Tuesday, November 06, 2007
Links for 2007-11-06
Pamela Dingle on one level is correct that self-issued cards are more secure in that attacks against an identity provider that has only a few things aren't worth the time for hackers to penetrate where as managed card implementations suffer from gaping security holes that exist for other reasons. The issue that all the folks in the community are ignoring because they are wearing their consumerish glasses and can't see the B2B need is that having a managed card in a business scenario could afford you with indemnification which shouldn't be underestimated. Hopefully, we can acknowledge that indemnification is a component to being secure.
I wonder why Oracle employees such as Tom Kyte, Mary Ann Davidson, Roger Sullivan, Amit Zavery or Mark Wilcox hasn't chimed in on when Oracle will support direct authentication against Active Directory without requiring an additional product?
Does anyone know how this compares to Sun Identity Manager, BMC or Oracle?
Craig Randall acknowledged Security, in order to be done correctly requires server APIs which run in the address space of Documentum itself but never posted any guidance on how to enable. I look forward to him and Robin East outlining solutions to this approach.
Have you ever noticed that Kim Cameron blog whenever you present a new information card to it requires a workflow of sorts? I wonder if the relying party needs the ability to kick off a workflow via a standards based mechanism and whether it should delegate to an identity management tool such as Sun which should expose SPML or a BPM process that uses BPEL?
Links to this post: