Toggle navigation
Home
About
Journal
Blog
Contact
Making Digital Services Secure and Trustworthy
Blog Topics
Access Control
May 12, 2013
»
HOW TO Visualize Access Control Use Cases
October 30, 2011
»
Reality of XACML PEP-PDP Interoperability - Part III
June 19, 2011
»
Converging Logical and Physical Access Control via XACML
March 13, 2011
»
Identity Oracles - Trust is Ephemeral, Contracts are Eternal
March 03, 2011
»
Identity Oracles - A Business and Law Perspective
February 27, 2011
»
Identity Oracles and their role in the Identity Eco-System
August 03, 2010
»
Future of Identity Management is… Now!
December 13, 2008
»
Reality of XACML PEP-PDP Interoperability - Part II
September 28, 2008
»
Reality of XACML PEP-PDP Interoperability
Architecture
November 01, 2014
»
Identity Establishment, Management and Services
October 25, 2014
»
A C2G Identity Services Overview of Canada
August 23, 2014
»
Near Real-Time Anomaly Detection and Remediation
August 17, 2014
»
The Missing Link Between Tokens and Identity
June 07, 2014
»
FRAUD as a Digital Platform Service
March 29, 2014
»
The Trusted Role of an Attribute Broker
March 15, 2014
»
Proprietary Attribute Validation (Remote Identity Proofing) APIs
March 01, 2014
»
Fraudulent Account Activity Signaling and NISTIR 7817
February 08, 2014
»
Fraudulent Account Activity Signaling in Broker/Proxy Models
December 14, 2013
»
Proxy Architecture
November 24, 2013
»
What Capabilities are Enabled by Public Sector Federated Identity Platforms?
November 10, 2013
»
Balancing Identity Assurance and User Enrollment UX
October 27, 2013
»
Why Protocol Profiles are Critical for Interoperability
June 09, 2013
»
Purity and Pragmatism in Standards Profile Compliance
May 04, 2013
»
Can Web APIs Bridge the Sharing and Safeguarding Gap?
April 27, 2013
»
If Identity is the New Money, Standardized Assurance is the Currency of Trust
April 13, 2013
»
Credential Manager in the Token and Attribute Manager Separation Model
March 16, 2013
»
Anonymity in the Token and Attribute Manager Separation Model
February 02, 2013
»
Gov of Canada Approach to Separating Credential (Token?) and Identity Assurance
January 12, 2013
»
Can NIST E-Authentication Guideline SP 800-63-1 Support a Token-Attribute Separation Model?
January 05, 2013
»
A Model for Separating Token and Attribute Manager Functions
October 23, 2011
»
Standards Compliance - Balancing Purity and Pragmatism
Attributes
April 01, 2023
»
Evolving Government to Citizen Shared Identity Services
November 23, 2014
»
How Identity Resolution Can Help Attribute Providers Overcome Blindness
August 30, 2014
»
Attributes are the New Money
July 12, 2014
»
Identity Validation as a Public Sector Digital Service?
May 31, 2014
»
The Venn of Identity Proofing and Identity Resolution Attributes
May 03, 2014
»
Should RP Business Process Data Collection and Validation be Outsourced to a CSP?
April 27, 2014
»
Quantitative Criteria for Evaluating Identity Resolution Data at the RP
April 13, 2014
»
Standardizing the RP Requirements for Identity Resolution
April 05, 2014
»
Context and Identity Resolution
March 29, 2014
»
The Trusted Role of an Attribute Broker
January 05, 2014
»
Data Minimization with Front Channel SAML Attribute Requests
December 21, 2013
»
FICAM TFS Component Identity Services Terminology
December 07, 2013
»
Is a CSP In a Federation, Without Identity Attributes, a Token Manager?
November 16, 2013
»
U.S. Federal Government's Identity Federation Framework
July 06, 2013
»
Identity Establishment and the Role of the Public Sector
June 23, 2013
»
HOW TO Choose Attributes to Uniquely Identify a Person
June 05, 2013
»
Identity? Privacy? Authorization? It is all about Context!
May 25, 2013
»
An Emerging Standard for Identity Proofing and Verification
March 09, 2013
»
Visualizing the Needs of Attribute Consumers and Attribute Providers
May 26, 2012
»
FICAM Trust Framework Solutions - A Primer
October 08, 2011
»
User Attributes - More than Identity
August 31, 2011
»
Comparing BAE v2 SAML Profile(s) and OASIS XASP
August 27, 2011
»
FICAM Backend Attribute Exchange v2 Release Candidate available
June 18, 2011
»
What is the Federal ICAM Backend Attribute Exchange (BAE) v2?
