Some M2M devices will always connect to the internet using a fixed network connection / Wifi and others will always connect using a mobile network connection using an eUICC but there will be some that will offer both wifi and mobile network. It is these devices that will need to support wifi offloading where possible. … Continue reading Remote Control Soufflés: Challenge of M2M Authentication & Authorisation and Mobile data offloading
Category: Identity Management
Open ID Connect and GSMA Mobile Connect
OpenID Connect (final specs launched Feb 2014) is an interoperable authentication protocol based on the OAuth 2.0 family of specifications. It uses straightforward REST/JSON message flows with a design goal of “making simple things simple and complicated things possible”. OpenID Connect lets developers authenticate their users across websites and apps without having to own and manage… Continue reading Open ID Connect and GSMA Mobile Connect
PAYM and Donor Led Mobile Number Porting Use Case
The PAYM mobile payment service enables UK bank customers to transfer money to an individual using their mobile phone number (MSISDN) as the identifier. Currently nine banks and building societies have adopted the PAYM service and customers of these providers can now register to use the service. The PAYM architecture is based on a centralised database of receiver's MSISDNs.… Continue reading PAYM and Donor Led Mobile Number Porting Use Case
The Future of Identity Management According to CoTS Vendors Part 1
Most identity management software vendors will rationalise their service enablement capability as so: Identity and access management has traditionally focused on managing user accounts in the form of directory service entries - the traditional IAM/IdM view it has seldom involved managing identities, let alone multiple types. They might digress slightly here on the history of Master Data… Continue reading The Future of Identity Management According to CoTS Vendors Part 1
Embedded SIM SM-DP & SM-SR
The GSMA has united the mobile operators and SIM suppliers behind a single Embedded SIM specification to avoid costly, fragmented & incompatible technical solutions and help accelerate the M2M market. In order to support M2M use cases with no human intervention and to facilitate the secure over the air installation of mobile operator credentials into a SIM,… Continue reading Embedded SIM SM-DP & SM-SR
5 Key Architectural Considerations on Implementing Identity and Access Management for M2M
Identity and access management have traditionally been used to manage the identity and credentials assigned to human users. Machine to machine devices such as Smart Metering GPRS enabled electricity meters or SIM cards in cars require their own identity and access management capabilities. These include new M2M authentication schemes because traditional authentication schemes always assume the presence of a person.… Continue reading 5 Key Architectural Considerations on Implementing Identity and Access Management for M2M
Salesforce Identity Connect to Other Directory Services
Identity Connect is a charged extension to Salesforce Identity that enables an organisation to use their existing directory services. It specifically allows integration to Active Directory and enables the upload of user data from Active Directory to one or more Salesforce organisations, and automatically to synchronise this data when user entries are added, changed, or removed. In… Continue reading Salesforce Identity Connect to Other Directory Services
Cross Domain Identity Patterns: Mapped Federation
With Mapped Federation users need to exist in both the identity provider and the service provider. As per transient federation a metadata exchange contract is defined between the identity provider and the service provider. With Mapped Federation further attributes for uniquely identifying the user are required. This may be the UID (e.g. email address) that… Continue reading Cross Domain Identity Patterns: Mapped Federation
Cross Domain Identity Patterns: Chained Federation & Service Broker
Chained Federation allows access to multiple Service Providers to be granted to multiple trusted Identity Providers. The identity provider request access to the service provider via the Service Broker which authorises the request and forwards to the appropriate service provider based on the TargetURL. This is useful where an enterprise is providing multiple services to… Continue reading Cross Domain Identity Patterns: Chained Federation & Service Broker
Cross Domain Identity Patterns: Transient Federation
A transient federation agreement is a pre-negotiated (trusted metadata exchange) set of contracts (normally bilateral) which enable trusted pairs to recognise each other's identities. The contract may specify user roles, governance, security and verification policies, or specific technical methods. The implementation may utilise a Trust Broker (possibly a 3rd party credential authority) for validating the… Continue reading Cross Domain Identity Patterns: Transient Federation
API Crazy 