Newsletters

Select newsletters below and click the button to sign up!

Boston News NY News
DC News Internet Daily
SiliconValley News
InternetNews Business Report




Become a Marketplace Partner


Partner With Us


Internetnews Bloggers

Recent Entries

Archives

January 2009
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31

Monthly Archives

Search The Blog

Eye on the Enterprise by Richard Adhikari (bio)

MIS Information

December 30, 2008, 7:52 PM

Securing the network in 2009

Peering into their crystal balls the other day, the guys at network security vendor SonicWALL came up with a list of predictions for their field in the coming year.

Web 2.0 tops their list of villains, as it should. Sure, Web 2.0 technologies like Web-based apps and social networking promote sharing and user-uploaded content and good stuff like that.

However, they cause bandwidth overload and security threats, SonicWALL says.

Streaming video and Flash gobble up bandwidth. And Flash has become a favorite of the bad guys because it's so widespread that it gets past just about any security and is a great vector for distributing malware.

Also, Web 2.0 apps are fertile ground for exploits, because they are based on user collaboration and user input and there's no way of ascertaining how safe users are. That means security admins have no control over what is being uploaded or collaborated on.

Malware authors have become experts in using Web 2.0 technologies such as AJAX, which creates rich Internet applications. These open up your system to security breaches, and it would be wise to implement Web filters and gateways to prevent the bad guys from invading your system through them.

Manage your apps properly to prevent bandwidth overload and maintain security, SonicWALL recommends.

As if that's not enough, the adoption of software as a service (SaaS), and service oriented architecture (SOA) will, like the Web 2.0 technologies, as well as social networking, let bad guys bring in their toys, and SonicWALL recommends deep packet inspection in these cases. Packet sniffing isn't going to be enough, SonicWALL says.

The increasing sophistication of hackers and malware authors will add to network security managers' headaches. Your firewall isn't going to be enough to protect you, SonicWALL says, because the bad guys will use more techniques to evade it.

And port-hopping, which used to be a term reserved for sailors until the advent of personal computing, will contribute to network security woes.

All these factors will push corporations to increase their adoption of unified threat management (UTM) solutions that take a layered approach to network management and security, SonicWALL says. We've known for years that a layered approach is best, but how many enterprises adopt it?

Watch your networks closely -- they're at the heart of your enterprise.

Posted by Richard Adhikari at 7:52 PM | Comments (0) | TrackBack (0) | Share

December 24, 2008, 6:11 PM

Santa has been high-tech forever

It's not generally known, but Santa is really an alien using advanced technology and high-tech gadgetry since the dawn of time.

Think about it: This fellow jumps onto a vehicle drawn by eight furry four-legged beasts that manage to fly without any wings or rocket propulsion. Think antigravity or maglev trains. What, you ask, is a maglev train? Magnetic levitation, a system of transportation that uses magnetic forces. Why do you think the sledge runners are so long?

Now on to his list of naughty and nice kids. This is obviously compiled on a mega-database with a huge data warehouse using extremely complex algorithms to perform very involved sort functions running on a mainframe at the North Pole. C'mon, how else can he get the list done in tiime? Remember, you have to be nice right up to the very minute he arrives. Word has it that Santa's thinking of an SaaS database in the cloud. Remember, you read it here first.

The lists sent from the data warehouse are compressed and stored in the maglev's onboard computer, which is updated in real time through wireless communication. That computer is air-cooled (notice how Santa doesn't appear in tropical countries? That's a dead giveaway.) and linked to a hand-held device running a really tight Linux kernel so he always has access to an up-to-date list without having to go play with the keyboard or key in commands.

Let's not forget routing -- the back end system at the North Pole also has a route planning application, which is linked to the data warehouse so it can amend and update Santa's list in real time to take into account any amendments made at the last minute when kids forget to be nice. Think Santa can do the Drunkard's Walk in his head with millions of variables to factor in? Nah!

