Without an Internet infrastructure for authentication, we can’t even build the next generation of privacy protecting technologies that will enable the enlightened goals of the NSTIC guiding principles. NSTIC should be doing more to support OpenID Connect to make affordable open source software available to all Internet domains to protect themselves from hackers (and the NSA).
1. As CEO of Gluu, I talk with organizations every day about cas single sign on and privacy.
Gluu’s business is quite global: we have customers in the U.S., Europe, Asia and the Middle
East. I am in the frequent position of apologizing or joking about privacy in the US.
Let’s address the gorilla in the elevator: if the US government is going to get on its high
horse about security and privacy, it better stop hacking into corporate systems like Google.
This undermines the integrity of your effort to develop a privacy protecting ecosystem that
assumes the participants abide by the rules.
Mike Hearn’s recent blog sums it up: “In the absence of working law enforcement, we
therefore do what internet engineers have always done – build more secure software.” In
other words, trust no one… not even the government.
So perhaps before NSTIC committees try to herd a bunch of cats at great expense, it would
be expedient to take those sacred privacy principles to Obama and ask him to instruct the
agencies of the US government to eat their own dog food.
2. If the goal is to make the Internet a safer place, fix the front door:
authentication.
Without an Internet infrastructure for authentication, we can’t even build the next
generation of privacy protecting technologies that will enable the enlightened goals of
the NSTIC guiding principles. NSTIC should be doing more to support web access
management system (wam) to make affordable open source software available to all
Internet domains to protect themselves from hackers (and the NSA).
About Gluu
Gluu is an Austin, TX startup that provides open source and on demand cloud identity
and trust management. Gluu leverages standards such as OpenID Connect, SAML
2.0, and SCIM to make achieving active directory single sign on and easy. Deployed
quickly on public and private cloud servers, Gluu’s On Demand cloud identity
platform addresses the installation and operational issues of an organizational
identity provider at one predictably low annual cost.
Article resource:-http://thegluuserver.livejournal.com/6331.html