Toto, its not 1995 any more

Another interesting takeaway from the SSO Summit by Christopher Paidhrin:

The future of SSO is coming upon us quickly. The adoption of standardized federation, identity and authorization schemas is lagging behind the adoption of Web 2.0, cloud-everything and mobile-diversity technologies and service demands. Both John Haggard and Gunnar Peterson spoke emphatically to the need for "real" security to catch up with the explosion of perimeter-less networks and SaaS/SOA/cloud services. 

The thing is that developers are at least a decade ahead of the infosec people who continue to roll like its 1995 with SSL and network firewalls. By itself this is already a problem, but its made worse because attackers are a decade ahead as well.