Then there's the issue of the presents -- Santa's maglev has a matter transmitter on board to handle them in JIT (just in time) fashion, obviously. How much do you think all those presents weigh? Some of that technology leaked out to the public, as any Trekkie will tell you.

Finally, as to Santa -- what human being can be that old and never change his appearance? Definitely an alien in human guise.

Posted by Richard Adhikari at 6:11 PM | Comments (0) | TrackBack (0) | Share

December 11, 2008, 8:26 PM

Delivering IT support as a service

You know the old joke about IT, that support staff don't know what a weekend is because they're often in the office doing management or maintenance or backup or one of a thousand other tasks.

Well, as the recession bites and enterprises further tighten their belts, things are getting even worse, and IT is being squeezed to the max.

Bad enough that IT has to do more with less; but the demands of regulatory compliance are also kicking in, and some companies report that IT spends up to 20 percent of its time on compliance issues.

Now, compliance issues are serious matters, so they take priority over service and support.

Enter NTRglobal, a company that offers -- you guessed it, IT support as a service capabilities. If you want to automate some service processes, the company's NTRsupport product is a multi-platform remote support service that has customizable Bots to automate critical IT functions such as change management and searching for and eliminating malware.

Get your Bot, program it to do what's necessary, turn it loose and let it carry on, and it costs you a fraction of what a trained sysadmin would.

The company's NTRsupport is a remote support service that lets a company's support technicians remotely take control of customers' or employees' PCs, Macs or Linux devices to diagnose and fix problems over the Web, saving enormously on travel and other costs.

The company's major clients include Konica Minolta, Scandinavian Airlines and Lufthansa.

Support as a service? What's not to like?

Posted by Richard Adhikari at 8:26 PM | Comments (0) | TrackBack (0) | Share

November 19, 2008, 10:17 PM

Are our friends our IP?

Salesforce is teaming up with Facebook to let customers leverage their employees' Facebook friends. That will help companies find better employees and, not unexpectedly, upsell to their employees friends and friends of customers.

Salesforce users who build applications on Facebook will get immediate access to the social networking site's 120 million users worldwide, and be able to leverage Facebook users' links.

Upon learning that news, I discovered my vocabulary contained words I didn't even imagine I knew.

Look at it this way: You spend a lifetime building up friends, with both parties seeing each other through bad times and enjoying the good times, sharing confidences and all the other good things friendship brings.

You get them to join you on Facebook, and make new friends there.

Then you find out that companies are leveraging your Facebook friends without your say-so. How does that make you feel?

With all the effort one puts into making friends, I suggest we treat them as intellectual property, and treat violations of that relationship as severely as one would treat violations of IP rights.

It's one thing to recommend a friend for a job when your employer asks you for a recommendation; it's quite another for your employer to glom onto your Facebook friends without your say-so and pitch them. Who says your friends will welcome the pitch? Who says you won't get bad feedback?

What about privacy? Well, no less an authority than Vint Cerf, one of the driving forces behind the Internet, has said words to the effect that the age of privacy is over and we should get over it. I respectfully beg to disagree. He may be an authority on computing and the Internet but that doesn't make him an authority on ethics or privacy issues.

Me, I wanted to call the Law & Order: SVU team on hearing about the rationale for Salesforce's teaming up with Facebook. Still do, as a matter of fact.

Posted by Richard Adhikari at 10:17 PM | Comments (2) | TrackBack (0) | Share

November 3, 2008, 9:29 PM

There are no friends in business

When social networking applications first emerged, they were seen as a way for people to connect more easily with others. Love, fellowship and general goodness were supposed to follow. And they did, to some extent, as we ran around friending others.

Now, though, with corporations getting their tentacles into social networking sites, the concept of global friending is going south mighty fast. Corporations are trying to leverage customers' social networks in order to sell more.

All that's going to be small potatoes pretty soon, I realized, as I sat listening to Salesforce.com CEO and chairman Marc Benioff at Dreamforce 2008, the Salesforce.com annual user event, today. The company's tying up with Facebook, and that will let companies "build a new class of business applications that leverage the social graph," he said.

