The past half year I did not blog that much on TestingSaaS.
With good reason!
I started a new job as a technical consultant at iWelcome and I was quite busy with relocating too.
Why iWelcome?
It is Europe's Identity Platform in the cloud.
iWelcome provides Identity & Access Management as a Service (IDAAS) for organizations, so they can manage the identity lifecycle of their consumers, employees, business customers, partners and suppliers in a secure, simple and efficient manner.
How cool is that?
Since 2010 I have been studying IDAAS (thanks UMA :-) ) and now with the hype of data science (event logging !!) and data privacy (GDPR) I can all combine these disciplines in one job. Who dares wins!
Mind you, I already had some IAM experience at Essent and Onegini, but this was software related, now it's implementation, a complete other ball game with other stakes and rules.
Just one step at a time.
So stay tuned for my further adventures in IAM told on TestingSaaS, eForensics Magazine, Fixate and the iWelcome blog.
Showing posts with label OpenID. Show all posts
Showing posts with label OpenID. Show all posts
Sunday, July 30, 2017
Monday, December 31, 2012
Hello 2013, Goodbye 2012
For me, 2012 was a year full of challenges, setting up ways to meet peers (Facebook) and gaining experience in online identities, software testing and compliance .
This I want to continue in 2013.
Next year I want to deepen my security knowledge about online sharing protocols like UMA, OAuth2 , OpenID and my adventures (work experience, conference meetings) will be highlighted.
Also, I will continue to follow the news on privacy , big data and compliance and blog about this to express my views on these subjects, which will be combined in 2013.
Papers will be written, conferences will be visited and no worries, software and protocols will be tested.
All thoroughly done to give you a quality up to date repository about testing Software as a Service, with a flavor of online identities.
See you all in 2013 on Facebook, TestingSaaS-blog and Twitter!
And perhaps in real life too!!
This I want to continue in 2013.
Next year I want to deepen my security knowledge about online sharing protocols like UMA, OAuth2 , OpenID and my adventures (work experience, conference meetings) will be highlighted.
Also, I will continue to follow the news on privacy , big data and compliance and blog about this to express my views on these subjects, which will be combined in 2013.
Papers will be written, conferences will be visited and no worries, software and protocols will be tested.
All thoroughly done to give you a quality up to date repository about testing Software as a Service, with a flavor of online identities.
See you all in 2013 on Facebook, TestingSaaS-blog and Twitter!
And perhaps in real life too!!
Monday, April 16, 2012
UMA Interop Testing at European Identity Conference 2012
Kantara Initiative's User-Managed Access WorkGroup (UMAWG)will reach a new milestone this month.
The UMAWG will be present at the European Identity Conference on April 17th in Munich (today).
It's mission: to show some UMA real-world examples during the Kantara Initiative Summit , which is chaired by my good friend Joni Brennan.
These examples include SMARTAM.org and a UMA-based app by Fraunhofer AISEC.
Before the UMA-show UMAnitarians have been busy with interop testing of the mentioned UMA examples.
Between 12.00 and 13.30 the UMAWG will share it's latest status, it's heritage with Oauth and OpenIDConnect and the status of the current implementations.
Unfortunately I can't be present today, but through blogs and tweets I will support my fellow UMAnitarians in answering questions and giving info on interop testing.
The UMA Interop won't be finished this day, it's just the beginning.
Because OpenID has a very good wiki on OpenID interop testing, OSIS, the UMAWG asked OSIS for help with setting up a UMA interop wiki.
With the help of the OSIS folks the UMAWG will make an effort to start interop testing of all available UMA implementations.
UMAnitarians and other UMA-interested people are invited to take a look at the OSIS-wiki and start interop testing their
UMA-based apps the OSIS-way.
Exciting times ahead for the UMAWG.
No worries, the quality of UMA is my gig, bugs are NOT allowed!
The UMAWG will be present at the European Identity Conference on April 17th in Munich (today).
It's mission: to show some UMA real-world examples during the Kantara Initiative Summit , which is chaired by my good friend Joni Brennan.
These examples include SMARTAM.org and a UMA-based app by Fraunhofer AISEC.
Before the UMA-show UMAnitarians have been busy with interop testing of the mentioned UMA examples.
Between 12.00 and 13.30 the UMAWG will share it's latest status, it's heritage with Oauth and OpenIDConnect and the status of the current implementations.
Unfortunately I can't be present today, but through blogs and tweets I will support my fellow UMAnitarians in answering questions and giving info on interop testing.
The UMA Interop won't be finished this day, it's just the beginning.
Because OpenID has a very good wiki on OpenID interop testing, OSIS, the UMAWG asked OSIS for help with setting up a UMA interop wiki.
With the help of the OSIS folks the UMAWG will make an effort to start interop testing of all available UMA implementations.
