Sunday, October 07, 2007

 

Links for 2007-10-07



  • Success brings complexities too
    Early on Kim Cameron discussed the notion of EV certificates which caught my attention. The problem will success is that folks may also want this capability internal to the enterprise and for use with internal CAs. Users will be familiar with them from hitting sites outside the enterprise and cognitive dissonance will demand them for whenever an employee accesses their payroll, health benefits or other critical information. I wonder if Kim Cameron could lobby the Active Directory Certificate Services folks to create internal EV certificates as an enhancement request.

  • Privacy Management in Enterprises
    I bet if you were to survey developers of enterprise applications within Fortune 100 enterprises and ask them how does their application account for the privacy wishes of users of the system, other than someone being clever saying that we have a privacy policy on their web site, they would have to admit that they don't. Maybe the first problem someone wants to tackle is teaching folks how to build privacy enabled applications. The mindset is once I got a handle on the data, I will do whatever I please with it. At some level, privacy is dependent upon enterprise authorization and some level identity yet know one is blogging on this aspect and therefore it is not important. If you know of folks in HP that may have guidance for the rest of us, please encourage them to share. I wonder if I could call out Curt Devlin of Microsoft to blog on building privacy into enterprise applications?

  • Conor makes the case, but perhaps the wrong one
    Jeff Bohren is keeping Conor Cahill honest. Part of the risk in federation is indemnification/liability which is more than likely able to be negotiated for B2B interactions than they are for B2C. Unless the business model around consumers are low-value transactions, then I think the value proposition when looking thru a business lens would be to federate with other businesses first and make consumers part of future rollout.

  • Data Security Lifecycle
    This at some level feels like a superset of a previous post by Laurence Hart, James McGovern, Bex Huff and James Governor have been discussing. Of course, the industry analyst crowd and Craig Randall have been missing from the conversation. Anyway, I wonder what it would take to unify our conversations?

  • Authoration Claims and Stable Data
    Folks know that I am a proponent of the OASIS XACML specification and don't really understand the need for WS-Authorization. I wonder if Conor Cahill, Rajiv Gupta or others could tell me why we need both and the opinion of project Liberty? Maybe someone could also share when Microsoft will build support for XACML into the next version of .NET so as to not lag the J2EE world?







  • << Home
    | | View blog reactions


    This page is powered by Blogger. Isn't yours?