|
|
|
11 April 2002
|
|
| |
Microsoft is slowly killing of Hailstorm according to an article by John Markoff of the New York Times. He claims that MS has been slowly devesting their My Services (formerly Hailstorm) Consumer Web Services platform over the past few months, with a goal of eventually releasing "My Services" as a package for Corporates to use.
I don't know how this will affect Passport yet, but I can't imagine them halting that service for the time being, regardless of its problems. I wonder if the Citibank announcement last month will be affected by it as they were to be the prefered financial services provider for My Services.
1:52:58 PM  comment []
|
|
I haven't had time to read the full whitepaper yet. This Whitepaper describes their new WS-Security proposal.
This document describes a proposed strategy for addressing security within a Web service environment. It defines a comprehensive Web service security model that supports, integrates and unifies several popular security models, mechanisms, and technologies (including both symmetric and public key technologies) in a way that enables a variety of systems to securely interoperate in a platform- and language-neutral manner. It also describes a set of specifications and scenarios that show how these specifications might be used together.
I'll have a quick read and come back with any comments.
1:21:01 PM comment []
|
|
|
|
|
09 April 2002
|
|
|
|
03 April 2002
|
|
|
|
20 March 2002
|
|
| |
Novell report: Looking for corporate single sign-on.
A report made to order for Novell Denmark, reports that 73% of corporate users daily use more than 5 different logins to access company resources.
Yet another reason that Novell is not alone in the space, with solutions from Oblix, Netegrity and Microsoft (Active Directory) as highlights.
[Digital Identity]
I'm sure every single bank has plans for this, but with all the different applications out there it's going to be costly to implement.
11:58:56 PM comment []
|
|
Prior suspect that Liberty will be looking to the Security Assertation Markup Language (SAML), a proposed standard from the OASIS Security Services technical committee, now seems definitive.
I have three independant confirmations from Alliance founders, that SAML indeed is the security information protocol of choice. It is, however, also quite safe to bet that Liberty's specific requirements of operating a shared public identity space with specific focus on merchants, will force extensions upon the standard.
[Digital Identity]
The Liberty Alliance Project counts several Prominent US Financial Services companies such as: American Express, Fidelity, Bank of America and CitiBank (Hmm, what about todays announcement regarding Passport?? Betting on two horses I guess.). The project aims to setup a large federated Identity Service to compete with MS Passport. So far little is concrete, but it sounds like they might be using SAML, which certainly would make sense.
I've seen plenty of anti microsoft alliances before and I must admit I'm a bit sceptical if they actually will get past the vapour ware stage. But I do hope they do, as no one wants to see MS own that market. (Of course they are probably the one company suited to do so).
Financial companies will primarily be interested in Liberty for retail apps. There is little sense in using them for internal applications. I can see larger banks creating SAML interfaces into existing authentication frameworks. Data providers will probably eventually look into using it as well for authentication of their services.
11:46:15 PM comment []
|
|
Security Assertion Markup Language
As a follow up to the CitiBank story below, I had a look at what alternatives are available that would be of interest to the Financial Services Industry. The Oasis Consortium who work on various Business related XML formats have proposed a standard called Security Assertion Markup Language (SAML). The Standard is nearing completion and we should be seeing a V1.0 within the next month or so.
SAML looks particularly useful to Investment Banks. It handles everything from End User Authentication to Service to Service Authentication. Which would be useful for various kinds of feeds. A Standard Java extension will be released from Sun that contains a Java API, hopefully making it easy to plug into existing systems.
I'll post a more detailed analysis of SAML later on.
11:08:47 PM comment []
|
|
CitiBank to use Microsoft Passport
News.Com: "Citigroup has agreed to use Microsoft's Web services technology, including password protection, online authentication and messaging services. The endorsement is significant for Microsoft, which has been struggling to define a business plan for its .Net My Services product." [Scripting News]
While the article talks about the confusion consumers have about the technology, there is a real need for services such as Passport. There are many questions though regarding the technology. Is it too centralized? Do we trust Microsoft with our data? Is Microsoft able to provide the security for such an application? These remain to be seen, however ofcourse this announcement does seem more of an announcement of a joint marketing agreement than anything else. I'd like to know if anyone with CitiBank did a real analysis of the security of Passport before the guys up above decided to do the deal.
9:13:27 PM comment []
|
|
|
|
© Copyright
2002
Pelle Braendgaard.
Last update:
11/04/2002; 12:08:11. < |
|
|