UMAnitarians and other UMA-interested people are invited to take a look at the OSIS-wiki and start interop testing their
UMA-based apps the OSIS-way.
Exciting times ahead for the UMAWG.
No worries, the quality of UMA is my gig, bugs are NOT allowed!
Thursday, May 12, 2011
The Status Quo of OpenID development
Preceeding the IIW12, the OpenID Summit took place at the World Headquarters of Symantec in Mountain View, California.
Considering my prior interest in OpenID and its future layerment on Oauth 2.0 (next to UMA !!) I was very interested in the Status Quo of OpenID development.
This Summit, presented by the OpenID Foundation, as part of a 2011 series, focused on 'Balancing Security and the User Experience', very interesting for me as a tester.
Through 4 sessions (3 panel discussions and 1 presentation) the attendees were stimulated to think about and discuss the present state of OpenID, the changing authentication protocols, the best practises and also the monetization (making money) of identity without traumatizing the customer.
Especially the latter is important, because of the adoption of OpenID and other identity protocols by enterprises and governments. No business Case means no assurance of a possible Return on Investment, resulting in NO adoption by enterprises or government.
A Business Case alone, is in my opinion, still insufficient, because if the OpenID protocol is crap, no customer wants to buy it.
Well, you might guess what my question was: Why not involve testing in the OpenID development lifecycle from the beginning, the specs, to improve the quality?
After all, I have done this for the UMA-protocol last year, and the UMAnitarians are very happy with it. Reactions to this from the OpenID Summit were positive, let's see what happens in the coming weeks.
But let's get back to the OpenID Summit. I won't give elaborate descriptions of how the panel discussions went (see the link above for more info and the panel members), but I will highlight some.
The first panel, chaired by Nico Popp, our Symantec host, discussed the changing authentication protocols like strong authentication, One Time Passwords (OTP), PKI (-smartcards), but also identity proofing, biometrics and risk-based authentication (especially banking!) were addressed. Next to this the different levels of authentication were explored.
I thought it described the evolution of authentication protocols and easy to follow if you had some knowledge of authentication.
The next session was done by The Oauth-pro's: Mike Jones, John Bradley and Nat Sakimura.
They gave us an insight in the Status Quo of OpenID development.
Next to the work done on JSON and JWT chain representation, especially OpenID ABC framework and OpenID Artifact Binding were discussed. Vey nice, because, that's what I came for.
Regarding the rapid development of mobile phone authentication, more use cases will be made to extend the OpenID development here.
Well done guys, I'm up to date again on the OpenID development.
The third session was all about best practices and chaired by Eric Sachs from Google.
Especially the authentication of web 2.0 apps were discussed and especially the minimal scope of the parameters of a ID check. I think they were Name, Email and Photo.
Also the combination of OpenID and the HTTPS-protocol to ensure a secure exchange of data. Facebook, for instance, now gives its customer the opportunity to use this protocol.
But still a lot has to be done here to ensure a good functioning of the OpenID protocol.
The last session, hosted by Don Thibeau, features investors interviewing technology leaders about investing company money in identity and technology leaders interviewing investors about venture investing in identity companies. Bottom line here was, is there an investment opportunity in Identity management or online privacy: NO.
It still needs a well defined business case and certainly won't give profits in the short term, although these aren't excluded in the long term.
Well, that was for me the OpenID Summit May 2011: I learned a lot, had good pizza for lunch and went home with the feeling that OpenID development is ongoing, although it needs a good business case and a critical look from a tester's point of view.
OpenID Foundation, Symantec and Google, thanks for a great day!
The next blog will highlight my days at the Internet Identity Workshop 12 last week.
Considering my prior interest in OpenID and its future layerment on Oauth 2.0 (next to UMA !!) I was very interested in the Status Quo of OpenID development.
This Summit, presented by the OpenID Foundation, as part of a 2011 series, focused on 'Balancing Security and the User Experience', very interesting for me as a tester.
Through 4 sessions (3 panel discussions and 1 presentation) the attendees were stimulated to think about and discuss the present state of OpenID, the changing authentication protocols, the best practises and also the monetization (making money) of identity without traumatizing the customer.
Especially the latter is important, because of the adoption of OpenID and other identity protocols by enterprises and governments. No business Case means no assurance of a possible Return on Investment, resulting in NO adoption by enterprises or government.
A Business Case alone, is in my opinion, still insufficient, because if the OpenID protocol is crap, no customer wants to buy it.
Well, you might guess what my question was: Why not involve testing in the OpenID development lifecycle from the beginning, the specs, to improve the quality?
After all, I have done this for the UMA-protocol last year, and the UMAnitarians are very happy with it. Reactions to this from the OpenID Summit were positive, let's see what happens in the coming weeks.
But let's get back to the OpenID Summit. I won't give elaborate descriptions of how the panel discussions went (see the link above for more info and the panel members), but I will highlight some.
