10:53am
According to IDC, enterprises are increasing investments in SaaS solutions more than 20% annually. They expect SaaS to be a $10 billion market within three years and say that 79% of enterprises are currently purchasing or reviewing SaaS solutions. Erin Traudt, IDC's SaaS Research Analyst, notes that security concerns are continuely cited when they conduct their surveys. However, Sxip believes the security issues surrounding on-demand applications can be lessened through the use of delegated authentication.
Identity 2.0 Progress: Technorati & Province of Ontario Endorse Emerging User-Centric Technologies
20 October, 2006 - 4:11am
We're delighted to see recent reports regarding the Ontario Privacy Commissioner, Dr. Ann Cavoukian's active support of Kim Cameron's Seven Laws of identity. She believes that once a universal method to connect identity systems and ensure user privacy is developed, that there will be an “Identity Big Bang.” Progress is also being made with OpenID, with the Technorati announcement yesterday that bloggers will now be able to claim ownership of their blogs with OpenID credentials and that more work in support of OpenID is on the way.
Sxip the Passwords & Use Delegated Authentication
18 October, 2006 - 9:12am
At last week's Dreamforce conference we demonstrated how easy and safe it is to use delegated authentication for Salesforce login. ITPro covered this in their article today on Sxip the passwords, get an identity, noting that with delegated authentication Salesforce users can login with their standard account system thus not requiring yet another set of accounts and passwords to manage and store in case users forget them. Thus the option to use your existing tools will be welcome to larger companies.
SaaS Delivery Challenges On-Premise Software & Why They'll Need IdM
6 October, 2006 - 12:45pm
Gartner Research recently reported that last year Software-as-a-Service (SaaS) accounted for 5% of all business software revenue. This amounts to approximately a $7 billion market this year. They predict that SaaS will reach 25% of new business software revenues in 2011, and roughly a $30-40 billion market. Given this massive increase in on-demand usage, businesses need to consider the identity management and security implications of using all these hosted applications.
BC Government Citizen Centric Identity 2.0 Initiative Popular at DIDW
25 September, 2006 - 3:16am
Kudos to the BC government for their presentation on the BCeID initiative at the Digital ID World conference. A great deal of interest was expressed in their Identity 2.0 citizen-centric efforts by others in the identity community.
Doppelgangers & ID Theft -- Why We Need Identity 2.0
22 August, 2006 - 10:10am
I recently came across a disturbing post about a professor who was the unfortunate victim of online identity theft with an unusual twist -- not for the intention of financial gain -- but rather to discredit him. Regardless if you agree with Dr. Myers' personal beliefs, activities by imposters like this are wrong and could be prevented with Identity 2.0.
Who are you? I really want to know (and can now easily find out)
14 August, 2006 - 4:20pm
Is your digital identity your personal intellectual property? Is your Google identity yours or someone elses? Mary Hodder posits these important questions in her Napsterization blog in response to the recent release by AOL of 19 million internet search queries by more than 600,000 of its members. This "Data Valdez" incident as coined by Kevin Bankston of the Electronic Frontier Foundation in the New York Times, brings to light the broader issues surrounding online identity aggregation, privacy, and anonymity.
My Federation? On user-centrism, federation & identity
13 August, 2006 - 9:43am
For the past few months there's been a heated dialogue amongst members of the ID Gang about the definitions of user-centrism and federation. The conversation started in earnest at the Burton Group Catalyst conference, continued at the Identity Open Space meeting, and many have weighed in on the issue since then. Why is a seemingly mundane discussion of semantics important? Issues of the user's role in identity exchanges, trust, freedom, and choice have significant implications for how the emerging identity architectures such as OpenID and InfoCard are designed. And correspondingly affects matters of privacy, liability, and scalability on the Web. The following is a brief overview of some of the key points:
Sxip joins consortium funding OpenID development
26 July, 2006 - 2:38am
Sxip has joined an alliance of IT companies that will be providing bounties of $5000 to encourage the integration of OpenID into leading open source projects. In addition to Sxip, the consortium includes claimID, Cordance, Four Kitchen Studios, International Webmaster Association, JanRain, NetMesh, ooTao, Opinity, VeriSign, ZoomR, and ZP3. We hope the Bounty Program will accelerate adoption of the user-centric, Identity 2.0, approach to digital identity on the web.
