Tuesday, February 17, 2009
Links for 2009-02-17
I wonder if this posting ever answered the original question asked by Mark Wilcox?
A nice look at how KFC leverages SAML
It is interesting to see that Facebook will support OpenID but hopefully they will allow others to be the identity provider and will defer trust to others.
While email encryption is the most discussed use-case, the blogosphere needs to take this a lot deeper in terms of its analysis. Luther Martin responded back with some insight that technically is an answer but still is otherwise weak. He accurately describes that there are not one but two schemes underlying IBE but gets it twisted by focusing on whether customers understand the distinctions between them when the focus from a customer perspective is in choosing solutions with only two. Traditional PKI in this regard doesn't have just two pluggable asymmetric algorithms but at least dozens. Having more choice in of itself is more secure independent of any crypto review of any particular algorithm.
In another post, he asks the question of Is interoperable key management dead? I believe the question should be how many key management solutions should an enterprise have? As a customer, should I have Voltage for email, IBM for tape encryption, RSA for document storage, and so on. Independent of any standards, vendors need to talk more transparently about how their solutions may never be eliminated and/or rationalized. Of course there were other aspects of the original posting that I am sure Luther and his friends could provide insight on