Authentication as a Service

In partnership with Swivel Secure, the owners of PINsafe, a multifactor authentication solution inTHiNK has successfully delivered a solution to hosting PINsafe in the cloud opening the way to delivering bank grade authentication as a service at a price affordable to all.

inTHiNK has developed a fully standards based Security Token Service that sits in front of PINsafe allowing the service to engage in the exchange of SAML-based claims leveraging the core value of PINsafe’s guaranteed one-time code algorithm.

As shown in the diagram here, a trust relationship is created between a relying application, here it is an Azure hosted .NET web application, but it could exist anywhere, and the PINsafe Federation Service (the Security Token Service). On entering the application, the client is redirected to PINsafeFS where they are challenged to submit a valid username and pin  through this services relationship with PINsafe itself.The client submits a user name and one time pin code and on successful validation are redirected back to the relying application with a valid SAML ticket that can be used by the relying application.

To try it out, just visit http://pinsafe.cloudapp.net and see for yourself.

Once you hit this site you will be redirected to PINsafeFS and asked for a username and pin.

• Type in the user name test and tab to the password.
• A unique TURing string will now appear.
• Type in the characters that appear at position 1,2,3 and 4 of this string into the password field.
• Submit and you will be validated by PINsafe
• Once validated, a set of claims about the user will be wrapped in a SAML token and passed back to the relying application.
• Back on the relying application, this SAML token is unpacked and the claims are accessed which include the user name.

Simple!

PINsafeFS is now in beta and available to clients to work with. The next phase will see the delivery of a full featured self-service portal to allow relying applications to manage their identities and the claims they wish to store and use for their users.

PINsafeFS is full standards based and non-invasive using WS-* protocols and SAML tokens.

Now

Advertisement

Welcome Gar Mac Criosta to the inTHiNKers!

It’s a delight to have Gar Mac Criosta join the band of inTHiNKers bringing a great set of experiences on IT Architecture.

Gar has worked in Ireland, UK and Australia for policing, financial services, insurance,  public sector bodies and systems integrators including An Garda Síochána, Cap Gemini, An Post, Anglo Irish Bank, Compaq, GE and others.

Gar became one of the first IASA Certified IT Architects (CITA-P) certifying in May 2010. In addition, Gar is current president of IASA Ireland the professional association for IT Architects.  Gar is a member of the IASA Europe leadership team and a member of the IASA Board of Education Certification Committee which is currently working to deliver IASA Certification programs globally.

Gar is actively involved in the technology community and has a real ‘grá’ for technology. Gar is currently pondering touch based & device based applications will change our work world.

For more on Gar and the rest of the inTHiNKers click here!

Welcome to Jon Collins as a new inTHiNKer!

It’s with great delight to announce that Jon Collins has agreed to become the latest inTHiNKer to join the gang!

Jon Collins

---

Jon is a seasoned consultant, writer, speaker and commentator, having worked in and around information technology for 23 years. He started his career as a programmer, moving into systems administration and IT management before working as a consultant in software design and a network management for clients in many different sectors. For the past 11 years Jon has been working as an IT industry analyst for firms including Bloor Research, IDC and Freeform Dynamics, working in areas such as IT security, information management and cloud computing. Jon was named “European Analyst of the Year” in 2009 by the Institute of Industry Analyst Relations. Today, Jon continues to investigate the social and business impacts of digital technologies as part of his more general research into where IT is heading..

For more on Jon and the rest of the inTHiNKers then look here.

Announcing Entabula …

Collaboration between inTHiNK and three outstanding independent solutions architects from the UK and Ireland has resulted in the launch of Entabula, an agile, structured approach to maximising the business value of IT investments.

Entabula builds on the strengths of existing Corporate Architecture and Service Modelling techniques to deliver new levels of insight into how IT can better serve businesses.

At the heart of Entabula is a capability-focused method for enterprise value mapping.  Capabilities rigorously separate what a business does from how it does it, which provides a durable canvas on which to shape business, systems and IT strategies away from the compromises, noise and inefficiencies of the current implementation mix of processes and platforms.

In too many organisations, the relationship between business and IT objectives has become strained and even broken.  inTHiNK and its partners, Structia and blueye are committed to developing effective tools and techniques to harmonise relations between business and IT at all levels of engagement.  The first targets are the elimination of structural waste and the development of powerful and relevant service-oriented architectures.

More information about Entabula will appear over the next few days, including the launch of a new website dedicated to the Entabula method.

Arvindra Sehmi becomes the latest inTHiNKer!

It is a genuine honour to be able to announce that Arvindra Sehmi is the latest to join a great line up of inTHiNKers! Arvindra is actively engaged with a number of inTHiNKers in developing a Capability Value Mapping practice and methodology leveraging his experiences in business intelligence with Onalytica and with the Business Model Canvas and Service Oriented Modelling while at Microsoft.

For more on Vin and the rest of the inTHiNKers click here!

inTHiNK become a Microsoft BizSpark Partner

inTHiNK is delighted to become the latest Microsoft BizSpark Partner to help support the development of a new social cloud service codenamed “horizon”.

We’re delighted at this news as it will allow us access to the full range of Microsoft technologies and cloud services to ensure that “horizon” is a first class resilient cloud service from day 1!

Welcome new inTHiNKERS

It’s with great delight to announce the arrival of two new inTHiNKers to the inTHiNK Associate network.

Bola Rotibi brings over 18 years IT experience and is a world renowned and respected Industry Analyst in ALM space.

Bola joins the inTHiNK network to help define and deliver first class advisory services right across the Application Lifecycle which we are seeking to launch early in 2011.

 

Richard Godfrey brings over 20 years experience is software development, having built some of the most powerful .NET and Windows Azure based solutions in recent times. He is a well known and respected Software Architect heralding from many years at Microsoft and Deloitte.

Richard joins the inTHiNK network to bolster our ability to deliver architectural services and solutions designs as well as taking these forward into implementation and delivery.

For more on Bola, Richard and the rest of the inTHiNKers click here.

Software Security: have we nailed it?

Software security has and continues to be a top line issue for most organisations, yet software and IT teams still continue to produce and deploy insecure code and applications with serious consequences for the brand, reputation and, of course finances of their customers and their own organisation.

Creative Intellect in association with the IASA have recently launched a survey that seeks to understand the security challenges across the development cycle and look to see if it is handled better by large or small projects, organisations and if there is a difference across industries.

I thoroughly recommend you taking part in the survey. All respondents will get a free copy of the full report and will be entered into a draw to win a free half day consulting session with Creative Intellect Consulting Ltd in the field of software delivery and application lifecycle management.

The survey link is: http://www.surveymonkey.com/s/SecuritySurvey-CIC