[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [soa-rm-ra] Thought Experiment on SOA Security and Governance
Federated Identity exists today. Both Adobe and Microsoft have server based products which use a WS-Trust type model on the back end to allow a trusted region to be declared including CRL's for all CA's. Sadly, what you are talking about is largely linked to the weak link in the chain - the people who administer and operate the trust domain. The basic tenet is to deny all and allow only specific trusted entities. All it takes is one slip. D On 10/30/06 11:00 AM, "Chiusano Joseph" <chiusano_joseph@bah.com> wrote: > My take is that we would never reach the question of federated identity, > because the chances of fraud (especially through a virus) are so high > that it will probably be a very long time before Internet-based voting > is a reality (if at all). > > Joe > > Joseph Chiusano > Associate > > Booz | Allen | Hamilton > ______________________-- > > 700 13th St. NW, Suite 1100 > Washington, DC 20005 > O: 202-508-6514 > C: 202-251-0731 > Visit us online@ http://www.boozallen.com > > -----Original Message----- > From: Michael Stiefel [mailto:development@reliablesoftware.com] > Sent: Monday, October 30, 2006 9:40 AM > To: soa-rm-ra@lists.oasis-open.org > Subject: [soa-rm-ra] Thought Experiment on SOA Security and Governance > > One of my action items was to come with a scenario that we could use to > think about SOA Governance. Here is one "use case". Try to imagine what > it would take for the United States to have secure Internet voting in > state and federal elections. > > Who would offer the "voting service"? > > This would be the extreme case of Federated Identity. Would the state > federated identity servers be trusted by the federal identity servers? I > cannot imagine everybody getting an X509 certificate. Would we restrict > voting to a few days? > > Comments? > > Michael > -- ****************************************************** Sr. Technical Evangelist - Adobe Systems, Inc. * Chair - OASIS SOA Reference Model Technical Committee* Blog: http://technoracle.blogspot.com * ******************************************************
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]