Curriculum Vitae


  • 2012 Research prototype of cloud security assurance analysis, transferred to IBM as part of the IBM PowerSC Trusted Surveyor product.
  • 2011 First automated isolation analysis for infrastructure clouds, used in an IBM analysis of a global financial institution's in-house cloud.
  • 2009 First anonymous credential system on a standard Java Card, cited by, e.g., the Handbook of EID Security as feasibility proof for this protocol class on eID cards.
  • 2006 First security proof of a WS-Federation Interop Profile (WSFPI), basis for industry interoperability, recommendations adopted by standard, proof conditions transferred as test suite to TFIM.
  • 2003-04 First security analysis of SAML 1.1 and 2.0, adopted in standard and acknowledged by OASIS, major identity federation standard, basis of ~50 industry and open-source software products.
  • 2003 Design and research prototype of IBM Tivoli Federated Identity Manager (TFIM), transferred to IBM Tivoli, first production deployment with global telecom operator, 50 Million seats.
  • 2002 Design and research prototype of the Dynamic Attribute (DynADI) Entitlement Service, transferred to IBM Tivoli Access Manager (TAM).