by Mark Diodati | March 18, 2011 | 6 Comments
As I write this, RSA has announced it experienced an attack on its RSA SecurID one-time password (OTP) products. You can see Art Coviello’s letter to RSA’s customers here. The letter is very light on the nature of the attacks and what was stolen. In the interest of full disclosure, I worked at RSA for [...]
Category: Uncategorized Tags:
by Mark Diodati | March 4, 2011 | Comments Off
One of the research topics that I am responsible for is UNIX1 security. Very early in my career, I grew to love awk, sed, and the Korn shell. While working out, I listen to Korn, too (That Korn/Korn coincidence never gets old for my sys admin buddies – these pictures are hanging in many enterprise [...]
Comments Off
Category: Uncategorized Tags:
by Mark Diodati | January 25, 2011 | Comments Off
“I been here for years”. Admit it, the first thing that pops into your mind when hearing LL Cool J’s magnum opus is the hardware storage module (HSM). The HSM is traditionally leveraged for x.509 certificate deployments in high identity assurance use cases. The HSM protects the certificate authority’s (CA) private key in a tamper-resistant [...]
Comments Off
Category: Uncategorized Tags:
by Mark Diodati | January 10, 2011 | 1 Comment
There’s a story that goes along with ‘Where the Streets Have No Name”, the opening track of U2’s “The Joshua Tree”. The song seamlessly melds a wonderful introduction–which has a 6/4 time signature—into the body of the song, which is in 4/4. The recording process got so onerous that progress was slow. Very slow. Brian [...]
Category: Uncategorized Tags:
by Mark Diodati | September 13, 2010 | Comments Off
Active Directory Bridge products enable interoperability between Active Directory (AD) and UNIX systems (e.g., Linux, UNIX, Mac OS). A few years ago, I was at the right place and time and named the product class. AD Bridge products essentially provide four capabilities: Authenticate UNIX users against Active Directory Enable single sign-on (SSO) between UNIX and [...]
Comments Off
Category: Uncategorized Tags:
by Mark Diodati | August 31, 2010 | Comments Off
When it rains, it pours. Yesterday, CA Technologies announced its purchase of Arcot Systems. My blog post about the purchase can be found here. Today, VMware announced its purchase of TriCipher. Arcot Systems and TriCipher are eerily similar. Both companies started with innovative technology which protects the user’s private PKI key in software (in TriCipher’s [...]
Comments Off
Category: Uncategorized Tags:
by Mark Diodati | June 4, 2010 | 3 Comments
At its core, authentication is about transitioning. We take the user’s credential and give them back something useful (let’s call this useful thing a token). We take the user’s password and we give them a Kerberos ticket or a web access management cookie (think SiteMinder’s SMSESSION ticket). We validate the user’s certificate and negotiate the [...]
Category: Uncategorized Tags:
by Mark Diodati | May 19, 2010 | Comments Off
Burton Group recently transitioned its identity management blogging to the Gartner Blogging Network. The following is my blog entry from last week about an important SPML discussion which will occur at our annual Catalyst North America Conference. I am including it here in case you did not see it because of the transition. If you [...]
Comments Off
Category: Uncategorized Tags:
by Mark Diodati | May 19, 2010 | Comments Off
As Burton Group’s point person for most things authentication (and my product management work at RSA), I have been researching VeriSign’s authentication business for at least a dozen years. You may have read that VeriSign is considering the sale of its authentication business to Symantec for $1.3 billion. The New York Times has a good [...]
Comments Off
Category: Uncategorized Tags:
