Sunday, October 07, 2007
Links for 2007-10-07
Early on Kim Cameron discussed the notion of EV certificates which caught my attention. The problem will success is that folks may also want this capability internal to the enterprise and for use with internal CAs. Users will be familiar with them from hitting sites outside the enterprise and cognitive dissonance will demand them for whenever an employee accesses their payroll, health benefits or other critical information. I wonder if Kim Cameron could lobby the Active Directory Certificate Services folks to create internal EV certificates as an enhancement request.
Jeff Bohren is keeping Conor Cahill honest. Part of the risk in federation is indemnification/liability which is more than likely able to be negotiated for B2B interactions than they are for B2C. Unless the business model around consumers are low-value transactions, then I think the value proposition when looking thru a business lens would be to federate with other businesses first and make consumers part of future rollout.
This at some level feels like a superset of a previous post by Laurence Hart, James McGovern, Bex Huff and James Governor have been discussing. Of course, the industry analyst crowd and Craig Randall have been missing from the conversation. Anyway, I wonder what it would take to unify our conversations?
Folks know that I am a proponent of the OASIS XACML specification and don't really understand the need for WS-Authorization. I wonder if Conor Cahill, Rajiv Gupta or others could tell me why we need both and the opinion of project Liberty? Maybe someone could also share when Microsoft will build support for XACML into the next version of .NET so as to not lag the J2EE world?
Links to this post: