I’m sure we’ve all heard that Bill Burr, the man who wrote the book on password management while working at NIST, has changed his mind about the password guidelines that he devised. “Much of what I did I now regret,” Burr, who is now retired,

Earlier this year I bought a 2016 Audi A3. With any new car one of my top priorities is being able to play music: the car has two SD card sockets so I dutifully copied all of my music collection to a 64 GB SD card

IBM recently released IBM Cloud Identity Connect, which is a great employee productivity tool: it enables end users to find the approved SaaS applications that they need (rather than risking going down the ‘shadow IT’ route); having done that it provides a launch pad which

ISAM Version 9.0.3 was released recently. One of the cool features is that it includes support for authenticators which conform to the FIDO (“Fast IDentity Online”) Alliance Universal 2nd Factor (U2F) standard. These are specialised hardware devices that perform cryptographic operations and which communicate using

I’ve been having a fascinating time playing with IBM Bluemix – it makes it very easy to throw together an Internet-facing application running, say, Java or Node.js together with persistent storage. But the real magic comes with access to Watson APIs (such as Watson Personality

The LDAP audit log can be the most helpful mechanism that I have found for investigating what LDAP requests a client is issuing, so I thought that it would be useful to explain how to enable/configure audit logging with IBM Security Directory Suite Version 8

I recently had a requirement to propagate a third party session ID (set by an EAI server) from one ISAM system to another, so that a user can be automatically logged in to the target third party system based on its session ID. So ECSSO

It is possible to configure IBM Security Access Manager (ISAM) including its Advanced Access Control (AAC) module to support step-up authentication using One Time Passwords (OTPs) sent by SMS to a mobile phone (cell phone) using an SMS gateway. Here is an outline guide to the

I recently learned something about SSL junctions and ‘mutual authentication’ so I thought that it would be worth writing about it.
1. Starting with the basics, in order to set up any SSL junction, the certificate of the Certification Authority that has signed the server certificate for

I was recently setting up ISAM E-community single signon (ECSSO) and wanted to set ‘e-community-sso-auth = http’ in the reverse proxy configuration file – but after that, when I tried to restart the reverse proxy it crashed repeatedly with the following messages in the webseal