« Web services security training in NYC | Main | When Will We See Market Forces in Infosec? »


Adrian Lane

The 'High Assurance Intermediary' or broker model works well. It provides necessary architecture for dispute resolution, lookup services, third party verification, escrow and can provide other things like public key services. And for efficiency, non secure communications could be conducted directly between endpoints. If you are going to take full advantage of SOA, and making some assumptions about viability of closed central security domain model, I think a three party system is the best bet.

The comments to this entry are closed.