HI + IM = Nulli

Nulli experts share their Human Information + Identity Management knowledge

Nulli Sponsors Inaugural SecRETs 2016 Conference

Nulli is a strong supporter of academia and industry sharing experience, research and development to extend knowledge of existing technologies and to develop innovative ideas in the realm of security and identity management. Nulli sponsored the first Security Researchers and industry Experts Talks known as SecRETs, which was held at University of Calgary on Oct 19, 2016 to encourage further collaboration between industry and academia.


Nulli Identity Series: User Managed Access - A Primer

Nulli with its global partner, ForgeRock held a well-attended industry event on Digital Identity and Privacy in Edmonton on Oct. 4.

People First, Community Always

Nulli is pleased to announce that we have renewed our three year community engagement partnership with Aspen Family Services.

NulliBrew 450 Post ForgeRock UnSummit

Three guys, a tank full of gas and a custom kegerator we made for the ForgeRock Technical UnSummit.  Here is a brief synopsis of our trip to California to show off the newly completed NulliBrew 450 on which we had been working.

Nulli at the Cloud Identity Summit

The world of Identity-in-the-Cloud will be present next week at Ping's yearly Cloud Identity Summit in New Orleans. 

NulliBrew 450 Identity Project - from Sun E450 to Kegerator

Take the shell of a Sun E450 Group Server, replace the interior with refrigeration, 4 Raspberry Pi's, plumbing to connect beer kegs to taps and control access using the ForgeRock Identity Stack integrated with Neo Technologies Neo4j graph database.   Leveraging the power of a graph database, OpenAM learns about your "connectedness" and makes access decisions for the equipment that controls the operation of the beer taps.

NulliBrew 450 Is Here!!

We are excited to introduce the NulliBrew 450 at the ForgeRock UnSummit in San Francisco on June 1, 2016.

Conversion of Access Policies from OAM to OpenAM

This post introduces a tool we recently developed to aid the transition from Oracle Access Manager (OAM) to OpenAM, an access management solution by ForgeRock. Specifically, the tool converts access policies from an OAM instance and translates it to XACML, a standard based policy language supported by OpenAM.


A View-Based Protection Model to Prevent SNS API Inference Attacks

Extensibility of social networks has had a significant impact in their large popularity. However, this comes with the price of exposing user information to 3rd-party extensions. Permission-based access control mechanisms can control access to user information, but they cannot control inference of private information from public information.

Hierarchical groups in OpenIDM 4

Although creating and maintaining LDAP group hierarchies are not supported out-of-the box in Forgerock's OpenIDM 4 recent release, there is a not too complex way of implementing the functionality, using Relationships and a bit of custom Javascript.

OpenAM / Neo4j Policy Condition

The Nulli Neo4j Universal Policy Condition plugin for OpenAM is available at https://github.com/nullibrew/openamneouniversalcondition.

User-Managed Access and Identity Drive Internet of Things (IoT) - Dinner Event

Nulli and our partner, ForgeRock, are presenting an informative dinner to discuss how User-Managed Access (UMA) and Identity secures the Internet of Things (IoT).  The event will take place on Feb. 11, 2016 in Calgary, Alberta.   

Back-To-The-Future: Contextual Identity and Access Management

The Neo Technology GraphConnect™ conference was held on Back to the Future© day, October 21, 2015 in San Francisco, California.  Nulli, a partner of Neo Technology and of ForgeRock was invited to present at the conference and so Dave, our graph db aficionado, decided to see how information from the movie and movie characters could be modeled in a Neo4j™ graph db. 

Leveraging Graph Databases in Access Management, a presentation series

Access Management (AM) is concerned with authenticating users and determining whether they have permission to access requested resources. Core to any Access Management Platform is the design and implementation of access control policies. Nulli has provided a Youtube presentation series to discuss how graph databases can be used to help the design and implementation of complex acess control policies.


