Research on Identity Management (by Marco Casassa Mont) - All Comments

re: Firefox and 50 add-ons for Private and Secure Web Surfing

marcocasassamont — Wed, 06 Aug 2008 14:43:54 GMT

Indeed. This is a good way to get more information about these addons.

In addition to this, I thought that the audience of this blog might also be interested in "first-hands" views of any of these add-ons (by other readers of this blog) - in particular in understanding if any of them have been really effective in handling some of common (web-based) security and privacy issues.

All these comments are anyway already going in that direction. Thanks. Marco

re: Firefox and 50 add-ons for Private and Secure Web Surfing

Anonymous-HPBLOGCS — Wed, 06 Aug 2008 14:17:39 GMT

one additional point i neglected ... if you go to the aforementioned article and click on each listed add-on, you'll be taken to a Mozilla page describing the add-on ... and each one usually has a set of commentary associated with it. comments tend to be quite insightful.

best of luck, -b

re: Firefox and 50 add-ons for Private and Secure Web Surfing

marcocasassamont — Wed, 06 Aug 2008 13:38:45 GMT

Thanks! Good points. Marco

re: Firefox and 50 add-ons for Private and Secure Web Surfing

bschafer — Wed, 06 Aug 2008 12:55:10 GMT

haven't read the article, but have used FF for years, and it's an excellent browser. if you care about security, the 3 most useful (to me, anyway) add-ons are:

NoScript

Adblock-Plus

CookieSafe

recommend you download and play - you'll learn more by doing this than any review could possibly provide.

and for the myriad IE-only web sites at HP, IEview is pretty indispensable as well.

re: Firefox and 50 add-ons for Private and Secure Web Surfing

marcocasassamont — Wed, 06 Aug 2008 12:46:03 GMT

What is good?

Did you try any of the listed add-ons for Firefox? Do you have any recommendation to provide to this community on most privacy-effective add-ons?

Marco

re: Firefox and 50 add-ons for Private and Secure Web Surfing

shawn — Tue, 05 Aug 2008 15:21:02 GMT

it's good

re: Part III: Identity Analytics and Unstructured Data Analysis

marcocasassamont — Fri, 25 Jul 2008 16:33:50 GMT

Hi. Thanks for your input! Marco

re: Part III: Identity Analytics and Unstructured Data Analysis

Wainer — Fri, 25 Jul 2008 14:47:57 GMT

This is quite interesting, especially in relation to other mechanisms that may help to ensure alignment between producers' intentions and analysts needs across contexts [such as declarations, counter-profiling and procedural frameworks, like the one discussed in one of your recent papers and implemented by Liberty Alliance].

re: Survey: Only Eight Percent of American are “Very Confident” their Personal Data is Properly Managed

marcocasassamont — Sun, 20 Jul 2008 12:19:18 GMT

Thanks for this link to your comments and thoughts on active directories.

This is a good reality check about what is currently used in enterprises. The current adoption success of LDAP directories/virtual/meta directories speaks on its own. I guess this is also the result of implicit or explicit assessment of their value, costs, practicality (e.g. integration with authentication processes) vs. involved risks.

Based on my experience, I know that LDAP directories are currently primarely used (at least in large organisations) to store HR data (e.g. enterprise org charts) and to provide support for authentication. Some PII data is indeed stored in LDAP directories, even if traditional relational databases are still primarely used to store this kind of information.

Independently from this, some of the related threats and risks are still there, in particular in terms of unauthorised access to personal data, privacy violantions, data leakages. Some of the reasons for this is the (current) lack of adequate, privacy-aware access control.

Part of my past R&D work has been focused to address these issues by means of technical approaches and solutions (e.g. see www.hpl.hp.com/.../PrivacyAwareAccessControl.htm) but we are still far away from having scalable and industrial solutions.

re: Survey: Only Eight Percent of American are “Very Confident” their Personal Data is Properly Managed

James — Sat, 19 Jul 2008 11:59:14 GMT

duckdown.blogspot.com/.../active-directory-20.html

re: Gartner’s Report: Top Seven Cloud-computing Security Risks

marcocasassamont — Sat, 12 Jul 2008 17:24:13 GMT

I can't really understand what this comment is about!

What is your point? Coudl you please add more details?

Thanks. Marco

re: The Future of Identity Management? It is all about Managing Risk …

marcocasassamont — Sat, 12 Jul 2008 17:19:25 GMT

Hi Matt.

Sorry for the delay to publish your comment. I just noticed it now (no notification from this blog platform ...).

I can publicly say is that there is currently a trend drven by key decision makers (some of them are actually our customers) from a compliance driven approach to a risk-based approach.

This is a process that wil ltake long time (5-10 years) so expect no immediate change of directions.

Anyway, you are asking the right questions.

Any input about this trend coming from other people operating in this area?

host-proof hosting

transcyberia.info — Fri, 04 Jul 2008 19:14:42 GMT

Think a minute about the security challenges involved in creating a health-centered social network. Or, more generally, any web application that has to handle sensitive user data. What if the database server becomes compromised? How do you make sure tha

re: The Future of Identity Management? It is all about Managing Risk …

Matt Flynn — Mon, 30 Jun 2008 13:48:14 GMT

I've also been saying this to some degree. As technology people, we want to ensure that our solutions align with core business goals. But, I haven't seen it resonate with customers in the field. I'd be curious to hear from IdM consultants about what their customers are saying. Is the move to Risk-Based approach actually happening? Or is it something reserved for analysts and bloggers?

Re: Part II: To Be or Not To Be an Identity

Marco Casassa Mont — Fri, 23 Nov 2007 16:10:00 GMT

Hi. Thanks for your comment. However, are you sure this comment relates to this post? I would see it more pertinent to my post on "On the Role of “Role Mining” in Enterprises". Marco