http://www.informed-control.com/ Informed Control Inc. Copyright 2004-2008 Informed Control Inc. Thu, 31 Jan 2008 05:20:00 GMT Thu, 31 Jan 2008 05:20:00 GMT emacs info@informed-control.com info@informed-control.com en-US 1440 <ul><li><a href="http://technorati.com/claim/k2sxfc3wk" rel="me">Technorati Profile</a> published January 30, 2008</li></ul>info@informed-control.comThu, 31 Jan 2008 05:20:00 GMT http://www.informed-control.com/2/news/20080130_01.shtmlhttp://www.informed-control.com/2/news/20080130_01.shtml<ul><li><a href="http://www.informed-control.com/archive/200411-03-tid-20080130.pdf">"System for authentication with an electronic mail service" (200411-03)</a> published January 30, 2008</li></ul>info@informed-control.comThu, 31 Jan 2008 05:20:00 GMT http://www.informed-control.com/2/news/20080108_01.shtmlhttp://www.informed-control.com/2/news/20080108_01.shtml<ul><li><a href="http://www.informed-control.com/archive/200612-03-tid-20080108.pdf">"System for authentication with an electronic mail service" (200612-03)</a> published January 8, 2008</li></ul>info@informed-control.comWed, 9 Jan 2008 06:00:00 GMT http://www.informed-control.com/2/news/20070413_01.shtmlhttp://www.informed-control.com/2/news/20070413_01.shtml<p>Mark Wahl of <a href="http://www.informed-control.com/">Informed Control Inc.</a> will be speaking at the <a href="http://catalyst.burtongroup.com/">Burton Group Catalyst Conference 2007</a> on <i><a href="http://www.catalyst.burtongroup.com/NA07/agenda.php?date=2007-06-29">Your Identity Session: Future Directions in Identity Lifecycle Management</a></i>. </p> <p>For more information, see <a href="http://www.ldap.com/1/commentary/wahl/20070413_01.shtml"><i>Future Directions in Identity Lifecycle Management</i> presentation scheduled for Burton Group Catalyst NA 2007 </a>.</p> info@informed-control.comFri, 13 Apr 2007 17:00:00 GMT http://www.informed-control.com/2/news/20070407_01.shtmlhttp://www.informed-control.com/2/news/20070407_01.shtml<p> <a href="http://www.informed-control.com/">Informed Control</a> released today the first version of the <b>Schemat Consumer</b>, a proof of concept research implementation of attribute type metadata parsing. </p> <p>The specifications "Identity Attribute Metadata" at <tt>http://openid.net/specs/identity-attribute-metadata-1_0-01.html</tt> and at the Identity Schemas Wiki <tt>http://idschemas.idcommons.net/moin.cgi/MetaData</tt> describe how metadata of identity attributes can be represented using RDF. Online structured metadata provides applications and developers with additional information about unfamiliar attributes. Elements of metadata might specify, for example, the syntax allowed for values of that attribute, or how one attribute relates to other attributes.</p> <p>The Schemat Consumer provides applications in an identity metasystem with a simple Java API for retrieving the metadata of URI-named attribute types. </p> <p>More information on the Schemat Consumer can be obtained at the <a href="http://www.ldap.com/1/spec/schema/ont.shtml">ldap.com schema ontology page</a>.</p> info@informed-control.comSat, 07 Apr 2007 21:00:00 GMT http://www.informed-control.com/2/news/20070205_01.shtmlhttp://www.informed-control.com/2/news/20070205_01.shtml <p>Mr. Mark Wahl, CISA, presented an overview of <i>Assessment Techniques for Auditing Identity Management</i> at the <a href="http://www.rsaconference.com/2007/US/">RSA conference 2007</a> in San Francisco. </p> <p>From the session abstract:</p> <blockquote> <p>"Recent legislation mandates that US federal government agencies must perform annual security reviews of their computer systems that contain sensitive data. This has led to the development of a category of best practice techniques and tools, known as Certification and Accreditation, for performing risk assessments for networked services, and verifying that the security controls on these systems meet requirements and actually work as intended. These concepts are not government or US-specific: they are directly applicable to any large organization. In particular, they are best employed when new applications are being deployed or existing deployments are being audited, in order to reduce the risk that a misconfigured or unmonitored security control might find its way into the deployment and later be compromised by an attacker, which could lead to the loss or exposure of private, business-critical data."</p> <p>"This vendor-independent presentation introduces the security verification and validation techniques as used today across government agencies, and shows how they can be applied within companies, as part of software procurement and auditing processes, to address regulatory requirements and increase confidence in the effectiveness of security controls. As a successful attack on an organization's identity infrastructure could lead to the theft of large quantities of personal information, as well as compromise that organization's line of business applications, the presentation focuses on techniques to improve the trust of Identity Management deployments. Specifically it discusses external and internal threats to these deployments, and approaches for reviewing and monitoring directory, access management, provisioning and federation services."</p> </blockquote> <p>More information is available at the <a href="http://www.informed-control.com/2/resources.shtml">Resources page</a>, including <a href="http://www.informed-control.com/2/resources/2007rsa.shtml">references to the documents mentioned in the presentation</a>.</p> info@informed-control.comMon, 05 Feb 2007 19:30:00 GMT