Lockstep

Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

Library

Digital Identity

A range of papers, looking at how to make robust strategic decisions about digital identity and authentication technologies, especially in a "technology neutral" policy environment.

An ecological theory of digital identity

Stephen presented a major new paper at the AusCERT 2011 security conference, on how identity evolves and why federated identity is easier said than done. This is a fresh and powerful explanation of the shortcomings of other contemporary identity theories. It provides an alternative way forward based on conserving the perfectly good identities we already have in the real world.

Identity Plurality

Orthodoxy in e-security holds that we must separate "authentication" of who someone is, from "authorisation" of what they can do. The distinction is actually arbitrary and unhelpful.

See also http://lockstep.com.au/blog/2011/01/22/forget-authentication.

A positive review of Identity Silos

It's not for nothing we call them "silos": they're strong, elegant, safe and under-appreciated!

Towards a uniform solution to identity theft

A high level comparison of all major two factor authentication solutions, with a close look at their vulnerability to phishing via the Man In The Middle attack.

A Practical Guide to Authentication for ICT Executives

Lockstep Consulting holds interactive workshops aimed at providing non-technology managers and executives with 'everything they need to know' about authentication, and equipping them to engage better with technologists.

Two factor authentication and second class citizens

An unfortunate side-effect of user-pays security could be the creation of two classes of Internet banking customer.

Making Sense of your Authentication Options

A sophisticated, business-focused framework for analysing authentication requirements. First published in the Quarterly Journal of the PricewaterhouseCoopers Cryptographic Centre of Excellence, October 2001. Reproduced with permission.

Current issues in the rollout of a National Authentication Framework

Early in the development of national authentication policy, and the struggle with PKI, this presentation to the 1998 Information Industry Outlook Conference provided an optimistic and innovative vision, involving communities of interest and digital credentials instead of a focus on personal identity.