Security Weblog

Wednesday, July 3, 2002

ID Cards in the UK?

A consultation paper on ID smartcards from the UK Home Office. I guess that In days to follow we will hear more about multi-application, multi-domain smart cards. 11:14:11 PM

Identity management update

It seems that the consolidation on the market of enterprise identity management is progressing according to analysts' (i.e. METAGroup) forecasts. Both Oblix and IBM appear to succesfully marry provisioning and web identity management. Now the question stands whether the things described on the paper are reality or demonstration of both vendors' conceptual thinking. 7:16:27 PM

TCPA/Palladium FAQ

Joshua Allen apparently found some time to go over TCPA/Palladium FAQ and he is ridiculing it as "a shameless piece of FUD by a self-proclaimed open-source economist." In contrast to his last take, he seems to be strong in opinions, but short on arguments.

Anderson is respected security researcher whom his research lead to focus on the intersection of economics and security.

In the FAQ, Anderson applies basic method of designing secure systems. This method is based on a way of thinking where you design a system to meet functional requirements with respect to current security best practice. Then you switch into "evil mode" and start ponder what can go wrong. This means which components can fail, what attacks are most likely, what ways of attack are most likely, where they would be directed etc. After you go through this stuff, you modify the system design to protect against likely attacks and failures. The FAQ esentially explores the "what can go wrong" way of thinkg directed on social level. In fact, this is IMHO a type of response Microsoft was expecting to receive when they issued their request for comment by leaking details about Palladium.

And BTW proclamations like, "The problem is that we have a lot of smart people wasting their entire lives worrying about what bad stuff might happen, rather than thinking about what good stuff is just waiting to be unleashed by human creativity." exactly illustrate why Microsoft hasn't been able to deliver secure systems in the past.

6:58:12 PM

General

About
Reading list
Resources
Contact me

News

SANS NewsBites
Crypto-gram
UKCrypto
Information Security
all.net
Objectwatch
CBDi Forum

Channels

Better Living Through Software
Brent Sleeper: Web Services
David Fletcher's Government and Technology Weblog
DeveloperWorks.com - Security Articles
Dictionary.com Word of the Day
Digital Identity
Digital Identity World
Eric J. Norlin's Blog
IBM Developer Works - Web Architecture Articles
Joel on Software
Jon's Radio
Loosely Coupled weblog
O'Reilly Network Articles
onlineblog.com
Scott Loftesness: Digital Identity
Scott Loftesness: Trusted Computing
Scripting News
SecurityFocus
Web Services Architect
WebServices.Org
Windley's Enterprise Computing Weblog

jenett.radio.simplicity.1.3R
Radio Userland