Silicon.com: "Over 80 per cent of companies now have staff who work from home on a regular or occasional basis, according to the latest research, but security is still seen as a major barrier to more widespread uptake."

And I thought it is lack of control over staff and countless practicalities that are prevent from using teleworking more. Thanks god for firewall vendors. BTW recently I've got my hands on the IDC European Security Services Market study which among other things mentions FUD marketing as one of the factors that negatively affect the industry.

8:23:40 PM    

I was forced to go through the Liberty Alliance details because of a presentation I was asked to do. During my investigation I came across several points:

• End users don't give a monkey about digital identity and Liberty per se. It's the companies who have chance to become identity providers (actually banks according to Gartner), who care about this and who might be ready to pay for the fun
• Because Liberty enables completely new type of business relationship that span across, at minimum, three entities, the legal issues involved are huge
• Business issues - how to get service providers signed up, what will be in it for them, what benefits Liberty will going to bring to everybody is another critical issue
• At the end of the day, the bill presented to potential identity providers for legal and business work will be probably higher than the one for technology services which will still be higher than the one for software and hardware (good morning Sun!). The question is if anybody is in fact prepared to pay for this (as opposed just to talk about) in the climate focused almost entirely on cost reduction
• Liberty v1 has some serious usability issues. In most of its deployment scenarios, it will not be possible to get automatically signed-on just by typing URL directly into browser
• Account federation is an awful expression. No user will understand that. Even when using "account linking" is a bit awkward to get in terms with. The whole thing with getting consent with federation will put off most of the users. The option to "automate" the consent may not be legal.
• Large parts of the v1 specification are optional. Will software vendors get to agree on what how to use the optional parts and stay interoperable?

Couple of other points that appeared in the lively dicussion that followed after the presentation.

• Liberty (or something similar) is definitely a way forward, especially in multi-device environment
• V1 is just first stab at how the eventual solution will look like
• Powerful "user" organisations (MasterCard, banks etcs) is one of the reasons why Liberty is not just a PKI v2 - a brilliant technology vision without real world execution
• Internal Liberty deployments will be the first ones to appear because they don't have to deal with difficult legal stuff and thus can bring benfits faster

Don't we live in interesting times?

8:05:52 PM