MartinKuppinger
2p3 comments posted · 0 followers · following 0
13 years ago @ KuppingerCole - Martin Kuppinger: Loka... · 0 replies · +1 points
Nicht überschätzen sollte man den Implementierungsaufwand für Federation - das Thema lässt sich mit durchaus überschaubarem Aufwand umsetzen. Klar ist E-SSO einfacher zu implementieren, aber in seiner Reichweite auch begrenzt als interner Ansatz. Federation geht deutlich weiter. Deshalb sollte man immer auch hinterfragen, ob Federation als der strategisch wichtigste Ansatz nicht eine machbare Alternative ist, wenn man in andere der genannten Ansätze investieren will.
13 years ago @ Martin Kuppinger - Beyond LDAP - have a l... · 0 replies · +1 points
Thus it is not about whether an RFC is implemented correctly (I assume that M$ is a biased abbreviation for Microsoft). It is also not about LDAP being broken, but LDAP being limited. By the way: For sure I know not only Microsoft Active Directory but many other directory services.
Aliases are not sufficient. That is again very obvious to any practicioner, because it is an inefficient workaround. Thus there is the obvious need to rethink this issue.
I\'m pretty sure that I\'ve got some of the points (which were examples). And just because the new concept has been developed by someone from Microsoft it is not necessarily bad. The real bad thing, from my perspective, is being narrowminded.
15 years ago @ Martin Kuppinger - Privileged Account Man... · 0 replies · +1 points
I don't think that we can limit PAM to routers, firewalls and other devices with frequently very weak security concepts. For sure, an advanced support for federation as well as for authorization standards (which are still immature) will help. But PAM as well addresses the operating system level, databases and other types of systems. I personally expect that PAM will become more and more part of core IAM solutions (e.g. Provisioning) and will be integrated in these lifecycle management approaches. But specific features for PAM will be required as well in the future - and even when ancient concepts like "root" are replaced by better approaches perhaps sometimes in the future. The question isn't whether we will need PAM features or not - we will, even while some threats (firewall admins,...) might disappear. The question is whether there will be a separate PAM market segment or an integration into other solutions. I think that there will be both - standalone, sometimes specialized (UNIX/Linux only,...) solutions and integrated approaches.
Martin