Think of being able to collaborate on Facebook to build a project with your friends, Marc continued. Yep, think about it, especially with Facebook COO Cheryl Sandberg gushing on the one hand that her site has "taken the power of real trust, real user privacy controls, and made it possible for people to be their authentic selves online," then saying on the other that businesses using Facebook want to use the site's power to engage in a deeper way with constituents.

And how will they engage in a deeper way with said constituents? Well, children, by leveraging users' social networks, that's how. Here's what Marc said about building Salesforce.com apps and running them on Facebook: "You have immediate access to 120 million users (that's how many Facebook has now), and you can use Facebook Connect to link into any Web site in the world and let users use the power of their Facebook friends."

I feel empowered already! Let me say now, unequivocally, that anyone who tries to send me a sales message because s/he is my friend on a social networking site, will rapidly be unfriended. Friends don't try to sell friends life insurance, or used cars, or cleaning cloths; business acquaintances do.

Posted by Richard Adhikari at 9:29 PM | Comments (0) | TrackBack (0) | Share

October 29, 2008, 7:09 PM

When the going gets weird...

...the wise begin scanning the sky for omens. And what's weirder than politics?

So here's Presidential candidate John McCain, campaigning frenziedly in the remaining eight red states (irony of ironies, that staunchly Republican states are red, what, haven't they heard of the slogan anti-Communists used in America in the 1950s, "Better dead than Red?") and insisting he's going to come from behind and beat his rival, Presidential candidate Barack Obama while, even in those eight red states, the tide is turning towards Mr. Obama.

How are we going to handicap this? Well, check your spam. Seems the cybercriminals have it all figured out.

According to antivirus vendor Secure Computing, 70 percent more political spam is being sent in Senator Obama's name than in Senator McCain's. Ouch. We said, not a million years ago, that there would be a surge in political spam, but unfortunately failed to read the omens correctly. I just knew that duck dive-bombing a BMW driven by a yuppie on the 401 the other day was significant.

On October 18, when Senator Obama pulled a crowd of 100,000 in St. Louis, Mo. and 75,000 in Kansas City, Mo., his two stops in the state, he led Senator McCain in the spam race, if you will, 99 to one, according to Secure Computing. That is, only ONE percent of the spam purported to be from Senator McCain; the rest all purported to be from Senator Obama.

There is one area in which Senator McCain comes out ahead, though: When the spam references pharmacy Web sites. Here, he beats Senator Obama five to four. Do the spammers know something we don't?

I was tempted to hop over to see Sasha, the local psychic, for corroboration, but wisely restrained myself -- every time I see a psychic, I want to ask something along the lines of "You know why I'm here, don't you?" and hold my tongue after that until they guess correctly. And psychics usually have large aides-de-camp whose knuckles don't just drag on the ground, they scrape it clean, and who love beating meditatively on people who annoy their employers.

Not a good idea to rile those types; I'll just lay my bets on the spam.

Posted by Richard Adhikari at 7:09 PM | Comments (0) | TrackBack (0) | Share

October 28, 2008, 12:16 PM

From ghoulies and ghaisties and long leggitty baisties...

...and things that go bump in the night, guid Laird preserve us, goes an old Scottish poem. Just the thing for Halloween, I thought.

And, in that spirit (pun intended), comes an announcement from Hewlett-Packard that it has launched What Haunts Your Data Center -- an education campaign featuring six animated data center characters that "bring to life the scary monsters that haunt IT managers' dreams."

I'm going to have to list the six to set this one up. They are: Dracula, the Data Center Energy Sucking Vampire; Frankenstein, the Multi-Vendor Environment Monster; the Blob, The Virtualized Data Center...Gone Wrong; Skeletons, Legacy, Unknown Server and Storage Hardware; Ghosts, The Spooks Haunting Unsecured Data Centers; and Werewolf, The Untrained Custodian.