IAM architects and solution developers are being presented with a growing set of relationships that need to be highly visible to support real-time access decisions.  To be successful, Access Management (IAM) systems require real-time visibility to relationships. The number of relationships between people, things, software and services need to be understood and assessed for a highly scalable IAM deployment.  The Internet of Things (IoT) is driving the need for IAM to change and support the massive scale of identities needing to be assessed in relationship to the policies required to protect resources.

Nulli is Diamond Sponsor of ForgeRock Identity Summit - Half Moon Bay, California May 27-29

Nulli is proud to be the Diamond Sponsor of the ForgeRock Identity Summit in Half Moon Bay, California, USA  - May 27-29 2015.  As the Diamond Sponsor we'll be hosting attendees to the Wednesday evening welcome reception and look forward to speak with everyone about the latest developments in Identity and Access Management (IAM).  If you haven't registered, there are still spots open so please consider coming to hear customer share success stories, listen to technical how-to sessions or attend sessions that are certain to challenge your thinking with respect to where IAM is heading in the coming years.  Register here.

Nulli Strengthens Partnership with ForgeRock® in becoming a ForgeRock One Strategic Partner.

September 23, 2014

Nulli-Identity Solution Architects has announced today that it has become a Strategic Partner within the ForgeRock One Partnership Program.  Nulli has been an Integrator Partner since the founding of ForgeRock, Inc. in 2010 and is pleased to strengthen their relationship as the Identity world evolves from enterprise centric identities to encompassing all relationships both internal and external on all mediums. ForgeRock is the leading open platform provider of Identity Relationship Management (IRM) solutions. As a Strategic Partner, Nulli’s ForgeRock-accredited Specialists help customers successfully deploy and support the ForgeRock Open Identity Stack, the first and only IRM platform purpose-built for delivering customer-facing solutions to any device or “thing,” on-premise or in the cloud.

Case Study: Utilizing OpenIDM with an External AJAX Interface

In our previous blog post we provided the report that was written as a compliment to the presentation by Rob Jackson given at the ForgeRock Identity Relationship Management (IRM) Summit, June 3-5, 2014.    Rob's slides for his presentation are provided in this blog post.  The video of the recording can be viewed here.

Nulli - Lending a helping hand for flood recovery in Calgary

On June 21, 2013, Southern Alberta was hit with devastating floods – the impacts both financially and emotionally will be felt for years.  Despite being a relatively small team, the flooding has impacted all of us at Nulli.  Some of our colleagues were temporarily evacuated from their homes, seeking shelter with colleagues, friends or neighbours until the dangers had passed.  Others had to stay evacuated until waters subsided, power was restored and cleaning out of contaminated belongings could be completed.  Yet others have family and friends who have had their homes and possessions completely destroyed and live day-to-day while they wait on flood policy and recovery decisions to determine their next steps for getting themselves into a home.

Flooded Neighbourhood near the Nulli offices
Flooded Neighbourhood - Sunnyside

Nulli - Keeping IAM Simple Stupid - ForgeRock Open Identity Summit

Nulli showcased our views on IM KISS - "Keep IAM Simple Stupid" demo at the ForgeRock Open Identity Summit.   Presenting identity management in a visible and open format with nothing to hide is a key principle of the open community that Nulli and ForgeRock support.   The demo highlighted a rapidly deployed suite of the ForgeRock Open Identity Stack running on 4 Raspberry Pi computers.

  ForgeRock Open Identity Stack running on Raspberry Pi by Nulli

ForgeRock Open Identity Stack running on Raspberry Pi

Repatriating IT Skills - Now is the time

The following news article published in the Globe and Mail prompted me to write about the perception of IT Outsourcing as discussed with me by Information Technology professionals employed by companies in India, Canada and the United States.

India’s IT outsourcing giant Wipro takes aim at Canada Add to ...
The Globe and Mail
Published Wednesday, Mar. 13 2013, 5:59 PM EDT
Last updated Thursday, Mar. 14 2013, 1:49 PM EDT   

How do I manage the volume of Role Request emails in OIM 11g R2?

