The National Strategy for Trusted Identities in Cyberspace (NSTIC) describes two types of intermediaries between subjects (users) and relying parties: identity providers and attribute providers. This is a separation not frequently found in identity systems. In order to emphasize this distinction, I often use the term “credential provider” or “authentication provider” rather than identity provider to refer to a service that provides authentication services and makes assertions resulting from authentication but does not directly provide attributes about the subject.
A credential provider can be thought of as a key cabinet. The subject authenticates to the credential provider in order to “unlock” the cabinet of credentials. As with a physical key cabinet where different keys inside are used for different things, the credential provider serves different credentials to different services. Ideally, the identifiers used for each of these services would be different; a good identifier is also opaque, meaning that the identifier itself provides no additional information about the subject. Provided that the choice of credential provider itself does not reveal significant information about the subject, a subject can be generally pseudonymous with respect to the relying party until the subject authorizes the release of identifying attributes.
Last year brought a surprising, and seemingly positive, change in the number of security threats: it was the first year we saw spam volumes drop. That decrease was a significant change from the previous decade, in which spam volumes roughly doubled every year, compounding to yield a dirty Internet where about 90 percent of the email flowing over the backbone is spam. So does the drop in spam volume mean spam is suddenly less of a problem? Have spammers given up and gone home, or maybe developed a conscience and let up a little?
Unfortunately, no. Spam has just changed. It’s become more sophisticated. We are seeing a massive shift away from the spray-and-pray tactics of the past to much more targeted and complex attacks. One consistent trait of attackers: they always follow the money. Therefore, as social media sites such as Facebook have experienced explosive growth (and explosive valuations), it’s no surprise that threat writers are exploring ways to tap into these networks to deliver the next generation of attacks.
The resiliency and determination of America’s sense of justice was thrust into a spirit of rejoicing on Sunday evening May 1, 2011, when President Barack Obama addressed the world, confirming Osama bin Laden’s demise in Pakistan. While watching the breaking TV news coverage, I began to share that sense of accomplishment and joy, less for the act of neutralizing the thought leader and chief architect of 9/11 and other atrocities against Americans, and more for the fortitude and resolve demonstrated by the U.S. commander-in-chief, our military forces, and intelligence agencies. I found myself thinking of what this type of public resolve implies for the future state of our Manufacturing economy in the U.S., whose resurgence is essential to the country’s defenses, global leadership, and the health and prosperity of our citizens, along with those of other democratic nations.
President Obama’s determination coming into office in January 2009 to recommit U.S. resources to bring justice to bin Laden, and the U.S. intelligence and military’s subsequent success bodes well as I consider his commitment to U.S. manufacturing competitiveness, infrastructure build-out and job creation articulated during the President’s January 2011 State of the Union address. During the last several quarters, I have had the privilege to present on behalf of Cisco to the Office of the President as part of the Smart Manufacturing Leadership Coalition (SMLC), a broad cross section of manufacturers, technology suppliers, manufacturing consortia, government laboratories and research universities across industry segments pulling together to recommend programs to revitalize U.S. manufacturing.
Evaluate potential providers based on their responses to these key concerns.
More and more, small businesses are moving to cloud computing, signing up with private providers that make sophisticated applications more affordable as well as setting up their own accounts with public social media sites like Facebook. The trend is confirmed by Microsoft in its global SMB Cloud Adoption Study 2011, which found that 49 percent of small businesses expect to sign up for at least one cloud service in the next three years.
Private and public clouds function in the same way: Applications are hosted on a server and accessed over the Internet. Whether you’re using a Software as a Service (SaaS) version of customer relationship management (CRM) software, creating offsite backups of your company data, or setting up a social media marketing page, you’re trusting a third-party company with information about your business and, most likely, your customers.