OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

soa-rm-ra message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [soa-rm-ra] Thought Experiment on SOA Security and Governance


While the use case is intriguing, I think we should start with something where the governance issue isn't conflated with other high emotion issues.  We will have enough of a challenge when we tell a program manager there are aspects of the program over which s/he doesn't/shouldn't have absolute control.


On Oct 30, 2006, at 12:04 PM, Duane Nickull wrote:

Federated Identity exists today. Both Adobe and Microsoft have server based
products which use a WS-Trust type model on the back end to allow a trusted
region to be declared including CRL's for all CA's.  Sadly, what you are
talking about is largely linked to the weak link in the chain - the people
who administer and operate the trust domain.  The basic tenet is to deny all
and allow only specific trusted entities.  All it takes is one slip.


On 10/30/06 11:00 AM, "Chiusano Joseph" <chiusano_joseph@bah.com> wrote:

My take is that we would never reach the question of federated identity,
because the chances of fraud (especially through a virus) are so high
that it will probably be a very long time before Internet-based voting
is a reality (if at all).


Joseph Chiusano

Booz | Allen | Hamilton

700 13th St. NW, Suite 1100
Washington, DC 20005
O: 202-508-6514
C: 202-251-0731
Visit us online@ http://www.boozallen.com

-----Original Message-----
Sent: Monday, October 30, 2006 9:40 AM
Subject: [soa-rm-ra] Thought Experiment on SOA Security and Governance

One of my action items was to come with a scenario that we could use to
think about SOA Governance. Here is one "use case". Try to imagine what
it would take for the United States to have secure Internet voting in
state and federal elections.

Who would offer the "voting service"?

This would be the extreme case of Federated Identity. Would the state
federated identity servers be trusted by the federal identity servers? I
cannot imagine everybody getting an X509 certificate. Would we restrict
voting to a few days?



Sr. Technical Evangelist - Adobe Systems, Inc.       *
Chair - OASIS SOA Reference Model Technical Committee*
Blog: http://technoracle.blogspot.com                *


Ken Laskey

MITRE Corporation, M/S H305     phone:  703-983-7934

7515 Colshire Drive                        fax:        703-983-1379

McLean VA 22102-7508


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]