Blog posts by Sebastian Rohr

My dear friend Mia Harbitz of the Interamerican Development Bank (www.iadb.org) has recently linked me to of what I felt to be one of the most important papers on “Identity Management” since I work in this field. The paper does not analyze the pros and cons of doing bottom-up or top-down role design, nor does it dive into the depths of Access Governance and streamlining reconciliation efforts in your organization. It investigates what any of you claim (and probably experienced yourself) to be a birth-right: your own personal identity! We all know the fuzz around Google+ and the headache...

I still remember the fun that was had when Dick Hardt first made his cool presentations on User Centric Identity Management and regaining control of who would access to what attribute of your multiple personas, be it online, at home or at work. We all know, that his company sxip identity failed because it did not gain enough momentum to monetize on the idea. Still, concepts such as the (also “failed”, much to my demise) Information Cards by Microsoft or the OpenID approach share some aspects of the sxipper product – putting you in control of your data. The current hype around the new EU...

Well, the time between the years (usually today referring to the days after Christmas until New Years Eve - but did you know these were historically the twelve days between December 24th and January 6th which served to align lunar and solar calender years? But I am getting too much off-topic...) is used to reflect about the year passed. There are a few things and events that absolutely impressed me in 2011, which I like to talk about a litte! First, there was the spring event European Identity Conference (EIC - www.id-conf.com) which had a great impact from my personal point of view. I...

My colleague Jörg Resch just gave us a summary on the current status of new EU Privacy Regulation that is “in the works” in Brussels. If only a portion of this becomes “EU Law” – meaning that it will not be a Directive which needs to be translated into local national law but supersedes any existing national law – it will change the game in an instance. Not only would the “amusingly small” fines that could currently be imposed e.g. German companies for breaking privacy laws (standard maximum fine 50.000 €) be bumped up to “significant” numbers, but the actual provider of a service could be...

We have been discussing IRM, DRM, DLP and other acronyms back and forth for a quite a while now and I am sure there are a good bunch of solutions out there for those organizations, that have policies and procedures in place to sufficiently plan, build and run thus a tool. Thus, I was pretty much „meh“ about any discussions revolving around the pros and cons of approaches… Well, our close friends sometimes surprise us with problems, we never seem to have „seen“ before. One of those friends runs a small System Integrator / VAR company and approached me with a problem, that is common among...

Back to the roots - Strong Authentication is my topic of the month. To be more precise, the combination of several methods of strong authentication all managed through one central, versatile system, allowing both high-security solutions with high cost per authentication and mass-market easy to use methods for low to medium security settings. Versatile Authentication Services/Servers/Platforms are key to low TCO and high usability for different user segments and use-cases. I already finished most of my market analysis and am currently compiling the report. If you feel the urge to let me...

The press release of HID acquring ActiveIdentity almost slipped my sensor network, despite the fact that I had the honour of having some close contact to top-level HID guys this week. I am totally positive about this acquisition, as HID now is able to get their hands on some really good Versatile Authentication Server (VAS) with AI's 4Tress product. This is what they need to really set a mark in the authentication industry, because their NaviGO tool was a good starting point but it really lacks the quality and integration some of the other tools feature. HID is brand new to "software",...

The recently published document on protecting credit card data during processing and storage with tokenization technology has gathered quite a bit of response (see for yourself http://usa.visa.com/download/merchants/tokenization_best_practices.pdf). As others like Mr. McMillon of RSA said before (http://www.rsa.com/blog/blog_entry.aspx?id=1687), it is an overall good approach - and my very recent experience with CC data processing in outsourcing environments proves to me that solutions for this are in great demand. Besides the "nit-picking" (please excuse, we are totally on the same page...

If you’re a soccer fan, thinking back to the year 1986 will probably remind you of the nail-biting final between Germany and Argentina that the South Americans narrowly won (unlike the devastating 0:4 loss they received this year, but that’s only by the way). If you are a data protection professional, however, harking back to 1986 will probably conjure up memories of the widespread street demonstrations during the run-up to the German census. Of course, the 80ies saw a lot of protest movements; atomic weapons and the new runway at Frankfurt International drew angry crowds, but resentment...

We’ve all been there before: helpdesks deluged by calls from irate users, constant complaints about buggy apps, complicated login procedures or passwords no one can remember. Much-overdue investments in security patches and updates for heirloom software have to be postponed time and again because maintenance and support eat up all the money, and still the boss is under pressure to tighten the belt another notch by slashing the IT budget yet further. And after all: Isn't IT supposed to be all about reducing costs? What about all those productivity gains and slick business processes? Yes,...