"Geneva" Claims Based Access Platform
[http://www.microsoft.com/geneva]
"Geneva" helps simplify access to applications and other systems with an open and interoperable claims-based model. "Geneva" includes built-in interoperability via open industry standards and claims, and implements the industry Identity Metasystem vision for open and interoperable identity.
31 Flavors of NAC
[http://knowidentity.typepad.com/tnt/2007/01/31_flavors_of_n.html]
What do NAC and Baskin Robbins have in common? They each have 31 flavors. Unfortunately, the intent of NAC and the problems that NAC attempts to solve are no joke. Having run numerous networks and spoken with hundreds of CIOs and security professionals, I understand why NAC is so important. I unfortunately have experienced what happens when endpoints are compromised or go awry. Its not pleasant. For example, a colleague of mine, who is the CIO of a hospital, discussed a recent virus outbreak and claimed that another serious IT incident could literally mean life or death. Thats why getting NAC right is so significant; the stakes have never been higher.
AAA панихи
[http://www.latte.be/]
A test bookmark.
ActivIdentity
[http://www.actividentity.com/]
ActivIdentity is the trusted enabler of digital identity assurance for governments, enterprises and identity management partners. Formed from the union of ActivCard and Protocom leaders in the areas of authentication, credential management and enterprise single sign-on - ActivIdentity provides the only complete platform for the secure issuance, management and use of digital identities via smart cards.
Amazon Community Content Search
[http://www.amazon.com/gp/community-content-search/]
Search Amazon for books on particular subjects people found interesting. This includes Listmania!
AuthenticationWorld.com
[http://www.authenticationworld.com/]
This website is meant to provide enterprise senior managers, IT and security management with a central resource on authentication. Here you can answer general questions like "What is authentication?" to detailed implementation guidelines and recommendations on implementing single sign on, password management, biometrics, providing a layered identity authentication strategy, etc.
Authernative
[http://www.authernative.com/]
Founded in 2000, Authernative, Inc. is a software company developing, marketing and selling enterprise level security solutions. Authernative overcomes the security and identity management challenges necessary to facilitate e-commerce by providing Web access control solutions to mass users in a cost effective, easily deployable, and easy to use manner, without hardware devices.
Axiomatics
[http://www.axiomatics.com/]
Axiomatics is a leading supplier of XACML-based authorization management systems. Since the company was established in 2006 we have been providing attribute based access control solutions and information security management services for a wide range of customers around the world.
Conor Cahill - Open Source
[http://www.cahillfamily.com/OpenSource/]
These toolkits implement the Liberty Alliance ID-WSF 1.0 and 2.0 protocols. The original code was developed by Conor Cahill while he was at AOL. AOL agreed to release the code under a BSD License. Intel Corporation, where Conor now works, has given permission to Conor to continue to develop and maintain the code on his own time and Conor continues to use a BSD license on the code.
Critical Infrastructure Protection Committee (CIPC)
[http://www.nerc.com/~filez/cip.html]
CIPC coordinates NERC's security initiatives. The group is comprised of industry experts in the areas of cyber security, physical security, and operational security. CIPC reports to NERC's Board of Trustees. It is governed by an Executive Committee, whose members manage CIPC policy matters and provide support to CIPC's subcommittees and their working groups and task forces.
Identity Enabled B2B
[http://www.sun.com/b2b]
The Java B2B Suite provides an integrated B2B platform for automating trading partner management, transaction visibility, and full-cycle transaction auditing in both enterprise and extranet environments. It combines market-leading identity management with comprehensive B2B integration to securely manage and automate system-to-system communication among trading partners
ISO/IEC 10181-3:1996 (Access control framework)
[http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=18199]
Specifies a general framework for the provision of access control. The purpose of access control is to counter the threat of unauthorized operations involving a computer or communication system.
Microsoft Identity and Access Management Series
[http://www.microsoft.com/technet/security/topics/identitymanagement/idmanage/default.mspx?mfr=true]
This series of papers provides numerous identity and access management concepts, techniques, and solutions for use in heterogeneous IT environments. Identity and access management combines processes, technologies, and policies to manage digital identities and specify how they are used to access resources.
OASIS Security Services (SAML) TC
[http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security]
SAML, developed by the Security Services Technical Committee of OASIS, is an XML-based framework for communicating user authentication, entitlement, and attribute information. As its name suggests, SAML allows business entities to make assertions regarding the identity, attributes, and entitlements of a subject (an entity that is often a human user) to other entities, such as a partner company or another enterprise application.
