I’m now going to be specialising in IBM’s governance product, IBM Security Identity Governance and Intelligence (ISIGI). The product is very powerful, containing a huge amount of functionality, so it will be hard work to get my head around it, but I’m looking forward to
Read More
Reflections on just how strong passwords really need to be…
I’m sure we’ve all heard that Bill Burr, the man who wrote the book on password management while working at NIST, has changed his mind about the password guidelines that he devised. “Much of what I did I now regret,” Burr, who is now retired,
Read More
Challenges with Audi music interface and MP3 ID3 tags…
Earlier this year I bought a 2016 Audi A3. With any new car one of my top priorities is being able to play music: the car has two SD card sockets so I dutifully copied all of my music collection to a 64 GB SD card
Read More
IBM Cloud Identity Connect
IBM recently released IBM Cloud Identity Connect, which is a great employee productivity tool: it enables end users to find the approved SaaS applications that they need (rather than risking going down the ‘shadow IT’ route); having done that it provides a launch pad which
Read More
ISAM now supports FIDO U2F devices
ISAM Version 9.0.3 was released recently. One of the cool features is that it includes support for authenticators which conform to the FIDO (“Fast IDentity Online”) Alliance Universal 2nd Factor (U2F) standard. These are specialised hardware devices that perform cryptographic operations and which communicate using
Read More
Experimenting with IBM Bluemix
I’ve been having a fascinating time playing with IBM Bluemix – it makes it very easy to throw together an Internet-facing application running, say, Java or Node.js together with persistent storage. But the real magic comes with access to Watson APIs (such as Watson Personality
Read More
LDAP – how to enable/configure audit logging
The LDAP audit log can be the most helpful mechanism that I have found for investigating what LDAP requests a client is issuing, so I thought that it would be useful to explain how to enable/configure audit logging with IBM Security Directory Suite Version 8
Read More
ISAM: Setting up ECSSO, tag-value data propagation and EAI authentication…
I recently had a requirement to propagate a third party session ID (set by an EAI server) from one ISAM system to another, so that a user can be automatically logged in to the target third party system based on its session ID. So ECSSO
Read More
How to set up ISAM for step-up authentication using SMS OTP
It is possible to configure IBM Security Access Manager (ISAM) including its Advanced Access Control (AAC) module to support step-up authentication using One Time Passwords (OTPs) sent by SMS to a mobile phone (cell phone) using an SMS gateway. Here is an outline guide to the
Read More
SSL junctions and ‘mutual authentication’
I recently learned something about SSL junctions and ‘mutual authentication’ so I thought that it would be worth writing about it.
1. Starting with the basics, in order to set up any SSL junction, the certificate of the Certification Authority that has signed the server certificate for