Ousourced Trust (was Re: Difference between TCPA-Hardware and a smart card and something else before
Rich Salz
rsalz at datapower.com
Tue Dec 23 14:01:53 EST 2003
> 2) certificates were fundamentally designed to address a trust issue in
> offline environments where a modicum of static, stale data was better
> than nothing
How many years have you been saying this, now? :) How do those modern
online environments achieve end-to-end content integrity and privacy?
My guess is that they don't; their use of private value-add networks
made it unnecessary. If my guess is/was correct, than as more valuable
transactions (or regulated data) flow over the commodity Internet, then
those things will become important. Make sense? Am I right?
If so, then I believe that we need a federated identity and management
infrastructure. The difference is that the third-party PKI enrollment
model still doesn't make sense, and organizations will take over their
own identity issues, as with SAML and Liberty. Once you do that, adding
"publicKey" as just another attribute is no big deal. With any luck,
the new year will bring the analogy SOAP::other middleware as SAML::x.509 :)
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list