Identity 2.0 & Google, Not!
6 July, 2006 - 11:16am
Google has been under the identity gun ever since they announced an Account Authentication system that looks an awful lot like Passport, whereby instead of Microsoft, all your identity info in effect belongs to Google. Sxip's founder and CEO, Dick Hardt was the first to note the problems with this approach on his Identity 2.0 blog, and since then CNN, the Guardian, ZDNet, Microsoft's Identity guru Kim Cameron, and others have commented how problematic this approach to digital identity is.
Disturbing Identity Reports
23 June, 2006 - 11:08am
A couple recent news stories reinforce our belief in the need for Identity 2.0. The Anti-Phishing Working Group reported that May was a record month for phishing scams. According to the APWG there were 11,976 phishing websites last month, the most ever recorded, and a more than three-fold increase from 2005. Also of note, 34% of all phishing sites worldwide were hosted on infected American PCs! Other troubling announcements are from several US government agencies regarding the theft of identity data, including that of the FTC, Veterans Affairs, and the NNSA (which oversees the American nuclear weapons program).
Sxip Supportive of Novell's Bandit Open Source IdM Project
12 June, 2006 - 9:43am
Novell just announced the creation of Bandit, an open source project intended to unify disparate identity systems and provide a consistent approach to securing and managing identity. We believe the identity management industry needs a common approach to secure, role-based access and compliance reporting for the enterprise and open source projects like Bandit from Novell and Higgins are a great step in that direction. We see this as a natural complement to the user-centric Identity 2.0 efforts being made with SXIP and DIX and are excited to work with them on adding support of Bandit, Higgins and eDirectory.
Phishing at record levels according to APWG
2 May, 2006 - 1:37pm
A recent study by the Anti-Phishing Work Group has found that phishing attacks and phishing-based Trojans have reached record numbers, up by 30% and over 100%, respectively since last year. This and analysis like David Sifry's new State of the Blogosphere that show 60% of pings are from spammers, really make the case for Identity 2.0 and why we need a new means for handling identity and reputation on the Web.
Identity 2.0 Video Sequel Now Online
22 March, 2006 - 11:24am
In this follow up to the original Identity 2.0 video at OSCON last year, Dick's ETech keynote provides an informative, entertaining and fast paced examination of how user-centric identity on the Web would work with the new release of SXIP 2.0.
IBM & Novell Announce User-Centric IdM System
27 February, 2006 - 5:36am
We are excited to see IBM and Novell join the user-centric identity movement with the announcement of the Higgins Project, "a framework that will enable users and enterprises to integrate identity, profile, and relationship information across multiple systems". Being open source, it will be easy for Sxip to work with the Project to add support for SXIP 2.0, our simple, secure, and open protocol for exchanging identity information online.
Identity & Reputation Needed for Blogs: Spam Blogs and Spings on the Rise
16 February, 2006 - 8:33am
David Sifry's new State of the Blogosphere report finds that the blogosphere is continuing to double approximately every six months, and now numbers 27.2 million blogs. This makes the blogosphere 60 times larger than it was three years ago, with a new weblog being created every second! The downside to the massive growth is the notable increase in spam and fake pings or "spings".
Identity 2.0, Privacy & a Surveillance Society
25 January, 2006 - 12:03pm
David Shenk of the New York Times wrote an interesting article today on technology outpacing the public debate on security versus civil liberties. He notes that "In our post-9/11, protowireless world, democracies and free markets are increasingly saturated with prying eyes from governments, corporations and neighbors. For better and worse, free societies are fast entering the world of total surveillance." This is precisely why we need Identity 2.0 mechanisms, that can provide for privacy, anonymity, and security.