Oracle Identity Manager - OIM 11g R2 introduced a new feature called "Catalog" that provides users of OIM the opportunity to request roles.  An user of an Organization can search or request roles using a traditional shopping cart type of process.  The process provides an option to generate emails used to notify the requesting user of the progress or stage of his/ her Role Request.  The Role Request might require multiple approvals and thus the request would generate many emails being sent at each stage of the approval process.  The Out of the Box (OOTB) Role Request workflow could have up to nine emails sent during the OIM Role Approval process.  If the Role Request is denied then the process could generate five to eight emails that would be sent to the requesting user.  This might be a useful feature for some customers but it could be a nuisance for others who would find the volume of email to be annoying and might desire to have at most two emails for either Role Approval or Role Rejection.

This post describes a way to limit the number of emails generated to two, one when the initial Role Request is made and one when a final decision (either Approve or Reject) is made.

Giving Back to Our Community

Traditionally, Nulli employees have celebrated the Christmas season by participating in an employee gift exchange.  This year we decided to do something different.  We thought it would be a great way to show our team spirit and spread the Nulli cheer by donating what we would normally spend on a Christmas gift towards a hamper that would help a low income family.

ForgeRock - New RockStar!

Lasse Andresen advised me today that he will be shifting roles from the CEO position with ForgeRock to that of CTO.   This is great news as everyone who has worked with Lasse knows he is a "geek" at heart and will get to focus his passion for product innovation and excellence on the ForgeRock Open Identity Stack.   The ForgeRock board of directors led by Lasse conducted an extensive search for their new CEO.  Their dillegence was rewarded with Mr. Mike Ellis join the team as the new Chief Executive Officer and member of the board.

Amble With Angus

Nulli will be participating again this year in the 11th annual Amble With Angus fun run in support of the Calgary Food Bank



Nulli Paints The Town

Yesterday, we had a Nulli Day “Painting the Town”.  It was a “feel good” day, lots of sun, laughs, appreciation and caring; a day away from the office; a day amongst great people.  Thank you to everyone at Nulli who were able to participate.  Mrs. K. was so happy and thankful to now have a freshly painted home to welcome her family and friends. Take a look at my pictures! and  Look at even better pictures from Volunteer Calgary!

The City of Calgary City Links is an amazing program of giving, helping low income seniors live in their homes safely and securely while providing a safe and supportive work environment for men and women facing barriers to employment.  Volunteer Calgary helps as well through their “Paint The Town” initiative where companies like Nulli can have a great day painting the exterior of a senior’s home.

Speaking with ForgeRock’s CEO at RSA 2012

I met with Lasse Andresen, CEO of ForgeRock while at RSA and was really pleased to have had the opportunity to catch-up with him on all things ForgeRock.

The big news was that ForgeRock has secured $7 million of Series “A” funding from Accel Partners of Palo Alto, California, USA.    I see this as yet another vote of confidence for the direction that ForgeRock is leading the Identity and Access Management (IAM) community.

I spoke to Lasse about how Nulli continues to see the ForgeRock OpenDJ and OpenAM products as highly reliable and easy to deploy solutions for our customers.   The subscription based license model has been extremely well received and is one of many differentiators that ForgeRock offers its’ partners and clients.

RSA 2012 - Philippe Courtot - Chairman and CEO Qualys - Keynote

The Urgent Need for a More Effective Approach to Security
Philippe Courtot, Chairman and CEO, Qualys, Inc.

