view counter

Security Feed

Oracle Security, Compliance, and Identity Management resources, news, and support articles.

Thwart online snooping with VyprVPN

VyprVPN for Android, Mac OS X, Apple iOS, and Windows revs up your digital privacy. A virtual private network (VPN) creates a secure network connection over a network you don’t fully trust, such as the Internet. By creating secure tunnels between endpoints, VPNs are a way of disguising (encrypting) your data traffic so that third […]

Thwart online snooping with VyprVPN

VyprVPN for Android, Mac OS X, Apple iOS, and Windows revs up your digital privacy. A virtual private network (VPN) creates a secure network connection over a network you don’t fully trust, such as the Internet. By creating secure tunnels between endpoints, VPNs are a way of disguising (encrypting) your data traffic so that third […]

Standards Corner: Basic Auth MUST Die!

Basic Authentication (part of RFC2617) was developed along with HTTP1.1 (RFC2616) when the web was relatively new. This specification envisioned that user-agents (browsers) would ask users for their user-id and password and then pass the encoded information to the web server via the HTTP Authorization header.

Basic Auth approach quickly died in popularity in favour of form based login where

Standards Corner: Maturing REST Specifications and the Internet of Things

Cross-posted from the Oracle Fusion Middleware Blog.
As many of you know, much of today's standards around REST center around IETF based specifications. As such, I thought I would share some RESTful services related news coming from last week's IETF meetings. Many working groups are now in the final stages of moving key specifications into standard status…

JSON

A new standard draft for

Standards Corner: SCIM and the Shifting Enterprise Identity Center of Gravity

My latest blog post on SCIM is available over on the Oracle Fusion Middleware blog.

OSSEC, the free and open source IDS

Intrusion detection software is meant to monitor network traffic or host activities for malicious actions, such as successful or unsuccessful intrusion attempts, hostile traffic (i.e., malicious scans and denials of service), unauthorized configuration changes, malware symptoms, and user policy violations. An intrusion detection system (IDS) typically can produce reports describing the details of the potentially […]

OSSEC, the free and open source IDS

Intrusion detection software is meant to monitor network traffic or host activities for malicious actions, such as successful or unsuccessful intrusion attempts, hostile traffic (i.e., malicious scans and denials of service), unauthorized configuration changes, malware symptoms, and user policy violations. An intrusion detection system (IDS) typically can produce reports describing the details of the potentially […]

Beyond Attributes

In developing SCUID, we’ve been taking a very deep look at how the very nature of online identity (mostly enterprise identity, but a lot of it extends equally well to the broader definition of online identity) is changing in terms of how it is managed and what it needs to support. And in addition to my own recent work (that I’ve been documenting on this blog and in my various talks), there has been a lot of interesting discussion on some fundamental rethinking of the construct of identity.

New IETF SCIM drafts - Revision 03 Details

Yesterday, the IETF SCIM (System for Cross Domain Identity Management) Working Group published new draft specification revisions:

draft-ietf-scim-api-03
draft-ietf-scim-core-schema-03

This draft was essentially a clean-up of the specification text into IETF format as well as a series of clarifications and fixes that will greatly improve the maturity and interoperability of the SCIM drafts.

Introducing the “Talking Identity” Channel

So, this wasn’t planned. But Slideshare, where I have been posting all of my talks, announced that they are discontinuing their excellent Slidecast feature. I’ve relied on that feature almost exclusively over the last few years for posting my slides along with their accompanying audio. Most of my presentations are highly visual, featuring imagery, humor and diagrams that make almost no sense without the accompanying audio to provide context.

view counter