I grew up in rural Idaho in a home without television.  But forty years ago today, our family stopped by a neighbor’s home on the way home from evening church service to watch television coverage of the the moon landing.  What a wonderful experience! I had grown up through the age of Sputnik, Vanguard, Mercury, Gemini and Apollo.  The first time I can remember being punished for doing something wrong was when I stole paper from my first grade classroom to draw pictures of rockets!  To witness the first manned space flight to the moon was fantastic.

So today, as we celebrate the 40th anniversary of this event, I tip my hat again to all those who made it possible – from President Kennedy who challenged the nation to accomplish this incredible feat – to the engineers who used slide rules, not hand held calculators, to design the equipment  – to the brave astronauts who had the privilege to make the journey.  Bravo all!

Technorati Tags: moon, nasa, flag, space

• We Choose the Moon: Command Service Module Ignites
  Really cool site about the Apollo 11 moon shot
  (tags: moon apollo Space NASA)

• Tokenization to Secure Sensitive Data
  (tags: security informationsecurity tokenization)

In her Network World column earlier this week, Linda Musthaler described a fairly new technology called "tokenization" that is gaining interest from organizations that have much to lose from data breaches, such as credit card merchants and financial institutions.  She uses the example of payment card data to describe how the tokenization process works:

"A merchant has a point of sale system where customers swipe their credit or debit cards to initiate a payment transaction. Among the information from the magnetic stripe on the back of the card is a 16 digit number called the primary account number (PAN). Any thief who can gain access to the PAN has enough information to use the card data fraudulently. The PAN (i.e., the cardholder data) is sent to a token server where it is encrypted and placed into a secure data vault. A token is generated to replace the PAN data in the merchant’s storage systems or business applications. If the merchant needs access to the original cardholder data again — say to issue a refund on the credit card — the merchant is authorized to reach into the secure data vault to look up the PAN again."

What benefit does this provide to companies?

"First and foremost, it takes highly sensitive data out of the business processes that would use customer data. This reduces the likelihood that the real data can be stolen off of servers or from applications. If a thief steals tokenized data, he can’t use it to retrieve the real data, since he isn’t authorized to access the secure data vault. Instead, he ends up with a bunch of random numbers that don’t mean anything to him."

Linda also refers to a post on CreditCards.com by Jay Mcdonald, who explores the potential for tokenization to increase credit card security.  Quoting Randy Carr, vice president of marketing for Shift4, developer of a commercial tokenization technology, Jay writes:

"Carr believes the game-changer in the equation is today’s hacker. ‘These aren’t college students doing it anymore; they’re ex-Soviet operatives, and they’re serious guys. They’re not there to get 20 card numbers; they’re there to get 100 million card numbers,’ he says.

"Their purpose, Carr says, is not to purchase golf clubs, but to fund terrorism, which may explain why the FBI and other intelligence agencies have been inviting Carr and his counterparts for tea."

It will be interesting to see how this technology is deployed or adapted in the next few years.  Perhaps the recent hacking of government computer systems will accellerate federal government interest.

Technorati Tags: security, informationsecurity, tokenization

• OpenSSO Enterprise: Fedlet for .NET
  (tags: OpenSSO Fedlet Sun Microsystems Identity IdentityManagement DigitalIdentity)

Recently, I have been working on a white paper addressing best practices for using Identity and Access Management software in meeting regulatory compliance requirements.  Sunday morning, I gained a new perspective on best practices for compliance from the Dilbert comic strip.

Perhaps I should publish my white paper in comic strip format!

Technorati Tags: Identity, IdentityManagement, DigitalIdentity, Dilbert, Compliance

My wife looked up incredulously from her desk as the music started. "That is a bit out of character for you, isn’t it?" she asked.

Well, it was just the soundtrack to the latest outlandish creation of Sun’s product manager extraordinaire, the "Smoking Monkey" himself, Daniel Raskin. A clever video to introduce the newly released "Fedlet for .NET."

You can access the new Fedlet by downloading OpenSSO Enterprise Update 1.

Then, in words of those famous founts of curmudgeonly wisdom, Statler and Waldorf, "Play it again!"

Technorati Tags: OpenSSO, Fedlet, Sun Microsystems, Identity, IdentityManagement, DigitalIdentity

• CableJive: I finally found a short iPod/iPhone cable!
  Unique cables and related accessories for iPod/iPhone
  (tags: ipod iphone cable dock)

• Darn Good Deals: Coupons Discounts Deals Savings Phoenix East West Valley Arizona
  * We comparison shop
  * We check the Better Business Bureau
  * We visit each business, just to be sure
  * We only bring the best to you
  (tags: shop discount mesa arizona)

• OpenID.org – a blog focused on the subject of OpenID by Steven Livingstone
  blog: Steven Livingstone, Glasgow, Scotland – focused on OpenID
  (tags: openid whodentity blog)