It's been a while...
So I could offer up a dozen excuses about why it's been a while since I've blogged anything, but I won't.
I have been reading a lot however and I have become quite intrigued with a Federal Initiative, actually it's a Presidential Directive, HSPD 12. The reason I have become intrigued is that it seeks to encourage validation of identity through biometric means (think biometric authentication) for physical access control, yet there is no mention of what you do on a network. Why?
I don't know when the public and private sector will realize that the online world and the physical world are converging, much like privacy, security, and identity management. So if we as an industry are going to make identity truly ubiquitous and adoptable then we need to think:
BIOMETRICS + NETWORK LAYER IDENTITY = TRUER IDENTITY
I mean isn't that what most organizations want - to know who the people are who interact with them as the first step (authentication), and then be able to permit or deny access to the parts of the organizations assets be they data or a building (Identity audit/manage).
I'll have to flush this out more, as it's late, but we need to realize that the technology exists to blend network and physical access control together TODAY, and that we ought to use it.
I have been reading a lot however and I have become quite intrigued with a Federal Initiative, actually it's a Presidential Directive, HSPD 12. The reason I have become intrigued is that it seeks to encourage validation of identity through biometric means (think biometric authentication) for physical access control, yet there is no mention of what you do on a network. Why?
I don't know when the public and private sector will realize that the online world and the physical world are converging, much like privacy, security, and identity management. So if we as an industry are going to make identity truly ubiquitous and adoptable then we need to think:
BIOMETRICS + NETWORK LAYER IDENTITY = TRUER IDENTITY
I mean isn't that what most organizations want - to know who the people are who interact with them as the first step (authentication), and then be able to permit or deny access to the parts of the organizations assets be they data or a building (Identity audit/manage).
I'll have to flush this out more, as it's late, but we need to realize that the technology exists to blend network and physical access control together TODAY, and that we ought to use it.