The first panel, chaired by Nico Popp, our Symantec host, discussed the changing authentication protocols like strong authentication, One Time Passwords (OTP), PKI (-smartcards), but also identity proofing, biometrics and risk-based authentication (especially banking!) were addressed. Next to this the different levels of authentication were explored.
I thought it described the evolution of authentication protocols and easy to follow if you had some knowledge of authentication.
The next session was done by The Oauth-pro's: Mike Jones, John Bradley and Nat Sakimura.
They gave us an insight in the Status Quo of OpenID development.
Next to the work done on JSON and JWT chain representation, especially OpenID ABC framework and OpenID Artifact Binding were discussed. Vey nice, because, that's what I came for.
Regarding the rapid development of mobile phone authentication, more use cases will be made to extend the OpenID development here.
Well done guys, I'm up to date again on the OpenID development.
The third session was all about best practices and chaired by Eric Sachs from Google.
Especially the authentication of web 2.0 apps were discussed and especially the minimal scope of the parameters of a ID check. I think they were Name, Email and Photo.
Also the combination of OpenID and the HTTPS-protocol to ensure a secure exchange of data. Facebook, for instance, now gives its customer the opportunity to use this protocol.
But still a lot has to be done here to ensure a good functioning of the OpenID protocol.
The last session, hosted by Don Thibeau, features investors interviewing technology leaders about investing company money in identity and technology leaders interviewing investors about venture investing in identity companies. Bottom line here was, is there an investment opportunity in Identity management or online privacy: NO.
It still needs a well defined business case and certainly won't give profits in the short term, although these aren't excluded in the long term.
Well, that was for me the OpenID Summit May 2011: I learned a lot, had good pizza for lunch and went home with the feeling that OpenID development is ongoing, although it needs a good business case and a critical look from a tester's point of view.
OpenID Foundation, Symantec and Google, thanks for a great day!
The next blog will highlight my days at the Internet Identity Workshop 12 last week.
Sunday, January 16, 2011
Testing UMA means testing controlling an individual's online data by himself!
One of the reasons I joined the UMA-WG, was that I wanted to be involved in a project right from the specs and not when it is time for systemtesting. Next to that, the concept of UMA fascinates me and worth making me sweat!
The active discussions we have about the testability of the specs inspire me to improve my work as a systemtester.
The implementations of UMA can be in legious domains: enterprise, government, education, e-commerce etc. etc.
This makes it a project where IT-architects from different domains can work together making user stories and use cases and improve this user centric authorization protocol.
Yes, we also have OpenID and OAuth, but, IMFO, OpenID is for authenticating the user and OAuth for authorizing it.
UMA let an individual control the authorization of data sharing and service access made between online services on the individual's behalf, as a layer on OAuth. It doesn't involve the authentication, but is very much dependent on OAuth and its possible changes, which are very much monitored by the UMA-WG.
A few years ago I started this blog, because I wanted to share my thoughts on testing SaaS and identity. The latter, because, IMFO, testers were mixing up authentication and authorization, which is disturbing, because it are important elements of web2.0, online user-interactivity.
With OpenID I started, but UMA drives me more because it is fresh, very user-centric and can be interoperable with OpenID through OpenID/AB, melting two of my favorite testsubjects (authentication and authorization) in one.
I wait for the day I can test an online user-interface (say banking :-) ) where an individual, with the help of the UMA-protocol, can control the data he or she wants to share with third parties, on the individual's behalf.
Something worth sweating for!
The active discussions we have about the testability of the specs inspire me to improve my work as a systemtester.
The implementations of UMA can be in legious domains: enterprise, government, education, e-commerce etc. etc.
This makes it a project where IT-architects from different domains can work together making user stories and use cases and improve this user centric authorization protocol.
Yes, we also have OpenID and OAuth, but, IMFO, OpenID is for authenticating the user and OAuth for authorizing it.
UMA let an individual control the authorization of data sharing and service access made between online services on the individual's behalf, as a layer on OAuth. It doesn't involve the authentication, but is very much dependent on OAuth and its possible changes, which are very much monitored by the UMA-WG.
A few years ago I started this blog, because I wanted to share my thoughts on testing SaaS and identity. The latter, because, IMFO, testers were mixing up authentication and authorization, which is disturbing, because it are important elements of web2.0, online user-interactivity.
With OpenID I started, but UMA drives me more because it is fresh, very user-centric and can be interoperable with OpenID through OpenID/AB, melting two of my favorite testsubjects (authentication and authorization) in one.
I wait for the day I can test an online user-interface (say banking :-) ) where an individual, with the help of the UMA-protocol, can control the data he or she wants to share with third parties, on the individual's behalf.
Something worth sweating for!
Subscribe to:
Posts (Atom)