Showing posts with label blogs. Show all posts
Showing posts with label blogs. Show all posts

Tuesday, 25 October 2011

Identity and Access Management Blogs etc.

I thought: I could put together a quick blog post linking to some of the blogs which I follow, and spend a little time trying to fill gaps in the list. But while doing a little searching I found the Planet Identity blogroll (which I'd not seen before) and 360tek's list of blogs. Nothing I could post would be anything like as comprehensive. But there's still scope for a post, though...

Planet Identity aggregates over 170 blogs, with about 30 on 360tek's list most of which are on the Planet Identity list). I presume the former is no longer updated (it's on an old Sun server, not moved to Oracle). Blogs tend to be evanescent, and it's no surprise that some of the links in the blogroll are dead, or that others have not been updated in over two years. Many of the corporate bloggers have been amalgamated into a single company blog, which suggests to me some developing maturity in the identity market - these companies are making themselves more "corporate", which unfortunately often makes the blogs less interesting. A few of the blogs listed are inaccessible to me as someone pretty much restricted to English language writing, to my shame. My interests are also pretty much UK centred, and I'm not particularly into the latest marketing release from commercial vendors - mainly because getting identity management right is at least as much about good business processes as it is about technology. I'll just list some of the best of those which seem to be live (and which I didn't already know - or did know, but had just been too lazy to pick up and follow).

Where the blog author (if a single person) is also on twitter, I have listed their twitter ID as well as the blog URL.

Identity Networks: The blog of Ingrid Melve, Federation Manager for Feide - a FAM slant, and well worth reading (one of the blogs I really should have been following already)
Identity Woman: Although recent posts are taken up with the naming policies of Google+ (the spate of discussion over pseudonyms on the network being sparked off because Google would not allow an account in the name of Identity Woman), there is a lot of interesting material on this blog about user-centric identity.
Identity Happens: A great blog which is more technical than most of the others in this list. Not updated all that frequently.
Racingsnake: Robin Wilton's personal blog, focusing mainly on public policy relating to security and IAM. He also blogs at Gartner.
Ian Yip's Security and Identity Thought Stream: Good stuff here, too; interest in why technical security problems arise in the first place from Ian Yip.

I use Akregator to read most of the blogs I follow, and I have a fair number of Identity and Security blogs in there. A lot of security bloggers talk about identity - it has become massively important in IT security now that people have started to realise just how insecure most systems become if identity management is compromised.

eFoundations: Not all IAM, but always interesting blog from Pete Johnston and Andy Powell at Eduserv.
UK Access Management Focus (formerly JISC Access Management Team blog): Essential reading if you want to know what's happening in IAM in UK higher education. Maintained by Nicole Harris, a former LSE colleague of mine.
Kim Cameron's Identity Blog: thoughtful posting about identity (from, unsurprisingly, Kim Cameron), most recently (at the time of writing) about how disintermediation might affect identity.
Light Blue Touchpaper The blog of the security research group at Cambridge University: they often have something interesting, or even controversial to say (particularly if you believe in bank security). Posters here include Steven Murdoch.
Talking Identity, from Nishant Kaushik: He works for Identropy, so some content is cross posted from their corporate blog. Sensible and pretty authoritative stuff here (and, indeed, there).
Stephan's Ramblings: Another former colleague, who blogs about security generally.
Schneier on Security: Bruce Scheier, security guru (author of one of the best technical books on cryptography), describes himself as "head curmudgeon at the table". Fascinating comment, and a weekly squid-related post.
Naked Security, the Sophos blog on IT security, has timely posts on most current security stories. Perhaps less identity content than the ones above, but helps to keep up to date.

Not all essential reading comes in blog form, even in 2011, though these web sites also provide feeds.

The security tag at Slashdot Any Slashdot story tagged as "security" can be seen here, which includes just about any IAM related discussion on the place to go for computer geekery.
Security coverage at The Register Some may not like the jokey tone of "El Reg" (as it calls itself), but they cover a lot of interesting stories in an idiosyncratic way. The Identity stories have a subject feed here.
Electronic Frontier Foundation: Fighting for rights in the digital world, many of which have some connection to identity.

I follow some other relevant people on twitter:

Robert Garskamp, of IDentity.Next
Christopher Brown, of JISC - eResearch Programme Manager responsible for the Access & Identity Management programme
Rhys Smith, of Cardiff University and JANET, who worked on the Identity Project and the Identity Toolkit with me
John Chapman, also at JANET
RL "Bob" Morgan, University of Washington and Shibboleth (most people involved in Shibboleth seem not to tweet or blog)

I hope this list is useful - but I've probably missed some obvious and interesting blogs...