Protocol gut check. That's how someone recently described some research I've got under way for a report we're calling the "TechRadar™ for Security Pros: Zero Trust Identity Standards," wherein we'll assess the business value-add of more than a dozen identity-related standards and open protocols. But it's also a great name for an episode of angst that recently hit the IAM blogging world, beginning with Eran Hammer's public declaration that OAuth 2.0 -- for which he served as a spec editor -- is "bad."
As you might imagine, our TechRadar examination will include OAuth; I take a lot of inquiries and briefings in which it figures prominently, and I've been bullish on it for a long time. In this post, I'd like to share some thoughts on this episode with respect to OAuth 2.0's value to security and risk pros. As always, if you have further thoughts, please share them with me in the comments or on Twitter.
Sedition is simmering in the halls of corporations the world over, as the thirst for productivity and new tools grows faster than IT organizations can quench it with supply. 2012 promises to be the most transformative year for end user computing since the release of the IBM PC in 1981. The escalation of 4 trends - each individually interesting but together explosive, will bring phase changes in the way Highly Empowered and Resourceful Operatives work, and offer previously captive employees new options for productive freedom by this time next year.
As in IT revolutions past, on the front lines are restless high-performers (executives, technology pros and creatives), whose nature drives them to push the limits of themselves, their tools, and their support networks, and bring their own technology to the office when their employers won't provide it. More employees will bring their own computer to the office than ever before in 2012 - most of them Macs - and if IT won't support them, they'll find another way that doesn't include IT.
Cloud-based applications and services such as Dropbox and Projectplace are convincing these folks that they can get better results faster, without IT involved. And these services are priced at a point where it's cheaper than a few skinny soy chai lattes (no whip!) every week, so many employees just pay the tab themselves.
Much of the discussion around integrating applications with the Internet has centered on mobile applications connected to web backends that deliver greater customer experiences than mobile apps or web sites could by themselves. But the real power of this concept comes when a full ecosystem can be delivered that leverages the true power and appropriateness of mobile, desktop and cloud-based compute power. And if you want to see this in action, just look to Autodesk. The company, we highlighted in this blog last year for its early experimentation with cloud-based rendering, has moved that work substantially forward and aims to change the way architects, engineers and designers get their jobs done and dramatically improve how they interact with clients.