June 04, 2011
»
Want ABAC? Across Organizations? Start with Policy!
June 04, 2011
»
IIW East Session on Role of Government as Identity Oracle (Attribute Provider)
August 12, 2010
»
Government's role as an Attribute Provider
April 17, 2010
»
Conveying Attribute Assurance
June 06, 2009
»
SAML v2 Profiles for PIV Subjects and Backend Attribute Exchange
April 24, 2008
»
The Zen of Identity Attributes
Authentication
April 01, 2023
»
Evolving Government to Citizen Shared Identity Services
December 06, 2014
»
Protecting Personal Data with Multi-Factor Authentication and Identity Proofing
November 08, 2014
»
Why Multi-Factor and Two-Factor Authentication May Not Be the Same
October 05, 2014
»
Do the Majority of Public Sector Digital Services Need Credentials?
September 28, 2014
»
Are We Conflating Identity Verification and Compensating Controls?
September 21, 2014
»
Who Else Wants a Portable Token as the First Authentication Factor?
September 14, 2014
»
The Value of Sameness in a World Demanding Identity
September 06, 2014
»
Public Sector Identity Assurance Guidelines and Standards
August 17, 2014
»
The Missing Link Between Tokens and Identity
July 27, 2014
»
Should Level of Assurance be Scalar or a Vector?
July 19, 2014
»
What are KBA Metrics?
June 14, 2014
»
Identity Assurance and Knowledge Based Authentication
May 18, 2014
»
Leveraging User Experience Expectations at the RP
February 15, 2014
»
Identity Establishment, Verification and Validation
December 21, 2013
»
FICAM TFS Component Identity Services Terminology
December 07, 2013
»
Is a CSP In a Federation, Without Identity Attributes, a Token Manager?
November 30, 2013
»
Are Federated Credentials and Continuous Identity Verification Compatible?
November 16, 2013
»
U.S. Federal Government's Identity Federation Framework
October 19, 2013
»
Who are the Natural Source of High Assurance Credentials for Public Sector Services?
September 29, 2013
»
Does KBA and Public Sector Online Services Have a Future?
June 30, 2013
»
Dear Maryland, Will You Be Wasting My Tax Dollars on Passwords?
June 19, 2013
»
Castles with Glass Doors
June 01, 2013
»
What is the Value of an Assertion of Identity at LOA 1?
May 18, 2013
»
Likelihood of Alien Invasions and Assurance Levels
April 20, 2013
»
Why I Will Not Ride The (Trust) Elevator
February 16, 2013
»
FFIEC and NIST Authentication Guidance. Does a Token Venn Diagram Exist?
February 09, 2013
»
These Are Not The LOAs (1+,2+,3+) You Are Looking For. Move Along
February 06, 2013
»
NIST SP 800-63-2, Electronic Authentication Guideline, Released for Public Comment
May 26, 2012
»
FICAM Trust Framework Solutions - A Primer
December 31, 2011
»
NIST SP-800-63-1 Multi-Token Assurance Level Matrix
October 02, 2011
»
HOW-TO Conduct a Risk Assessment to Determine Acceptable Credentials
September 21, 2011
»
How do you define step up authentication?
June 12, 2011
»
Canvas Theory of Identity LOA vs Canvas Theory of Access Control
March 13, 2010
»
NIST SP 800-73-3 and PIV-I
CyberForge
June 19, 2015
»
What Do Standards Have To Do With Impact?
Event
January 31, 2014
»
Government’s role in Identity Establishment [Event]
November 27, 2013
»
FICAM TFS Program at IDESG TFTM Committee [Event]
June 12, 2013
»
FICAM Information Sharing Day and Vendor Expo [Event]
May 29, 2013
»
SIA Government Summit 2013 [Event]
February 08, 2013
»
5th Annual Adobe Government Assembly [Event]
Federation
April 01, 2023
»
Evolving Government to Citizen Shared Identity Services
November 16, 2014
»
RFI - EMV Enabled Debit Cards as Authentication Tokens?
October 12, 2014
»
What Is the Role of Transaction Risk in Identity Assurance?
September 21, 2014
»
Who Else Wants a Portable Token as the First Authentication Factor?
