Updated: 23.6.2002; 12:30:41 GMT.

Security weblog



daily link  Tuesday, May 21, 2002

Network World Survey: Security is important, but we won't pay for it

Security issues are consuming network executives' thoughts, although not necessarily dictating their spending priorities, according to the ninth annual Network World 500 survey. [NWFusion]

This illustrates a disconnect that I have often seen in security field. People frequently say something different than they do.

  10:02:47 PM  permalink  
The Security Blog

Security blogging comunity is growing. No nonsense post mainly about network side of the things from Mathew Tanase.

  4:02:32 PM  permalink  
XML security standards forest

There are been about 30 web services security standards under development. Some think that this is overkill:

"I would hate to see Web services get lost in the security forest," says John Studdard, senior vice president and CTO for the Virtual Bank in Palm Beach Gardens, Fla. "We are hoping for a simple security model as opposed to something that sounds good but has no chance of ever being implemented." . [NWFusion]

I don't think this is going to happen. Distributed computing utilising chain of services over unreliable and insecure infrastructure to get relatively reliable SLAs is a problem that is not easy to resolve. Combine this with the need to communicate with unknown subjects with unknown reputation and you wonder if its feasible at all. Still, it will be important for security standards not to stay in the way of bootstrapping. This means to have modular security specifications that can be added to the basic protocols as the complexity of use scenarios increase. Mandatory requirement to implement all the XACMLs, WS-Policies, WS-Trusts for simple and straightforward SOAP implementation between two mutually trusting applications with known semantics would be nonsense.

"We were surprised to see how quickly people were adopting the Web services development tools, but there is an immaturity level that is quickly being realized as people seek security, reliability and quality of service," says Tyler McDaniel, director of application strategies for Hurwitz. "As a result, there is a pressure on vendors and standards bodies to get security moving faster."

Yes, for enterprise use of web services, security is a showstopper. Corporations can't benefit from the web services without controlling access. Temporarily workarounds, like the use of SSL can be used just for point-point integration and the user identities cannot be propagated through the hole transaction chain. Then there is a host of would be standards from SAML to Kerberos to WS-Security to Liberty Alliance and who would like to deploy specification that could soon become obsolete. Everybody is therefore waiting for what the standard churn mill will spill out.

  12:19:50 PM  permalink  

  
May 2002
Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  
Apr   Jun
Misc

About
Reading list
Resources
Contact me

News

SANS NewsBites
Crypto-gram
UKCrypto
Information Security
all.net
Objectwatch
CBDi Forum

Channels

Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Better Living Through Software (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Content Wire - Digital Copyright (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. DeveloperWorks.com - Security Articles (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Dictionary.com Word of the Day (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Digital Identity (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Digital Identity World (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Financial Applications Security Weblog (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Joel on Software (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Jon's Radio (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Line56: B2B News (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. O'Reilly Network ONJava.com (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Onlineblog.com - Guardian Online's weblog (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. RISKS Digest (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Scripting News (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. SecurityFocus (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Web Services Architect (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. WebServices.Org (rss)
Radio UserLand users: click to subscribe. Other folks: use the RSS link to acquire this channel. Wired News (rss)



jenett.radio.simplicity.1.3R
Radio Userland


Copyright 2002 © Jiri Ludvik.
Last update: 23.6.2002; 12:30:41.