Identity Gang II Podcast on User-Centric Internet Identity
11 January, 2006 - 1:47pm
The leading experts in user-centric identity were recently conveyed for an in-depth podcast to discus what's been accomplished and their predictions for the coming year. We agree with moderator, Doc Searls', conclusion that significant progress has been made in the identity space with URL/URI based systems. As the blogosphere shows, these locations and pages are a way of representing identity that people are familiar with and are a means to how we get "there" (to widespread deployment) from "here" (developing identity sytems).
Liberty Alliance Joins the Personal Digital Identity Party
10 January, 2006 - 10:10am
The Liberty Alliance recently announced they're coming out with a federated identity management solution for individuals, called People Service. It's great to see the large organizations involved with the Alliance recognizing the value in individual internet usage, and their needs, and in social applications on the Web.
Digital ID World Now This Autumn
6 January, 2006 - 10:17am
It was recently announced that the Digital ID World conference will now be held in its customary fall timeframe instead of this summer as initially planned. The conference focus is managing the decentralization of identity and is scheduled for September 11-13 in Santa Clara. We're glad to see the change and we look forward to being a sponsor again this year.
Web 2.0 & World Peace?
5 January, 2006 - 3:03pm
An excellent overview of what Web 2.0 is, and is not, was published by Peter Wilson of the Vancouver Sun earlier this week in "The Future May Be Now: The Debate Over Whether Web 2.0 is the Next Big Thing in How We Conduct Our Online Lives". The story includes interviews with Sxip's Founder & CEO, Dick Hardt, as well as VC Paul Kedrosky.
On-Demand Tipping Point in 2006 & Other Analyst Predictions
27 December, 2005 - 7:38am
Analysts are predicting major disruptions for IT next year, many of which we view as applicable to the identity space particularly with respect to Web 2.0, open source, and on-demand.
Splogs, Spam, and Spings -- Why We Need Identity 2.0
22 December, 2005 - 11:49am
A recent analysis of the blogosphere by UMBC eBiquity Research Group at the University of Maryland found that 75% of pings from blogs are actually from "splogs" or spam blogs, which they say constitute 50% of all blogs! (Pings are messages sent from blog and publishing tools to a centralized network service, a Ping Server, providing notification of newly published posts or content. "Spings", or ping spam, are pings that are sent from a splog. A major issue recently has been these unjustified pings, or spings).
The Future is On-Demand
14 December, 2005 - 8:11am
Earlier this week John Fontana, Senior Editor for Network World, covered the "white-hot" popularity of software-as-a-service (aka on-demand). He cites two recent studies, which found that businesses are betting that on-demand is a part of their future. The AMR Research study shows that over 78% of respondents across major vertical industries and company sizes are currently using or considering on-demand. Similarly, 65% of respondents in the Cutter Consortium survey said they were using or considering on-demand.
New Structured Blogging Initiative Established
13 December, 2005 - 5:53am
Sxip Identity is participating in the new Structured Blogging Initiative, which was announced today at the Syndicate Conference in San Francisco. The Initiative supports the use of open standards to freely move and share structured content between different vendors' products and services on the Web. Established by a consortium of over 30 companies, the Initiative is intended to keep emerging standards inter-operable on how Web data is created and organized.
Majority of Internet Holiday Shoppers Fear Online Threats
2 December, 2005 - 3:52pm
A new survey by TRUSTe, a nonprofit privacy organization, found that over two-third of US Internet shoppers plan to limit their online holiday spending this year due to concerns over misuse of personal information. The top issues cited were: identity theft (49%), spam resulting from online purchases (39%), credit card theft (39%), and spyware (38%). The survey also found that privacy concerns would deter more than 40% of the respondents from buying from smaller online retailers.
Web 2.0 & User Identity Silos
30 November, 2005 - 9:29am
Jeremy Chone of Oracle, has just posted a thougthful look at Web 2.0. He describes the evolution of the Internet from its creation in the Web 0.x phase of "few to many" to today's inspiring and promising Web 2.0 "reinvigoration" phase. Jeremy suggests however there are limitations of realizing the Web 2.0 promise of true "everybody to everybody" participation. These hurdles to pervasive Internet collaboration are: user identity silos, interoperability mechanisms fragmentation, and limited Internet architecture utlization.
