ID I aM

Living through the transition period is quite extradionary. We all kinda know and anticipate the outcome but not in a position to do anything about it. Like watching your train leaving the station and taking you for a ride. Matrix showed us the final result with humans being used to power machines. We all in one or the other way using our own energies to breathe the life in cold metal - building networks, programming and maintaining computers. They getting smarter and smarter and we are all excited about the possibilities of artificial intelligence. But the train will arrive to the next station and it will be our turn to get off. The train will be smart enough to move on its own without us. The train will be smart enough to look for sources of alternative energy if we try to stop it. Jethro Tull - Locomotive Breath https://www.youtube.com/watch?v=i19d1QnstsA&list=PLvy5jih231dYToxVkCz4xN2SX6zqVkeYT&index=17

Finally I understand. Or it seems that I do. There is no Attainment. My whole approach to life around me was and is wrong. The energies around me is not be controlled, they are to be adapted to and allowed to freely pass without interferring. John Lennon sang about it in his 'Fool on the Hill'. But his main theme was somewhat passive and reflective - 'See the world going round'. The true mastery is when you are riding the never ending 'merry-go-round' of life energies like a surfer - using high waves to propel you forward to the shore of your goals and destiny.  Inevitably will be the times when I will fall and will have to climb back on my board and attempt to catch the next wave.  Will be the times when I will be scared by the magnitude of the wave coming towards me and possibly the sharks swimming nearby.  I will see other people drowning and not reaching the shore and shouting to me: 'Its hopeless we will all drown'. Will be times

Yes not misspelled and my title is right: Artificial I . Lets us zoom for a second on 'why' and 'what' and then we can have a look at 'when'. Why ? Look at yourself in the mirror for 1 min. until you have your image in your memory. (Warning: to some the experience may be to much to take. I am not joking or alluding to anything here. Simply stating the fact that this process is deeply personal and may evoke number of complex emotions. Some of them may be not as pleasant as you would expect it.) Then sit yourself somewhere comfortably and close your eyes. Concentrate and try to bring your image back. You may succeed or you may not. It all depends on your brain ability to recall the images quickly and reliably over time as well as strange desire and ability to forget certain images. Now you probably slowly starting to realize by yourself is 'why' :) We need some sort of third party involvement here to help us along way as we have our limitations

I have been playing with F5 LTM APM since 2012 and noticed that it is getting popular and more prominent. The easy interface and configuration makes a tool of professional choice. I have advising many network teams on how to configure and properly use F5 with different vendors IAM. It is even more important as F5 has Virtual Edition meaning you can design your private cloud IAM and enjoy F5 SSO to your protected apps. The trick is to make sure you have license for the Application Policy Manager - APM. As you can see from the screenshot above once APM is licensed it is just one pull-down from the menu. You can configure F5 to be your SAML IDP or SP the choice is limited to your imagination. In the next posts I will walk through typical SAML SSO setup with Oracle Access Manager Stay tuned :)

Starting to feel a sense of frustration. No it doesn't effect me personally. I am still the same 'white hat' as always. I went through the series of interviews for different positions recently. It was an absolute waste of time. What caught my attention is a level of arrogance and mindless stupidity coming from the people who should be paying attention. Each interview was along same well travelled paths: Can you install software? Can you connect it to the ERP (or whatever they connecting it to) ? etc. So they all concentrate on the Functional requirements. Most forget the security of your software falls into the Non-Functional requirements. No one had a slightest idea that before you implement Functional requirements you need to make sure that your 'Security Software' being it Sailpoint, Oracle or Forgerock or whatever: is in itself secured. The buzz word 'security software' doesn't make it to be secure on its own. Someone has to do it. Otherwis

Was talking to my friend 'White Hat' He is still hopefull and optimistic. Alone as everyone left to the BlackHat he still picking at his bugs and whatever he can find there. Will he be able to deliver on the promise and save us from Darth forces? I hope he will.

I find it extremely interesting that Linus Torvalds Linkedin profile doesn't have any 'Recommendations: Received (0) Given (1) Linus hasn’t received any recommendations yet.' You may say he doesn't need it. Everyone knows he invented Linux. Well almost everyone :) But it also shows and reflects the world we are living. You barely hear his name and he is not in the news. I know people with 10, 100 recommendations. It is all about building and maintaing your connections. So the old saying goes: "Its not what you know, its who you know" It works amazingly well even nowadays in the age of knowledge. I think of the Linus legacy and I think of: Security and stability Extensibility and simplicity I think of Bill Gates legacy and I think of: Unsecure and untrustworthy Proprietory and complex One is humble and down to earth creator The other is shrewd and cunning businessman One is doing OK The other is billionaire You can now run Linux on Windo

Cloud Wars are upon us. We had no choice and no one really asked us whether we want them. They came to bind us all. Those who live with their heads in the clouds and feet on the ground will survive. Those who don't won't. It is irrelevant what you think or do. Very few people are really think and know what is really going. The Developer as it was and is now will disappear. You can develop whatever you want and eventually it will be offered as a Service by them. You too small and no one can see you. They will swallow everything and everyone. The idea is very neat and smart. If you hold the 'Shift' key and type number 4 it will give you an answer - $. Yes it is 4 big Cloud providers out there: Microsoft, Oracle, Amazon and Google (MOAG) Everything will run in the Cloud (MOAG). Even if you crazy talented and develop something outstanding and use MOAG to run your next big thing eventually they will swallow you. Think Netflix on Amazon. Netflix was a king un

There are around 8 billion people on this planet. Do the Math its quite simple. As far as an outside world is concerned you don't exist. You can't prove you exist. No one who is outside of your immediate family knows you exist. No one really cares if you exist or what you do unless it directly or indrectly affects them. Creating profile on Linkedin or Facebook doesn't prove you exist. Shouting from the top of your lungs doesn't prove you exist. What then? Help somebody, love, raise the children (yours or somebody else's), listen to the music and dedicate yourself to the cause bigger than your own ego. Then when you die you will know that you have existed :) There are around 8 billion people on this planet. Do the Math its quite simple. As far as an outside world is concerned you don't exist. ........................ ......... ... .