Now, I have always been a fan of Swamp Thing and Killer Tomatoes -- where are they? What is this, monster bigotry? That aside, one has to appreciate the attempt to inject humor into what is essentially a marketing event, and to tie it into the cultural phenomenon of Halloween.

Still, I can't help thinking: Would nailing up cloves of garlic and upside-down horseshoes get rid of Vlad and the Werewolf just to even things up a bit? And are IT managers really afraid of the monster under the bed?

In any event, the marketing is slick. You can view videos of the monsters here on YouTube, or go here to download a PowerPoint presentation.

HP's leveraging social media too, having set up a fan page here on Facebook. And HP's destination site has lets visitors vote for their favorite monster and has "lots of good information on best approaches for ridding the data center of the monsters that haunt it." It also lets you go to a "haunted data center" with sound and visual effects.

Me, I want my mommy. NOW!

 

Posted by Richard Adhikari at 12:16 PM | Comments (0) | TrackBack (0) | Share

October 23, 2008, 7:45 PM

Adaptive Planning lives up to its name

So, recession is the word on everyone's lips. Everyone but the mooks leading this country who just can't bring themselves to pronounce the 'r' word, despite the financial industry meltdown, people having their homes foreclosed and the computer industry quaking in its collective boots as it looks towards the future. Why, back in February, the White House predicted the economy would escape a recession.

Which brings us to the subject of this particular blog: Surviving the recession. In an excellent example of the American get-up-and-go spirit, which finds a silver lining in every cloud, a company by the name of Adaptive Planning has come up with a solution to help companies survive the recession.

Its Adaptive Planning Recession Survival Kit, offered in software as a service mode, lets finance and executive teams evaluate strategic and tactical actions and their overall cash impact, and reset their financial plans quickly. Speed, it must be noted, is of the essence, a point that escaped our leaders as they dillied and dallied and whined through the weeks before approving the $700 billion bailout plan that promises to leave us poorer than before while letting the...how shall I put it politely? Ah, yes... the crooks in the financial industry that got us into this mess...get away pretty much free and clear.

Basically, the kit offers what-if modeling so company management can see how expense levels, capital expenditures and  other moves will impact cash flow. It also captures collaborative, real time inputs from managers company-wide so top management can get input in near-real time.

The cost of this largesse? Well, you get a six-month subscription to the software, for 10 user seats, consulting services and user training, all for less than $10,000, and can go live within a week.

The benefits? No capital investment, you get top-down integrated financial statements, sales, expense  and capital templates to allow collaboration, integration of one year of historical data, the ability to create unlimited scenarios, comparative scenario reporting and you can import your current budget data into the system.

Oh, and you can get rid of those Excel spreadsheets, for what it's worth.

So c'mon, Phil Gramm, who says we're a nation of whiners?

Posted by Richard Adhikari at 7:45 PM | Comments (0) | TrackBack (0) | Share

October 14, 2008, 7:51 PM

Friending everyone is a dangerous thing

Remember how, when we were kids, our parents taught us never to talk to strangers?

Well, we can (and jolly well should) extend that principle to strangers on-line. Read on before uttering wheepling cries about this being one world and how being unfriendly is bad and you'll see why.

McAfee's Avert Labs predicts that cybercriminals will increasingly use social engineering techniques to get around antivirus and spam protection on users' computers. These attacks are getting extremely sophisticated and even the knowledgeable will fall for them.

For example, a crafty spammer sent about 10,000 users (yes, ten thousand, a one with FOUR zeros behind it) of LinkedIn.com an e-mail that seemed to be from the site's technical support department with an attachment purporting to be a list of business contacts they had asked for. Of course, the attachment actually was malware in disguise.

The latest issue of the bi-annual McAfee Security Journal outlines four major global trends for spamming.

First, cybercriminals will increasingly leverage personal information on social networking sites to more closely hone their attacks to their targets. This leads to the second trend, which is that the amount of socially engineered spam will skyrocket. Oh, and data breaches will help the cybercriminals.

