Friday, December 20, 2002

Libraries and Identity Management Be Sure to Pronounce It Correctly. Shibboleth Project "Shibboleth is an initiative to develop an open, standards-based solution to the needs for organizations to exchange information about their users in a secure, and privacy-preserving manner. The initiative is facilitated by Internet2 and a group of leading campus middleware architects from member schools and corporate partners. The organizations that may want to exchange information include higher education, their partners, digital content providers, government agencies, etc. The purpose of the exchange is typically to determine if a person using a web browser (e.g., Internet Explorer, Netscape Navigator, Mozilla) has the permissions to access a resource at a target resource based on information such as being a member of an institution or a particular class. The system is privacy preserving in that it leads with this information, not with an identity, and allows users to determine whether to release additional information about themselves. An open solution means both an open architecture and a functioning, open-source implementation. Standards-based means that the information that is exchanged between organizations can interoperate with that from other solutions. We are accepting contributions for further development." [via More Like This WebLog] I'm posting this mostly to get it in my archives and on others' radar screens. It's a project that Clifford Lynch is tracking, which means it's worth tracking period. As Bill Humphries notes in his original post on MLTW, libraries are and should be interested in this project because it will improve our authorization abilities for databases and catalogs. I'll have to take some time to read through the site and figure out if there's a way to bring this into SLS (and ultimately all of the Illinois Library Systems), especially as we move forward with VIC (including patron-initiated interlibrary loan requests - someday!), LibraryU, and continued statewide access to FirstSearch. [The Shifted Librarian] 4:49:05 PM

Separating Security from Identity Jan. 1, 2003 Issue of CIO Magazine | Ideas 2003 8. Identity Crisis If Identity Theft isn't already on your radar screen, this headline will put it there: "13,000 Credit Reports Stolen by Hackers." Ford Motor's customer credit reports, containing a treasure trove of identifying information such as Social Security, bank account and credit card numbers, had been lodged in a supposedly secure database at Experian, one of the nation's biggest credit agencies. The hackers simply bypassed security by posing as employees of Ford.... The reason identity theft is so powerful is that much of our security today is based on your identity," he [Bruce Schneier, founder and CTO of Counterpane Internet Security] says. For example, many insurance companies, financial institutions and government agencies (like the Registry of Motor Vehicles) rely primarily on Social Security numbers as identifiers. So if someone knows your Social Security number and a few other facts about you, he can easily steal your identity. "As long as security relies on identity, then ID theft becomes an effective way of committing fraud," Schneier adds. "And creating stronger IDs [through biometrics] only makes the problem worse."... "If you had a dozen IDs and they weren't linked together, now that would be difficult to steal," Schneier says. "Decentralize, distribute. There is never one answer to security." 4:41:31 AM

© Copyright 2006 Russ Savage. Last update: 5/8/06; 9:03:42 PM.