September 14, 2014
»
The Value of Sameness in a World Demanding Identity
June 07, 2014
»
FRAUD as a Digital Platform Service
May 03, 2014
»
Should RP Business Process Data Collection and Validation be Outsourced to a CSP?
February 22, 2014
»
Why are U.S. Financial Institutions Not at the Identity Table?
February 22, 2014
»
Why are U.S. Financial Institutions Not at the Identity Table?
December 21, 2013
»
FICAM TFS Component Identity Services Terminology
December 07, 2013
»
Is a CSP In a Federation, Without Identity Attributes, a Token Manager?
November 30, 2013
»
Are Federated Credentials and Continuous Identity Verification Compatible?
November 24, 2013
»
What Capabilities are Enabled by Public Sector Federated Identity Platforms?
November 16, 2013
»
U.S. Federal Government's Identity Federation Framework
October 19, 2013
»
Who are the Natural Source of High Assurance Credentials for Public Sector Services?
October 14, 2013
»
Does a Credential of Last Resort Need to be Offered by Public Sector Services?
October 10, 2013
»
Does Public Sector Identity Federation have a Compelling Gain-to-Pain Ratio?
October 05, 2013
»
Local Credentials and Life in the Federation Glass House
September 21, 2013
»
User Enrollment Challenges with PKI Credentials
September 14, 2013
»
How To Enroll a User, Even When There are No Shared Identifiers
September 07, 2013
»
Here Be Dragons - Social Security Number and Federation User Enrollment
August 31, 2013
»
If You Don't Plan For User Enrollment Now, You'll Hate Federation Later. Redux.
August 24, 2013
»
Role of Multi-Sided Platforms in Identity Federation
August 10, 2013
»
Federated Credential Use. A Tale of Poultry and Public Sector
March 30, 2013
»
Relying Parties as IdPs and Assurance Level Escalation
March 23, 2013
»
Will Consumer IdPs Become the Maginot Line of Federated Identity?
March 02, 2013
»
HOW-TO Incorporate Risk Management into Assurance Level Determination
May 26, 2012
»
FICAM Trust Framework Solutions - A Primer
October 15, 2011
»
Implications of US Gov Accepting Externally-Issued Credentials
October 11, 2011
»
US Gov public web sites required to accept federated credentials
September 18, 2011
»
HOW-TO Fast Track to Federation for Web Sites
September 11, 2011
»
FICAM Trust Framework Provider Trust and Privacy Criteria
June 04, 2011
»
Federation Flows 3 - Authorization
June 04, 2011
»
Federation Flows 2 - Attribute Exposure
June 04, 2011
»
Federation Flows 1 - Authentication
June 04, 2011
»
Federal ICAM Support for Identity Federation Flows
November 10, 2007
»
SAML 2.0 Assertion Syntax
Hiking
August 09, 2014
»
Backpacking the Glacier National Park Gunsight Pass Trail
July 06, 2014
»
Relaxing, Recharging and Hiking in Banff National Park, Canada
August 19, 2013
»
Backpacking Yellowstone National Park
August 04, 2013
»
Recommended Hike - A.T./Neighbor Mountain/Jeremy's Run
July 31, 2013
»
Back on the Grid ...
June 16, 2013
»
Tools for the Connected Backpacker
April 23, 2013
»
Hiking the Appalachian Trail in Maryland
August 25, 2012
»
Backpacking in the Rocky Mountain National Park
July 04, 2011
»
Summer in the Shenandoah National Park
Identity Assurance
April 01, 2023
»
Evolving Government to Citizen Shared Identity Services
November 08, 2014
»
Why Multi-Factor and Two-Factor Authentication May Not Be the Same
November 01, 2014
»
Identity Establishment, Management and Services
October 18, 2014
»
A Simple Framework for Trusted Identities
October 12, 2014
»
What Is the Role of Transaction Risk in Identity Assurance?
October 05, 2014
»
Do the Majority of Public Sector Digital Services Need Credentials?
September 28, 2014
»
Are We Conflating Identity Verification and Compensating Controls?
September 06, 2014
»
Public Sector Identity Assurance Guidelines and Standards
August 17, 2014
»
The Missing Link Between Tokens and Identity
July 27, 2014
»
Should Level of Assurance be Scalar or a Vector?
July 19, 2014
»
What are KBA Metrics?
July 12, 2014
»
Identity Validation as a Public Sector Digital Service?