OpenSAML
[http://www.opensaml.org/]
OpenSAML 1.1 is an open source toolkit for implementing solutions using the SAML 1.1 and 1.0 specifications. It is a production quality release available for Java (1.4+) and C++ applications.
OpenSAML 2.0 is in development, and will include support for the SAML 2.0 standard, as well as legacy support for SAML 1.1 and 1.0. The redesigned library includes a superset of the functionality in earlier versions, but will NOT be API-compatible with them.
OpenSSO
[https://opensso.dev.java.net/]
The Open Web SSO project (OpenSSO) provides core identity services to simplify the implementation of transparent single sign-on (SSO) as a security component in a network infrastructure. OpenSSO provides the foundation for integrating diverse web applications that might typically operate against a disparate set of identity repositories and are hosted on a variety of platforms such as web and application servers. This project is based on the code base of Sun JavaTM System Access Manager, a core identity infrastructure product offered by Sun Microsystems.
Oracle Identity Management
[http://www.oracle.com/products/middleware/identity-management/identity-management.html]
Oracle Identity Management's best-in-class suite of IdM solutions delivers the industrys only hot-pluggable middleware, allowing enterprises to manage the end-to-end lifecycle of user identities across all enterprise resources both within and beyond the firewall. You can now deploy applications faster, apply the most granular protection to enterprise resources, automatically eliminate latent access privileges, and much more.
OrBAC
[http://www.orbac.org/index.php?page=home&lang=en]
The main goal of this site is to introduce access control model OrBAC. This model was developed inside the RNRT MP6 project (communication and information system models and security policies of healthcare and social matters). The purpose of this project is to define a conceptual and industrial framework to meet the needs of information security and sensitive healthcare communications.
RFC 2903 - Generic AAA Architecture
[http://www.faqs.org/rfcs/rfc2903.html]
This memo proposes an Authentication, Authorization, Accounting (AAA) architecture that would incorporate a generic AAA server along with an application interface to a set of Application Specific Modules that could perform application specific AAA functions. A separation of AAA functions required in a multi-domain environment is then proposed using a layered protocol abstraction. The long term goal is to create a generic framework which allows complex authorizations to be realized through a network of interconnected AAA servers.
RFC 2904 - AAA Authorization Framework
[http://www.faqs.org/rfcs/rfc2904.html]
This memo serves as the base requirements for Authorization of Internet Resources and Services (AIRS). It presents an architectural framework for understanding the authorization of Internet resources and services and derives requirements for authorization protocols.
RFC 3281 - An Internet Attribute Certificate Profile for Authorization
[http://www.ietf.org/rfc/rfc3281.txt]
This specification defines a profile for the use of X.509 Attribute Certificates in Internet Protocols. Attribute certificates may be used in a wide range of applications and environments covering a broad spectrum of interoperability goals and a broader spectrum of operational and assurance requirements. The goal of this document is to establish a common baseline for generic applications requiring broad interoperability as well as limited special purpose requirements. The profile places emphasis on attribute certificate support for Internet electronic mail, IPSec, and WWW security applications.
Role Based Access Control
[http://csrc.nist.gov/rbac/]
One of the most challenging problems in managing large networks is the complexity of security administration. Role based access control (also called role based security), as formalized in 1992 by David Ferraiolo and Rick Kuhn, has become the predominant model for advanced access control because it reduces the complexity and cost of security administration in large networked applications. Most information technology vendors have incorporated RBAC into their product line, and the technology is finding applications in areas ranging from health care to defense, in addition to the mainstream commerce systems for which it was designed.
Shibboleth
[http://shibboleth.internet2.edu/]
The Shibboleth software implements the OASIS SAML v1.1 specification, providing a federated Single-SignOn and attribute exchange framework. Shibboleth also provides extended privacy functionality allowing the browser user and their home site to control the Attribute information being released to each Service Provider.
Sun Java System Access Manager
[http://www.sun.com/software/products/access_mgr/index.xml]
Sun Java System Access Manager is a security foundation that helps organizations manage secure access to an enterprises' Web applications both within the enterprise and across business-to-business (B2B) value chains. It provides open, standards-based authentication and policy-based authorization with a single, unified framework. It secures the delivery of essential identity and application information to meet today's needs and to scale with growing business needs, by offering single sign-on (SSO) as well as enabling federation across trusted networks of partners, suppliers, and customers.