Have been using Soundcloud for some time and love it simple interface and ability to quickly share music. Recently learned that SoundCloud closing some of their offices. Times are tough but hopefully they continue to offer free music sharing platform Check out my 'Madrid at Night' recording https://soundcloud.com/anatoly-smolyansky-37777993/madrid-at-night

While undergoing few interviews in the past few months I realised why we get so many breaches and issues in the industry. With so many qualified security professionals the obvious question to ask is: "How is it possible with so many CISSP's, CISM's, CISA's etc. that almost every week we hear about new breach, new security issue and so on?" Not trying to diminish the value of the certifications just pointing out on something that no certification will teach - imagination and thinking outside of the box. During the interview with one well-known company SVP of security have asked me: "So when would you use SAML instead of Oauth?" I answered to the best of my ability and in the end pointed out that SAML is somewhat heavier with all SOAP message exchanges etc. and somewhat old protocol. The question itself didn't make sense as SAML is used with Oauth in some cases :) They can complement each other. Then I asked question of my own: "Is there

Building up on my previous blog post. Typical scenario: Validate Payment service                                                                                                    High Level Design Ingridients for the Design soup: 1. Docker 2. Oracle Application Gateway - OAG 3. Oracle Service Bus - OSB I won't delve into Docker as it is pretty straightforward to install and configure. Pick your distribution: CentOS, OEL etc. OAG is the topic of the next blog post :) OSB is running in the Docker containers - HA, DR OSB service configuration is pretty straighforward as well and fairly typical: 1. Create Business Servic e pointing to the real ValidatePayment Composite app running on SOA infrastructure cluster. 2. Create Pipeline 3. Create Proxy Service Now Service Bus is acting as a router and simple transformer here. SOA composite (BPEL/ Mediator) is acting as an orchestrator and enricher.                                                            

Many times in my classes and projects people mix between Mediator and OSB Now picture above tells a story :) Mediator only works within Composite App OSB enterprise wide integrations, SLA's etc. Mediator and OSB do have overlapping functionality and the final differentiation: 1. OSB only used for non-functional requirements and its job is to Virtualize and route. 2. BPEL on the hand used for Orchestration between different services. Last picture will tell a better story :)

This blog not just technical and there many sides to me. I am human being and not a robot. My mum had tested me :) Undoubtedly will be the times of despair and darkness. There will be times when I will be standing alone and in the darkness. But the Light only comes out of the Darkness :) and there is no need to be afraid of it. I need to remember this in the darkest moments..... and Believe.

Went to see the movie - "Churchill'. Every manager, anyone managing people should watch it. I have enormous respect for the Man. Statesman, painter and wonderful human being. How he cared for his people? Amazing! Two hours of suspense and wonderful performance by Brian Cox and the cast. Unforgettable...

"Another challenge is that identity data is typically decentralized . The Department of Motor Vehicles issues drivers licenses, for example, while the Department of Homeland Security issues passports, banks track financial histories, and so on. Most of these organizations have isolated and centralized identity management systems, but the current landscape demands federation and single sign-on (SSO). This makes identity management, protection and verification very cumbersome, costly and risky for all industry enterprises and government agencies." Jai Singh Arun - Security and Blockchain Innovations Program Director, IBM Identity architectural landscape is changing and personally I can only think of this very simple analogy between identities and blockchain. Identities to the blockchain are what the bees are to the honey. . This is as simple as even your grandma would understand :) Bees (identities) all day collect honey somewhere in the fields. Coming back to thei

"Creme tangerine and montelimar A ginger sling with a pineapple heart A coffee dessert, yes you know it's good news But you'll have to have them all pulled out After the Savoy truffle" George Harrison George bless his soul was right when he was singing about Truffle. Indeed need to be tried to believe. The topic of this blog entry is more technical and it is about 'Truffle' http://truffleframework.com (source code https://github.com/trufflesuite/truffle) Truffle is development framework and it is to Ethereum as JUnit to Java. So what are you waiting for :) Head down to http://truffleframework.com/docs/ or http://truffleframework.com/#tutorials Put the 'Savoy Truffle' on Youtube and start 'truffle'ing' Creme tangerine and montelimar :)

"Many of the technical choices we’re about to make will be strikingly political.   Who has access to what data?  Where is the line between human choice and machine intelligence? Why is one computer architecture better than another? These decisions—and the people who make them —will determine power’s new aspects ." "The Seventh Sense: Power, Fortune, and Survival in the Age of Networks" I was mesmerised when I read this. Started to frantically search the author name - Joshua Cooper Ramo.  No he is not an IDAM Architect. The book is not even about IDAM.  But it cuts to the core of what I do for my living and many many others as well. What a powerful thought:   Identity will be at the heart of power structures of the future. Hold it for a moment .    What about me? What about my identity? Those are all valid questions to ask in this context. Unwind to Sep 19 2016 when my friend Steve jokingly asked me: "where is your blog? where is your thought l