June 14, 2014
»
Identity Assurance and Knowledge Based Authentication
May 31, 2014
»
The Venn of Identity Proofing and Identity Resolution Attributes
May 24, 2014
»
Breaking Identity Proofing to Enable Online Services
April 27, 2014
»
Quantitative Criteria for Evaluating Identity Resolution Data at the RP
April 13, 2014
»
Standardizing the RP Requirements for Identity Resolution
April 05, 2014
»
Context and Identity Resolution
March 15, 2014
»
Proprietary Attribute Validation (Remote Identity Proofing) APIs
February 15, 2014
»
Identity Establishment, Verification and Validation
December 21, 2013
»
FICAM TFS Component Identity Services Terminology
November 10, 2013
»
Balancing Identity Assurance and User Enrollment UX
May 26, 2012
»
FICAM Trust Framework Solutions - A Primer
Musings
February 11, 2023
»
Escape from Apple's Walled Garden
June 11, 2016
»
Are We Having a Gone With the Wind Identity Moment in the US?
January 18, 2016
»
How to Work on the Wildly Important while Walking in a Windstorm
June 03, 2015
»
The pursuit of happiness
February 11, 2015
»
Leaving GSA and FICAM
January 10, 2015
»
Will 2015 be the Year of Public Sector Digital Service Delivery?
December 14, 2014
»
My 10 Most Popular Blog Posts of 2014
November 30, 2014
»
The Monomyth Fallacy of Digital Service Delivery
September 18, 2014
»
Please Take My 2014 Reader Survey
May 11, 2014
»
DIACC Launches in Canada
March 23, 2014
»
Three Indicators for Successful Public Sector Service Delivery
March 08, 2014
»
Yahoo, Identity Federation, and You as a Valuable Product
February 01, 2014
»
International Travel and Mobile Data Access in Kerala, India
December 27, 2013
»
My 10 Most Popular Identity Related Blog Posts of 2013
December 21, 2013
»
Five Habits of an Effective Executive
November 03, 2013
»
My Three Wishes for the Public Sector Identity Genie
October 13, 2013
»
Do Not Go Gentle into That Good Night
October 01, 2013
»
Government Shutdown and Furlough
June 28, 2013
»
Never Miss a Post if Reading this Blog via RSS
April 06, 2013
»
Pace on the Path to Progress
January 26, 2013
»
Hang Together or Hang Separately? U.S. Digital and Information Sharing and Safeguarding Strategies
March 13, 2012
»
Next Steps, Lack of Blog Posts and FICAM
Privacy
August 30, 2014
»
Attributes are the New Money
January 05, 2014
»
Data Minimization with Front Channel SAML Attribute Requests
October 11, 2013
»
Personal Data and Government by Dan Geer, CISO at In-Q-Tel
February 23, 2013
»
Tell Us Once or Tell Us Each Time; Implications for Digital Services
January 19, 2013
»
User Consent in the Age of Attributes - Part 2
January 01, 2013
»
How WAYF implements informed consent for attribute release without storing PII
December 22, 2011
»
Privacy Preserving Attribute Validation using XACML
November 13, 2011
»
User Consent in the Age of Attributes
September 11, 2011
»
nymwars and All your real names are belong to US
May 01, 2011
»
Fair Information Practice Principles (FIPPs)
Quote
August 28, 2013
»
How to Bury an Issue [Quote]
May 01, 2013
»
New Ideas by William James [Quote]
April 10, 2013
»
Unfairness of Life by Marcus Cole [Quote]
March 27, 2013
»
Limits of Power by David D'Alessandro [Quote]
February 13, 2013
»
A New Day by Ralph Waldo Emerson [Quote]
January 30, 2013
»
Innovation by Niccolo Machiavelli [Quote]
August 26, 2012
»
Meditation by Chief Tecumseh [Quote]
RDT
March 06, 2016
»
How To Connect Research and Startup Communities
February 14, 2016
»
Avoiding the Echo Chamber when Building a Research Agenda
January 31, 2016
»
Building a Bridge Across the Research Valley of Death
December 12, 2015
»
Why Should Digital Service Delivery Organizations Conduct R and D?
December 06, 2015
»
Federal Funding for Blockchain Security and Identity Verification Technologies
June 17, 2014
»
Cybersecurity R&D Solicitation ($95M) Announced
I am a public interest technologist. I help organizations and leaders make digital services secure and trustworthy.
Learn more »
Blog Post Archives