Philippe provided an excellent presentation about companies that are currently applying disruptive technologies and thus changing how we view a “norm”.
He spoke about both the Hiriko Project and a company called Pininfarina and how they are disrupting the personal transportation market for in-city transportation.  He also updated attendees on how firms are re-thinking the whole security model and how they are trying to address issues like e-mail spoofing and SSL Certificate Authorities and the need for collaboration via a new trustworthy internet organization that he launched today. (2012-02-29) 

The Hiriko Project  - http://www.hiriko.com/

This “car-sharing” project has global breadth in that the design is from MIT, manufacturing in Spain and is involving many global participants in a consortium arrangement.   Applying new technology to create disruptive models to personal in-city transportation.  Set to go into production in 2013 these 2 person electric cars designed at MIT reduce parking requirements, provide short-term access to personal transportation and help the environment.  The consortium is supposed to be speaking with San Francisco as another city for us of the cars and program.

RSA 2012 - San Francisco

I have been attending the RSA Conference in San Francisco (February 27-March 2nd) this week and found it to be a very worthwhile networking event.   The Nulli team having reviewed the conference sessions believed there was limited content focused on the area of Identity Management and thus we didn’t send any other participants to the conference this year.   In previous years we have had participants attend as there was a strong showing of Identity and Access Management (IAM) sessions of real interest to our team and clients. 
My time at RSA 2012 has been filled meeting with a variety of Identity and Security vendors to determine how well they fill niche or end-to-end IAM functions for our clients.  See following posts that elaborate on who I met with and my findings.

Nulli Speaking at COUG - Dec 15th, 2011

Trevor Roskewich, Senior Identity Consultat at Nulli will be presenting to the Calgary Oracle User Group (COUG) at the Suncor Energy Centre at 8:00 AM on December 15, 2011.   His presentation, co-produced with Lisa Gryschuk, Senior Human Information Consultant at Nulli, addresses the critical business integration between Human Capital Management and Identity Management.

Nulli @ The Gartner IAM Summit 2011 – San Diego

You’ll find Craig, Joanne and myself attending the Gartner IAM Summit 2011 November 13th through 16th in San Diego.

At the IAM Summit, we look forward to speaking with attendees who share our passion for deploying cost effective access and identity management solutions.  We want to speak with analysts and attendees about tools used to deploy and support strategies, tactics and solutions.  We also going to   approach solution providers to hear how they address the demanding business requirements and needs for reduced costs of ownership that so many of our clients are seeking.

This Ain’t Your Grandma’s HCM:  Identity for the Enterprise

Aside from the wonderful grammar, this 11:15 AM session being held at Western Canada Regional User Group (WCRUG) in Vancouver, BC on November 10, 2011 will be of interest to everyone in the enterprise.

Human Capital Management (HCM), also known as Human Resources (HR), is a critical application forming the foundation of every business’ success. Knowing who your people are and what role they play along with associated cost/benefit metrics is what HCM/HR applications are best at performing.  Nulli believes this Human Information (HI) is central to the success of many applications.  High quality Human Information is a key requirement for reliable security and identity processes as well as for HCM.

ForgeRock OpenICF Community Launch - Identity Connector Framework (ICF)

ForgeRock, the open source Identity-Oriented middleware company, has joined a global community to launch a new open source project today.   The OpenICF, Identity Connector Framework (ICF) community will provide a home for the development of multi-purpose connectors used by identity providers such as ForgeRock's OpenIDM, Oracle Waveset (formerly Sun Identity Manager) and other governance and compliance software.

Oracle Specialized Gold Partner - Security and Identity

Oracle has designated Nulli as an Oracle Gold Partner in the Oracle PartnerNetwork Specialized Program. Nulli having achieved Pillar Partner - Security and Identity status is now being recognized as a Gold Specialized partner for our implementation services excellence for the Oracle Access Manager, Identity Manager, Internet Directory, Virtual Directory and the Oracle suite of identity products including the Oracle Entitlement Server.

Introducing Stitcher - OAM Configuration Migration Solution

Many of our readers are aware that we have had the "COREid Migration Service" available for public use for the past three years. This service has been a resounding success with several high profile North American OAM customers relying on it to maintain consistency across their environments. The expression, "If it ain't broke, don't fix it." best describes our attitude towards the initial release.