Oracle VM Consulting
view counter

Security Feed

Oracle Security, Compliance, and Identity Management resources, news, and support articles.

Introducing the “Talking Identity” Channel

So, this wasn’t planned. But Slideshare, where I have been posting all of my talks, announced that they are discontinuing their excellent Slidecast feature. I’ve relied on that feature almost exclusively over the last few years for posting my slides along with their accompanying audio. Most of my presentations are highly visual, featuring imagery, humor and diagrams that make almost no sense without the accompanying audio to provide context.

Double-blind Identity

Note: Cross-posted from the Oracle Fusion Blog.

On November 13 and 14, the Government of British Columbia, Canada, launched the first in a series of public consultations on identity and digital services. For several years now, BC has been working on a new identity services project that would enable citizens to securely access government services online. For BC, there is clear motivation:

Perform Web-based network queries with these sites

When you want to perform network queries for troubleshooting or data collecting purposes, the standard approach has been to launch a non-graphical command line interface (CLI) in Windows or a shell prompt (such as Bash) in Linux to display the input and output of the commands you use. While this practice is undoubtedly quick and […]

Perform Web-based network queries with these sites

When you want to perform network queries for troubleshooting or data collecting purposes, the standard approach has been to launch a non-graphical command line interface (CLI) in Windows or a shell prompt (such as Bash) in Linux to display the input and output of the commands you use. While this practice is undoubtedly quick and […]

Using TrueCrypt on Linux and Windows

Update: the TrueCrypt project unexpectedly shut down on 28 May 2014. A mirrored copy of TrueCrypt.org is available on Andryou.com. The home page of the next incarnation of TrueCrypt is TrueCrypt.ch. After numerous revelations this year of the National Security Agency’s (NSA) frightening capabilities of mass spying on phone calls and Internet traffic (see, for […]

Using TrueCrypt on Linux and Windows

Update: the TrueCrypt project unexpectedly shut down on 28 May 2014. A mirrored copy of TrueCrypt.org is available on Andryou.com. The home page of the next incarnation of TrueCrypt is TrueCrypt.ch. After numerous revelations this year of the National Security Agency’s (NSA) frightening capabilities of mass spying on phone calls and Internet traffic (see, for […]

Standards Corner: OAuth WG Client Registration Problem

This afternoon, the OAuth Working Group will meet at IETF88 in Vancouver to discuss some important topics important to the maturation of OAuth. One of them is the OAuth client registration problem.

OAuth (RFC6749) was initially developed with a simple deployment model where there is only monopoly or singleton cloud instance of a web API (e.g. there is one Facebook, one Google, on LinkedIn, and

It’s about Provisioning, not provisioning

In 2010, I gave a (in retrospect somewhat optimistic) talk at the Catalyst conference in which I described a pull-based architecture for account provisioning. SAML was a central part of that architecture, especially in supporting Just-In-Time  (JIT) Provisioning, which I was sure was going to be important to the evolution of enterprise cloud applications.

New Draft for Enabling OAuth2 To Be Used for Authentication

In my last blog post, I discussed the issue of OAuth2 and authentication:  Simple Authentication for OAuth 2? What is the Right Approach? As promised, I submitted a draft to the IETF for discussion in Berlin at the beginning of the month. While the working group didn't get a lot of time in the meeting to talk about the authentication issue (it wasn't formally on the charter), the submission did

view counter