This is Cpswan's Typepad Profile.
Join Typepad and start following Cpswan's activity
Join Now!
Already a member? Sign In
Recent Activity
It's sad to see how little the state of the art has moved on in the last few years, and I feel that XACML implementations continue to disappoint. I said a little while ago that XACML is 'like LDIF without LDAP'. Ferrying stuff around in SAML is an ugly kludge to get around the lack of a standardised PDP interface, and to realise its ambition I feel that the XACML implementation vendors need to get together and crack this. We'll know that we've won when 3rd party application (and service) vendors implement stuff to that interface rather than always baking in their own mini entitlements server (as they did a decade ago with AD/LDAP and authentication).
Firstly sorry for showing up late to this thread. Your tweet about Montier caught my eye (though the WSJ link was broken :( I think we're on the same page here. I wrote some time ago about information security being 'Pareto inverted' - @Brian is spot on the application security should be built in rather than bolted on, but @Michael is also right that there's a healthy (and somewhat publicly traded) market in bolt ons above the network layer. I see two problems here in the transition. The first is simple inertia - we can't stop doing the network stuff. At the very least it 'keeps the lumps out' as an old colleague of mine (now at Juniper) used to say. Also the regulators won't let us give up the old defences. The second is verifyability. Bolt on solutions provide a simple place for auditors to insert a check, and check a box. Built in solutions require built in understanding, and we don't really have the tools for that yet.
Toggle Commented Jan 21, 2011 on Return of the Cocktail Napkin at 1 Raindrop
This isn't a knee jerk reaction. We already had that with the dangerous dogs act. This is sadly yet another example of 'we've failed to properly enforce the existing law, so we'll have a new totally disproportionate law instead and hopefully that will fix it'. It's exactly the same thing as we see happening with the Independent Safeguarding Authority (ISA). There was a hiccup in the existing CRB regime that should have stopped Huntley before it was too late, but failed. So instead of fixing the existing system the government decides instead to produce an even more massive bureaucracy (which by its very size and complexity is even more doomed to fail). The second order problem is spin. 'We're going to have a new law that will fix this' makes a much more compelling headline that 'we'll try to do a better job of enforcing whatever', or 'we'll cut the budget for that a little less than we were planning to because it seems important at the moment'. All that is being achieved here is growth of the public sector (and national debt). Sadly the greatest issue is that this will fix nothing. It will inconvenience the law abiding man (and dog) on the street, and be totally ignored by those it's intended to deal with. As a friend tweeted earlier 'Insurance for dogs should work well - the most dangerous lawbreaking motorists are the ones who buy insurance and tax first, after all'
Cpswan is now following The Typepad Team
Jan 6, 2010