Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

Digital Identity

A range of papers, looking at how to make robust strategic decisions about digital identity and authentication technologies, especially in a "technology neutral" policy environment.

DHS "Cydentity" 2015, Rutgers University

Guest provocateur at the DHS Identity & Privacy planning workshop

Rationing Identity on the Internet of Things

I made this presentation to the 2015 Cloud Identity Summit, on the risks to privacy of 'over identifying' the data that increasingly gushes from all our smart devices.

Conveying the pedigree of identifiers using digital certificates

A short one page paper on how to "notarise" personal data in smartcards or similar personal chip devices.
There are ways of issuing personal data to a chip that prevent those data from being copied and claimed by anyone else.

The Authentication Family Tree

My presentation to the 2014 Cloud Identity Summit in Monterey California

Forget Identity!

I was selected in a call-for-papers to present my ecological theory of digital identity to the Australian Information Security Association 2013 annual conference. My talk was titled as a gentle provocation: "Forget identity!"

"The IdP is Dead! Hail the Relyingpartyrati"

I was honoured to be a speaker in the Iconoclasts stream on the final day of the Cloud Identity Summit in Napa (#cisNAPA), where I presented my ecological theory of identity.

Fractionating Identity

A presentation to the first MIT Legal Hackathon, in February 2013.

The Natural Limits to Federated Identity

An updated slide deck introducing the memetics of digital identity, and showing how business system ecology puts natural limits on Federated Identity.

An ecological theory of digital identity

Stephen presented a major new paper at the AusCERT 2011 security conference, on how identity evolves and why federated identity is easier said than done. This is a fresh and powerful explanation of the shortcomings of other contemporary identity theories. It provides an alternative way forward based on conserving the perfectly good identities we already have in the real world.

The False Allure of Federated Identity

A presentation to the Cyber Security Summit, Sydney, 2nd August 2012.

Identity Plurality

Orthodoxy in e-security holds that we must separate "authentication" of who someone is, from "authorisation" of what they can do. The distinction is actually arbitrary and unhelpful.

See also http://lockstep.com.au/blog/2011/01/22/forget-authentication.

A positive review of Identity Silos

It's not for nothing we call them "silos": they're strong, elegant, safe and under-appreciated!

Towards a uniform solution to identity theft

A high level comparison of all major two factor authentication solutions, with a close look at their vulnerability to phishing via the Man In The Middle attack.

A Practical Guide to Authentication for ICT Executives

Lockstep Consulting holds interactive workshops aimed at providing non-technology managers and executives with 'everything they need to know' about authentication, and equipping them to engage better with technologists.

Two factor authentication and second class citizens

An unfortunate side-effect of user-pays security could be the creation of two classes of Internet banking customer.

Making Sense of your Authentication Options

A sophisticated, business-focused framework for analysing authentication requirements. First published in the Quarterly Journal of the PricewaterhouseCoopers Cryptographic Centre of Excellence, October 2001. Reproduced with permission.

Current issues in the rollout of a National Authentication Framework

Early in the development of national authentication policy, and the struggle with PKI, this presentation to the 1998 Information Industry Outlook Conference provided an optimistic and innovative vision, involving communities of interest and digital credentials instead of a focus on personal identity.