Over 75% of corporate computers spyware infected says IDC
17 November, 2005 - 4:39am
A new IDC study claims that over three-quarters of all corporate machines are compromised with various types of spyware. This can result in the capture of virtually all online activity and can lead to amongst other problems, identity theft, causing a threat to privacy and enterprise security.
Gillmor Gang Podcast on Web 2.0 & Identity 2.0
15 November, 2005 - 11:55am
A recent audiocast by the Gillmor Gang digerati at the end of the Web 2.0 conference last month explored amongst other topics, the problem of online identity silos and the need for Identity 2.0 -- a user-centric portable digital identity. Panelist Jon Udell of InfoWorld stated that there is hope for this to occur and gave examples of Sxip and Microsoft Infocard as heading in the right direction.
ID Theft Tops Future Crime Concerns In US
10 November, 2005 - 1:09pm
A wealth of information on identity theft has recently been released. The National Crime Prevention Council reported that ID Theft was seen as the most critical law enforcement topic over the next decade by 54% of survey respondents at the recent 2005 National Crime Prevention Council. The topic was also top of mind this week at the Digital ID World Financial Services Summit, at an ID Theft Forum in NY, and by the AntiPhishing Working Group.
Identity 2.0 Redux: Video from Web 2.0 Now Online
21 October, 2005 - 2:54pm
Dick's Identity 2.0 High Order Bit from the Web 2.0 conference earlier this month is now available online in several formats including: iPod video, Quicktime, Windows Media and Flash. Technology Evangelist Paul Miller provides an excellent commentary on our Identity 2.0 vision, noting that "so much of what we are trying to do is going to come down to cracking trust, identity, and reputation."
Two-Factor Authentication and Phishing
20 October, 2005 - 4:15pm
There's been a lot of discussion recently about two-factor authentication as an answer to the phishing problem. We agree with Derek Valada's conclusion that it's fine for the short term, but isn't a long term solution. Similarly, Bruce Schneir's perspective that phishing attacks are possible because of the inherent unverifiability of the internet, is dead on. Phishing and pharming are easy because authenticating on the internet is hard. What is needed is Identity 2.0, an online mechanism for authenticating and managing real-world user-centric identities.
Remixing RSS: Future Implosion or Saved by Identity 2.0?
30 September, 2005 - 8:22am
Roland Tanglao's fabulous presentation on Remixing RSS last week is now available online as a podcast. We agree with his assessment that one of the most interesting parts of the evening was the Q&A amongst the Web 2.0 user group members. The discussion revolved around what is going to happen to the future of RSS as it becomes increasingly popular -- will the signal to noise ratio be overwhelming and thus go the way of Usenet? Roland commented on the differences this time being: search engines, filtering, and if we have Identity 2.0.
Trusted Computing -- A Brave New World?
21 September, 2005 - 11:45am
The Electronic Frontier Foundation bring up some excellent questions surrounding Trusted Computing with respect to privacy invasion, "big brother" control, and vendor lock-in / anti-open source. Although Trusted Computing is tangential to our identity management focus; our Identity 2.0 vision of the Web is founded on giving control of digital identity back to the individual. Thus the concerns raised by the EFF are something that bears mention. They provide an excellent summary in Trusted Computing: Promise and Risk. Check out an informative and entertaining video that explains the issues in plain English!
Passwords will reach breaking point by 2007 says Gartner
19 September, 2005 - 10:39am
Gartner recently warned that in two years, 80% of organizations will have reached a password breaking point. They claim that passwords will become increasingly unusable as organizations try to stay ahead of hackers by making them more complex and increasing the frequency of changes. Ant Allen, Gartner Research VP, likened this to "rearranging the deckchairs on the Titanic".
