Web Services Strategies
Beyond the technology, IT strategies for implementation of Web services by Doug Kaye.
|
Reactions to On Liberty. My inbox was busy this week. I received more feedback on my essay on the Liberty Alliance than regarding any other topic I've addressed in my weblog or newsletter. Much of it was in private email, so I can't quote it, and most (but not all) was supportive. I heard from some heavy hitters in the world of security and digital identity including Andre Durand (of pingid.org), Eric Norlin (Digital ID World), Jiri Ludvik (who publishes a security weblog), Gerry Gebel (Burton Group), Brent Sleeper (The Stencil Group), and Carol, Russ and Scott (Glenbrook Partners).
Posted Tuesday, September 17, 2002 5:55:58 PM 
|
|
|
Glenbrook Partners on Liberty. Scott and Russ have posted their critique of my analysis of the Liberty Alliance 1.0 documents. Just a few points in rebuttal:
- Regarding the benefits of single sign-on for mobile devices or cross-platform identities, if that's the objective, there are ways to accomplish this without the drawbacks of Liberty. I'll have more to say on this later, but for now, just imagine RoboForm, based on ECML, and linked to an encrypted identity database that's accessible from any client or platform and that only the consumer can read.
- "No actual individual identity information is shared between identity provider and service provider." True, but I'm not worried about the cooperating parties. It's that once someone has gained access to my account at the identity provider, he can access all of my other accounts within the circle of trust without the need for usernames or passwords. Prior to federation of my identity, this wasn't possible unless I was foolish to use the same username and password on each of the sites. (See my description of the Compartmentalization Attack.)
- The Glenbrook paper claims that issues surrounding target marketing are "tangential to the mission and objectives of the alliance." I disagree. As I wrote in my original essay, I believe (and I think substantiate) targeted marketing and creating new ways to sell goods and services to consumer are precisely the objectives of the Liberty Alliance. Why else would they do this? If you think it's for the altruistic good of the consumer, do you believe the same about Passport or the new MSN Wallet? (Not me.)
Posted Tuesday, September 17, 2002 5:32:03 PM
|
|
|
|
| September 2002 |
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| 1 |
2 |
3 |
4 |
5 |
6 |
7 |
| 8 |
9 |
10 |
11 |
12 |
13 |
14 |
| 15 |
16 |
17 |
18 |
19 |
20 |
21 |
| 22 |
23 |
24 |
25 |
26 |
27 |
28 |
| 29 |
30 |
|
|
|
|
|
| Aug Oct |
|
|
