This is a great interview by Gary (who gets the big picture, does his homework, asks really good questions and so it always sounds like you are listening in on a conversation among peers at an industry conference) with Bob Blakley of Burton Group. Its a must listen, Bob has worked on many useful things like SAML to just name one. They touch on a lot of interesting topics, a couple of interesting issues:
Bob pointed out his main gripe with Java's security model which is how it treats fine grained authorization. It requires defining all of the policy up front, very difficult or impossible to do in real world. And it lacks layers of indirections that we can use to resolve when we don't know a priori the full subject + object + session policies (i.e. most of the time). Bob opines that XACML and Claims may help resolve this, and I agree (if nothing else it represents our best current hope), but they didn't drill down on this (Bob or Gary - anything to add here?).
Gary reference Bob's position that we don't get viable real world security because
1. Integrity and secrecy are not achievable in modern general purpose systems (need to be constrained)
2. Policies are not manageable (see Java or any other general purpose system)
As an example of best current practice, they examine Bob's work as original editor of SAML, one of the reasons that SAML has been so successful is due to their guiding principle was that security is not delivered by design by constraining SAML to only what was absolutely essential. Had never thought about it this way and SAML has turned out to be quite flexible and widely adopted.
Or as quoted on Add Simplicity:
A designer knows he has achieved perfection not when there is nothing left to add, but when there is nothing left to take away. ~Antoine de Saint-Exupery
Comments