Thursday, February 20, 2003

STEAL STEAL, which stands for Security Technology Education Analysis Lab, is an Omaha laboratory where hackers can experiment how to foul things up.  The federal government is looking at the lab to support their counter-cyberterrorism efforts.  Yesterday, a hacker broke into a computer system operated by Data Processors International based in Omaha and gained access to millions of credit card records.  South African experts say that such a hack could not happen in their country. 1:13:08 PM    comment []

XACML XACML is a newly adopted standard for access control (18 Feb 2003).  XACML is expected to address fine grained control of authorized activities, the effect of characteristics of the access requestor, the protocol over which the request is made, authorization based on classes of activities, and content introspection (i.e. authorization based on both the requestor and potentially attribute values within the target where the values of the attributes may not be known to the policy writer).  "XACML is designed to enable the expression of well-established ideas in the field of access-control policy. Such a common policy language, "if implemented throughout an enterprise, allows the enterprise to manage the enforcement of all the elements of its access control policy in all the components of its information systems." Dave McNamee is the ITS product manager that is assigned to authentication services.  He is working on issues like single sign-on, directory integration with SSO, secure authorization, etc.  XML-based authentication services is another item to add to his plate. 7:28:47 AM    comment []

© Copyright 2003 David Fletcher.