The latest trend in data security is risk management, which can be equated to, "If I lose that much data, what will it cost me?" Enterprises can then do a calculation of the cost-benefit ratio and figure out whether or not the risk is worthwhile, much as Ford did with the Pinto, that tin can which was a ball of flame waiting to happen.

Then,stock scams will rise. Pump and dump scams will seem like nothing; Avert Labs researchers expect cybercriminals to falsely advertise security vulnerabilities in software or management changes at a public company.. Makes one wonder if the recent, untrue report of Steve Jobs having a heart attack was a scam, doesn't it?

Lastly, the bad guys will capitalize on users' desire to protect their PCs by faking security updates. McAfee has seen an increase in malicious software posing as applications from security vendors. Click on them and you've just gone on the highway to a very warm place.

How do you protect yourself against these scams? Use your common sense. Make sure your security software is updated, don't click on e-mail from a stranger ("But I may miss out on a new friend," you might wail. Yeah, or you might just have escaped a cybercriminal attack, sez I.); be wary of offers that come through e-mails, instant messaging systems or social networks that sound too good to be true; call your bank if you get a message purporting to come from it; and NEVER reply to anyone offering to take you off their mailing list.

Remember my old pal R. Heinlein's TANSTAAFL principle: There Ain't No Such Thing As A Free Lunch.

Posted by Richard Adhikari at 7:51 PM | Comments (1) | TrackBack (0) | Share

October 13, 2008, 7:14 PM

SAP launches its own community exchange

Although it is reeling from the impact of the global financial meltdown, like every other vendor, and squirming under the weight of Oracle's lawsuit over its soon-to-be-shut-down TomorrowNow subsidiary, German software giant SAP (NYSE: SAP) is soldiering on.

Out in Berlin, at the SAP TechEd 2008 conference, being held through Thursday, SAP has announced EcoHub, an online marketplace that lets customers "discover, evaluate and buy partner solutions to complement their SAP installations."

Now, where did I hear of a structure like this before? Aha! The AppExchange from Salesforce.com, that's where -- except that the AppExchange includes applications developed by Salesforce.com's customers, developers and partners, while EcoHub only includes solutions from SAP trusted partners.

No customer-developed apps, tsk, tsk, but EcoHub (and get the name right, there's lots of other sites with the same name but a different spelling and they can be rather exciting) does have a ratings section, a user feedback section and demos.

Well, at least it makes the task of looking for third-party solutions for your SAP environment easier. You can navigate the site by industry or solution, do a keyword search (novel thought!), sort by relevance or partner, and look at "most viewed" and "highest rated" solutions.

You can also tap feedback from peers and business process experts, read success stories, which are as much a staple of corporate Websites as oatmeal is, schedule a solution demo on EcoHub with an SAP partner, request more information on solutions you find, and buy the solution online.

All of this is welcome news, to be sure, and it's yet another indication that SAP is prepared to fight tooth and nail for its share of the market.

Posted by Richard Adhikari at 7:14 PM | Comments (0) | TrackBack (0) | Share

October 10, 2008, 9:09 PM

Spamming dips slightly -- at least for now

After years of suffering from spammers, I'm outraged at news from MessageLabs that the global ratio of spam in e-mail traffic from new and previously unknown bad sources was only 70.1 percent, a decrease of 8.1 percent from the August figures..

What, are the spammers taking a rest now? After keeping me and zillions of other long-suffering computer users on the hop? Where is their work ethic? Sheez, the planet is going to a warm place on a handcart!

According to the MessageLabs Intelligence Report for September 2008 and the third quarter of this year, this decline is largely due to the demise of California-based internet service provider (ISP) Intercage on September 20. However, MessageLabs expects the usual burst of spams over the holiday season will make up the shortfall.

Ah, good, things will be back to normal. I feel better already. Too much optimism clogs up the arteries.

A little background here: MessageLabs has just been bought by Symantec, and Intercage, which has finally died, electronically speaking, is notorious in the Internet community for having offered hosting solutions to the cybercriminal group known as the Russian Business Network.

