Access Management

3 October 2013 at 8:32am
In talking with service providers at this week’s conferences on federated access management in Helsinki it’s become apparent that many of them are asking identity providers to supply not only the information that they need for normal operations, but also information that will only actually be needed if a problem occurs. For example it seems that some service providers may request every user’s real name just in case a user mis-behaves and breaks the service provider’s policy.
2 October 2013 at 8:00am
A couple of sessions at the VAMP2013 workshop in Helsinki related to complexity and how best to express it to users. Bob Cowles pointed out that current access management systems can involve a lot of complexity even to reach the binary decision whether or not to allow a user to access a resource.
27 June 2013 at 3:51pm
I’ve been looking at the Intellectual Property Office’s proposals to update copyright exemptions for education, to see if there’s anything I need to comment on. My initial observations are as follows, but I’d be very grateful for comments if I’ve missed something.
15 February 2013 at 3:15pm
It’s interesting to read the Information Commissioner’s comments on the draft European Data Protection Regulation, which have just been published. A number of the comments address issues we’ve been struggling with in providing Internet services such as incident response and federated access management.
13 November 2012 at 4:36pm
A paper on "Economic Tussles in Federated Identity Management" provides some interesting insights into which FIM systems succeed and which fail. A simplistic summary would be that success requires a win-win outcome, where every party (Identity Provider, Service Provider and User) gains some benefit from adopting a federated approach. Viewing federations as a two-sided market provides some deeper insights and perhaps pointers to how such outcomes can be achieved.
8 October 2012 at 10:29am
One of the big challenges in designing policies and architectures for federated access management is to reconcile the competing demands that the system must be both “privacy-respecting” and “just work”. For an international access management system to “just work” requires information about users to be passed to service providers, sometimes overseas.
10 September 2012 at 11:35am
Last week’s REFEDs and VAMP meetings in Utrecht invited identity federations to move on to the next series of technical and policy challenges. Current federations within research and education were mostly designed to provide access to large commercial publishers and other services procured by universities and colleges for their individual members.
25 July 2012 at 9:13am
I'll be talking about the legal framework that might provide a home for complex middleware relationships. For some reason I agreed to the title "Here be VAMPires" ;-)
18 July 2012 at 5:37pm
Statewatch have published what appears to be a document from the Council of (European) Ministers containing comments on the proposed Data Protection Regulation. It’s interesting to see that there seems at last to be a recognition that the current legal treatment of indirectly linked identifiers is unsatisfactory.
10 July 2012 at 10:06am
One definition of a “hacker”, according to Wikipedia, is someone “who makes innovative customizations or combinations of retail electronic and computer equipment”. I was recently asked by TERENA to have a think about the legal issues around using federated access management to control access to resources in eResearch. This has quickly come to feel like hacking (in that sense) the law: making it do something it didn’t know it was capable of...
Subscribe to Access Management