...the digital natives may be getting some better tooling faster than I thought. I am sure you already know there is a northern alliance and Redmond is U-Prove enabled. I fondly remember a lengthy conversation I had with Stefan Brands in Croatia several years ago, while he patiently explained to me how misguided the security-privacy collision course way of thinking is, and instead how real security is only achieved with privacy. If you have not already, I recommend you read Stefans' primer on user identification.
Here is hoping that the combination of Stefan's breakthrough innovation and some Redmond engineering talent equals a third security mechanism that we can all use (we already have the reference monitor (sort of) and crypto (ibid) a third mechanism wouldn't hurt). As iang points out its all about minimal disclosure. I guess what I see as the potential breakthrough is the mixture of the composeable CBAC packaging framework with a set of algorithms that avoid the panopticon. An obvious worst case for SOA, Web services security is that instead of optimizing and creating interop for increased (read message level) security, we instead optimize a panopticon! Instead we want to keep the interop but not enable the linkage which is the precise problem that Stefan's work addresses.
Good post. Earlier this week I sat through a discussion by several people in the U.S. intelligence community claiming that privacy on the Internet was a bad thing, saying user privacy was akin to putting cops on the street but not allowing them to make arrests. Incredible. I am glad to see there are more efforts out there to provided some type of proxy to provide assurance and privacy to internet activities.
Posted by: Adrian Lane | March 13, 2008 at 02:24 PM