Reading on, I find that 0.76 percent of e-mail traffic from new and previously unknown bad sources contained viruses, down four percent from the August figure, and the percentage of e-mail borne malware that contained links to malicious sites fell 11.3 percent from August's figure to only 6.3 percent in September.

Scary stuff, but the bad guys are still on the job, with phishing attacks increasing by 16 percent over the August figures. Still, overall, phishing levels have been declining sharply since the begining of the year, according to MessageLabs, although you could'a fooled me, I keep getting phishing e-mails daily and have sworn off sushi as a consequence.

Ah, well, at least the gub'mint is taking things seriously, with Senator Patrick Leahy proposing some tough anti-cybercrime provisions in a bill awaiting the President's signature. I'll find out soon if the bill has passed and let you know.

Posted by Richard Adhikari at 9:09 PM | Comments (1) | TrackBack (0) | Share

October 9, 2008, 4:22 PM

Nine trends shaping the security field

Ah, security, the word that's on everyone's lips. Necessarily, it seems, from the almost-daily reports of data breaches we keep on seeing.

Things are only going to get more complicated for security professionals as new technological and social trends emerge. Think about virtualization, the cloud, social networks, twittering, and the readiness of people today to put their information on the Web for everyone to see (and possibly steal and misuse).

IBM has come up with a list of nine trends that will shape the security environment over the next five years.

Here they are:

1. Securing virtualized environments -- always a headache, because the traditional approaches result in so much network chatter that they gulp down bandwidth like it's going out of style;

2. Alternative ways to deliver security (think pre-packaged solutions such as real and virtual appliances, cloud-enabled services and software as a service, the last being why Symantec acquired MessageLabs);

3. Managing risk and compliance. Lots of vendors are bringing tools for this because it's such a lucrative area. Security is increasingly a matter of managing risk because it's not a question of whether an enterprise will be hacked, but when, so companies have to devote more resources to protecting the most mission-critical applications and take a strategic approach; and, as for compliance, the operative phrase is "Guard your data."

4. Identity governance. If you have accounts on multiple social networks, and multiple e-mail accounts, and most of us do, you have multiple digital identities, which means individuals and businesses will need to manage these.

5. Information security -- the need to base decision on secure information sources of high quality becomes important, and companies like Informatica, which cleanse and unify data, become increasingly important.

6. Predictable security of applications -- service oriented architecture, which leads to Web-based composite applications, is all well and good, but it creates new points of vulnerability that have to be guarded closely.

7. Protecting the evolving network. Hackers are increasingly attacking applications, and one of their favorite targets is databases, which they hit with SQL injection attacks. One of the most prominent victims of this was Businessweek -- one of its Websites was hacked to redirect visitors to a Website containing malware.

8. Securing mobile devices -- as mobile devices become a trusted channel for conducting business, they will become the focus of attacks. Various sites on the Web, including this one, talk about how to hack different types of mobile phones.

9. The convergence of IT and physical security. Digitization, advanced analytics, correlation and automation help improve a physical response to security breaches. Early versions of this are motiion sensors and video cameras linked to the police or a security firm.

Implementing all nine approaches is a tall order for any enterprise but, as the number of attacks increase and the bad guys get more sophisticated, the need for a co-ordinated, wide-ranging security policy will grow.

Posted by Richard Adhikari at 4:22 PM | Comments (0) | TrackBack (0) | Share

October 7, 2008, 3:20 PM

CA strengthens ID management with IDFocus purchase

Today, CA announced that it has acquired IDFocus LLC and its ACE identity management technology to strengthen its own identity management offerings.

The ACE application will be rolled into CA's Identity and Access Management suite, which CA has been strengthening for some time.

In May, CA agreed to resell Eurekify's Enterprise Role Manager, thus adding role-based ID management to its portfolio. In early June, CA unveiled various tools to automate compliance management, creating online workflow and tying in to remediation. All involve identity management.