Identity 2.0 now in video
8 September, 2005 - 5:11pm
Do you agree that the existing identity systems are falling behind? We believe that new systems are emerging that place identity in the hands of users instead of directories. Find out more about our Identity 2.0 vision from Sxip's founder and CEO, Dick Hardt's fastpaced keynote at the recent O'Reilly Open Source Convention. The presentation is now online and can be viewed on your own computer in large and small versions in Flash, Quicktime and Windows Media.
Kudos to the Katrina PeopleFinder Project
7 September, 2005 - 9:12am
The problem of proliferating Internet databases of the numerous Katrina refugees is attempting to be resolved through a worthy project, PeopleFinderTech, which is compiling data from databases across the Web into one central database. They're making use of on-demand technologies such as the Salesforce API to develop innovative technology solutions to the missing persons problem.
Online Banking Stalls Due to Phishing & Privacy Concerns
6 September, 2005 - 11:38am
A survey by polling firm Ipsos Insight that was released today, found online banking in the US has flattened after several years of dramatic growth mainly due to concerns over hackers stealing and using personal information and fears that some companies may be selling client records to third parties.
Phishing Attacks Up by 28% in 2005 in the US Says Gartner
30 August, 2005 - 9:50am
A study released earlier this summer states the the number of phishing attack email recipients grew 28 percent this year, according to a Gartner Research survey of 5,000 online U.S. consumers. They found that 57 million consumers in the United States had received a phishing e-mail during the prior year.
IAM market expected to almost double by 2009 says IDC
23 August, 2005 - 9:22am
A new report by analyst research firm, International Data Corp., predicts the market for identity and access management (IAM) products will grow to approximately $4 billion by 2009. This is nearly double the $2.3 billion IAM market in 2004.
Protect Yourself -- Trojan Phishing On the Rise
11 August, 2005 - 4:41pm
A new report published by the Anti-Phishing Working Group on August 3, 2005, found that phishing attacks has risen by 42% over the same period last year. The study noted that small banks and credit unions are increasingly being targeted as many large financial institutions have retrofitted their networks to spot phishers.
30% of ID theft from the Internet
11 August, 2005 - 3:49pm
A recent survey from one of the largest insurance companies in the US, Nationwide Mutual, found that one-third of those surveyed blamed their compromised IDs on the Internet, where they think their information was exposed to hackers.
Sxip Access is now Sforce certified
13 May, 2005 - 10:24am
Salesforce.com has certified Sxip Access, our identity management solution for On-Demand web applications. Sxip Access provides Single Sign-On, delegated authentication, provisioning, and deprovisioning for salesforce.com customers.
Web Services, Authentication, and Identity Management
14 April, 2005 - 1:48pm
Are you using an On-Demand application or are considering adopting one? Have you given thought to the security questions surrounding using a Web based application?
Phishing, Pharming, & Spoofing: Oh My! Web ID Theft Rises
6 April, 2005 - 9:17am
Phishing is up by over 25% from last summer according to a new study from the Anti-Phishing Working Group. The APWG also reported an increasingly more common form of identity theft, phishing without a lure or "pharming".
ID Theft Prevention -- Get Sxip it's necessary and not evil
4 March, 2005 - 4:01pm
Business Week has just written on the need for a common login system to combat phishing attacks and prevent identity theft. The author, Stephen H. Wildstrom, calls for "something like Microsoft's failed Passport, but with broad industry support." We wholeheartedly agree.
Podcasting, Identity Services, and You
2 March, 2005 - 11:27am
Doc Searls' interesting proposition of a business model for podcasting brings to light the broader issue of customer-centered identity services. Sxip and Identity 2.0 fit into this perspective of giving "customers the power to furnish, federate (or choose your verb) their demand, directly, to suppliers of any size. That's what human-origin identity is really all about."
Pizza delivery and privacy control
31 January, 2005 - 5:29pm
Concerned about how to protect your privacy with the interconnectedness of all those corporate and government databases on the Internet? We are too.
This problem is well illustrated in the amusing but scary scenario portrayed in the ACLU pizza movie, which InfoWorld's Jon Udell recently blogged about.