Of Kantara Community Interest...
If you've been contributing or even tracking the development of User
Managed Access in the Kantara UMA Group then you already know the momentum
of UMA and the unique place that it holds for usability of OAuth 2, OpenID
Connect and beyond.
Recent developments have been swelling around the fostering of a web server
plug in approach to drive adoption, use case realization, and more. I
won't go on to much further because our friends at Gluu have done a great
job summarizing the current opportunities. Even better - they've kicked
off a crowd funding campaign to support the ability to put concrete action
in motion!
Learn about how you can join the effort from the details and link below.
Finally if you have a Kantara Initiative touching effort you'd like us to
consider socializing via our channels please don't hesitate to reach to
me. We're love to support the efforts of our members and community!
----- From: http://www.gluu.co/.grrn -----
It would be so awesome if we (meaning the citizens of the Internet) had
plugins for popular web servers to make it easier to use OAuth2 to
authenticate a person, and to authorize them to access certain URLs.
The web server plugin is a tried and true approach to protecting web
resources (both files and APIs...) without requiring a Web programmer to
know much about complex authentication and authorization protocols.
Shibboleth, the most widely adopted open source SAML platform, uses this
approach for its Shibboleth SP software.
According to the Netcraft survey in April 2013, Apache HTTPD had 54% of the
web server market, approximately 341M servers. Take out Google’s 23M
servers, and the number is even higher. Its a good place to start.
To date, open source web server plugins have delivered on authentication,
not authorization. Large companies can afford to buy expensive software for
authorization from companies like CA, Oracle and IBM. These monolithic
enterprise software vendors write web server plugins that used proprietary
protocols to register and communicate with a central policy server.
However, because of their price, most web developers just do without
central authorization.
Thanks to the hard work of the UMA community, a profile of OAuth2 has been
defined to accomplish authorization. OX has implemented this standard,
enabling organizations to define their access policies using Java, Python,
or web services. Gluu has agreed to implement an open source java client
(“OXD”) that can be deployed locally on the web server to handle the OAuth2
messaging. The only piece that is missing is the plugin to the web server.
This project will actually deliver two OAuth2 plugins for Apache HTTPD
server: (1) a plugin for OpenID Connect to handle the OAuth2
authentication (2) a plugin for for UMA, to handle the OAuth2
authorization. The design for the UMA plugin is documented on the OX
Project wiki: http://www.gluu.co/.glcw
Gluu has identified a resource to work on the project. In his cover letter,
he wrote :
“I have been working on writing apache modules for a reverse proxy product
to provide single sign functionality. I've worked on projects to develop 10
custom modules to address the business needs of our product. I even have
working knowledge on open source apache modules such as mod_proxy,
mod_proxy_http, mod_cache, mod_disk_cache etc and having thorough
understanding on apr library , pools.."
This is a new funding model for us. We’re hoping that companies and
integrators who want to see more options for open source authentication and
authorization will support the effort. The intent is to donate the code
produced by this effort to a non-profit, such as the Kantara Foundation,
who could help develop a self-sustaining business model to fund future
upgrade and fixes for the Apache plugin, and to create plugins for other
web servers like IIS, nginx, or even popular CMS / CRM platforms such as
WordPress and SugarCRM. In this way, this project could kickstart a new
development ecosystem which will ultimately make the Internet a safer place
for everyone.
Dear Community,
The enclosed opportunity that may be of interest.
Best Regards,
Joni Brennan
Kantara Initiative | Executive Director
Building Trusted Identity Ecosystems - It takes a village!
Slides: http://bit.ly/ki-june-2013
---------- Forwarded message ----------
Date: Wed, Jul 24, 2013 at 5:28 AM
Subject: [WG-eGov] ICAM Job Opportunities at SSA
*Kantara Initiative Members**, please share with your smart contacts
interested in serving their fellow citizens: *
The Social Security Administration, located in Baltimore, is looking to
fill a few information security positions fairly soon. We have direct-hire
authority; please send your resume to SSA (i.e., these jobs are not posted
on USAJOBS).
We are looking to hire at the GS-9, GS-11, GS-12 or GS-13 levels depending
on experience and education; in particular, SSA is looking for the
following skills sets for various vacancies:
*Positions in Identity, Credential, and Access Management (ICAM):*
- Individuals with experience in automating ICAM processes.
- Workflows in Identity Management platforms
- JAVA developers with experience developing secure applications
- NET developers with experience developing secure applications
- Individuals that have taken paper-based information security processes
and converted to electronic applications.
*Positions in Policy and in Technical Operations:*
- Individuals with strong analytical skills to work in a team
environment while assisting agency stakeholders with the identification and
mitigation of information security weaknesses.
- Individuals with strong technical writing skills to work in a team
environment on developing information security awareness training materials
and procedures with an agency-wide focus.
- Individuals with experience researching and developing new or improved
information security policies and procedures.
- Individuals with experience conveying information security policies
and procedures clearly and concisely in written and verbal format.
- Individuals with experience in developing information security
procedures and systems for establishing and assessing the effectiveness of
administrative controls designed to prevent waste, loss or unauthorized
use.
*Positions in fraud prevention:*
- Individuals with experience in examining fraud in the public or
private sector.
- Individuals with experience conducting fraud detection activities such
as following data trails and reviewing digital evidence.
- Individuals with experience conducting computer forensics analysis in
support of fraud examination
- Individuals with experience effectively communicating forensics and
fraud findings in a written and verbal manner.
For those at the entry level, we have a career ladder position, which comes
with 2-years of in-house training to help new cyber security professionals
get on-the-job training & mentoring as they "break into" the field as a
career. I’ve attached some background information about SSA and our
office. If interested, please have candidates send their application to
Marci Elkin, (Office of Information Security) at
*marci.elkin(a)ssa.gov*<marci.elkin(a)ssa.gov?subject=ICAM%20Job%20Opportunities>for
immediate consideration.
Sincerely,
Jack Leipold
-- Director, Division of Identity, Credential, and Access Management
_______________________________________________
WG-eGov mailing list
WG-eGov(a)kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-egov
In an effort to provide reliable Kantara Initiative web based
services our servers will be upgraded on July 25 and 26, 2013.
During the maintenance the websites will be temporarily offline.
Please let me know if you have any questions regarding the
upgrade/maintenance.
Thanks,
Oliver
--
*Oliver Maerz*
External Consultant
*Kantara Initiative*
+1 (503) 468-4188
oliver (at) kantarainitiative.orghttp://www.kantarainitiative.org
The information contained in this electronic message and any attachments to
this message are intended for the exclusive use of the addressee(s) and may
contain confidential or privileged information. No representation is made
on its accuracy or completeness of the information contained in this
electronic message. Certain assumptions may have been made in the
preparation of this material as at this date, and are subject to change
without notice. If you are not the intended recipient, you are hereby
notified that any dissemination, distribution or copying of this e-mail and
any attachment(s) is strictly prohibited. Please reply to Oliver Maerz and
destroy all copies of this message and any attachments from your system.