Identity management is important because it helps prevent security and compliance breaches in-house, by controlling the access of staff and contractors of a company to applications. Part of that control involves retiring or rescinding access when a person is promoted, transferred or leaves the company.

Failing to retire or rescind accounts leads to orphaned accounts, which are a known security flaw.

One of the features IDFocus brings to CA's products is a separation of duties (SoD) capability. SOD is critical to security as it creates a system of checks and balances. Essentially, SoD means that different people handle different aspects of a task. That's the reason why, in a business, the accounts payable and accounts receivable departments are separate.

Failure to maintain SoD allowed rogue systems administrator Terry Childs to hold the City of San Francisco hostage when he created a super password that locked everyone but him out of accessing the city's network.

Posted by Richard Adhikari at 3:20 PM | Comments (1) | TrackBack (0) | Share

September 29, 2008, 9:36 PM

Every cloud has a silver lining - we hope

So, here we are, with our beloved leaders locking horns over a $700 billion bill to bail out Wall Street and the Dow taking a nosedive.

Well, it's going to plunge even further as the ripple effect of the financial sector's crisis is felt. All those companies closing down, and they're big ones, means IT vendors will sell less product and services.

Pile mergers and acquisitions on top of that -- behind every good M&A stands a bean counter cutting staff and, therefore, future orders of IT equipment.

And, as the economy continues to weaken, other companies will tighten their purse strings, refusing to cough up money for new IT equipment. Meanwhile, the vendors themselves will begin cutting staff, further swelling our unemployment ranks.

The one bright spot in all this may just be software as a service (SaaS) vendors such as Salesforce.com and NetSuite because, when companies don't have enough money to lay out the dough for capital expenditures, they may be willing to take the SaaS option. They just pay by the month and have, perhaps, some free cash left.

Expect cloud service players to get stronger too, as corporations use their services instead of investing in hardware.

Brings to mind the wise words of my old friend A. Nonymous: It's an ill wind that blows nobody any good.

Posted by Richard Adhikari at 9:36 PM | Comments (0) | TrackBack (0) | Share

September 24, 2008, 8:23 PM

Call me SAML-Compliant

Well, okay, call me SAML 2.0 then, which isn't the same thing as SAML 1.0, an earlier version of the Security Assertion Markup Language.

SAML is the protocol used to achieve Single Sign-On between Web sites as well as authentication that enables safe transactions, among other things. As our Webopedia site explains, SAML defines mechanisms to exchange authentication, authorization and nonrepudiation information.

If all this identity standards alphabet soup drives people crazy, it's probably because some mighty fine hair splitting is often involved with which standard to use, since there are others like WS-Federation.

WS-Federation is also trying to address the identity and security requirements of both Web applications and Web services. Definitely not the same thing as SAML. But new projects have cropped up to make them act the same, such as Project Concordia, whose mission is to "drive interoperability across identity protocols in use today."

And overall, the industry is making progress with interoperability. The Liberty Alliance, for example, which includes IBM, Microsoft, Oracle and RSA, group just announced that "products from CA; NTT Software; Ping Identity; RSA, The Security Division of EMC; and Ubisecure have passed its Liberty Alliance SAML 2.0 interoperability testing."

It can get pretty mind-boggling.

So now that several vendors' products have passed its interoperability tests, what does this mean? Simple: If you log in and create an identity once for one of these vendors' applications, you will be able to access the other vendors' applications without having to go through the identity creation process again. It's the equivalent of logging in to your Yahoo mail and using the same login to access Gmail and your Amazon.com account on the Web.

No more remembering multiple passwords or the answers to security questions. It might even save vice-presidential candidates' e-mail accounts from being hacked.

Posted by Richard Adhikari at 8:23 PM | Comments (0) | TrackBack (0) | Share

Add internetnews.com
to your browser search box.

IE 7 | Firefox 2.0 | Firefox 1.5.x
Receive news
via our XML/RSS:
feed