Oracle Virtualization and Cloud Consulting
view counter

Security Feed

Oracle Security, Compliance, and Identity Management resources, news, and support articles.

Draft 05 of IETF SCIM Specifications

I am happy to announce that draft 05 of the SCIM specifications has been published at the IETF. We are down to a handful of issues (8) to sort out.

draft-ietf-scim-api
draft-ietf-scim-core-schema

Major changes:

Clarifications on case preservation and exact match filter processing
Added IANA considerations
Formalized internationalization and encoding (UTF-8)
Added security considerations

Thwart online snooping with VyprVPN

VyprVPN for Android, Mac OS X, Apple iOS, and Windows revs up your digital privacy. A virtual private network (VPN) creates a secure network connection over a network you don’t fully trust, such as the Internet. By creating secure tunnels between endpoints, VPNs are a way of disguising (encrypting) your data traffic so that third […]

Thwart online snooping with VyprVPN

VyprVPN for Android, Mac OS X, Apple iOS, and Windows revs up your digital privacy. A virtual private network (VPN) creates a secure network connection over a network you don’t fully trust, such as the Internet. By creating secure tunnels between endpoints, VPNs are a way of disguising (encrypting) your data traffic so that third […]

Standards Corner: Basic Auth MUST Die!

Basic Authentication (part of RFC2617) was developed along with HTTP1.1 (RFC2616) when the web was relatively new. This specification envisioned that user-agents (browsers) would ask users for their user-id and password and then pass the encoded information to the web server via the HTTP Authorization header.

Basic Auth approach quickly died in popularity in favour of form based login where

Standards Corner: Maturing REST Specifications and the Internet of Things

Cross-posted from the Oracle Fusion Middleware Blog.
As many of you know, much of today's standards around REST center around IETF based specifications. As such, I thought I would share some RESTful services related news coming from last week's IETF meetings. Many working groups are now in the final stages of moving key specifications into standard status…

JSON

A new standard draft for

Standards Corner: SCIM and the Shifting Enterprise Identity Center of Gravity

My latest blog post on SCIM is available over on the Oracle Fusion Middleware blog.

OSSEC, the free and open source IDS

Intrusion detection software is meant to monitor network traffic or host activities for malicious actions, such as successful or unsuccessful intrusion attempts, hostile traffic (i.e., malicious scans and denials of service), unauthorized configuration changes, malware symptoms, and user policy violations. An intrusion detection system (IDS) typically can produce reports describing the details of the potentially […]

OSSEC, the free and open source IDS

Intrusion detection software is meant to monitor network traffic or host activities for malicious actions, such as successful or unsuccessful intrusion attempts, hostile traffic (i.e., malicious scans and denials of service), unauthorized configuration changes, malware symptoms, and user policy violations. An intrusion detection system (IDS) typically can produce reports describing the details of the potentially […]

Beyond Attributes

In developing SCUID, we’ve been taking a very deep look at how the very nature of online identity (mostly enterprise identity, but a lot of it extends equally well to the broader definition of online identity) is changing in terms of how it is managed and what it needs to support. And in addition to my own recent work (that I’ve been documenting on this blog and in my various talks), there has been a lot of interesting discussion on some fundamental rethinking of the construct of identity.

New IETF SCIM drafts - Revision 03 Details

Yesterday, the IETF SCIM (System for Cross Domain Identity Management) Working Group published new draft specification revisions:

draft-ietf-scim-api-03
draft-ietf-scim-core-schema-03

This draft was essentially a clean-up of the specification text into IETF format as well as a series of clarifications and fixes that will greatly improve the maturity and interoperability of the SCIM drafts.

view counter