Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Certificates Everywhere Expand / Collapse
Author
Message
Posted Monday, April 09, 2012 10:08 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 4:29 PM
Points: 32,819, Visits: 14,965
Comments posted to this topic are about the item Certificates Everywhere






Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #1280585
Posted Monday, April 09, 2012 10:18 PM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Tuesday, April 15, 2014 7:01 PM
Points: 57, Visits: 248
Certificates are one way. But in a connected world Claims Based Identity/Authourisation makes much more sense as it pushes the management of who can do what into the "source" domain which is controlled by the user or organisation making a claim. See http://en.wikipedia.org/wiki/Claims-based_identity

As an example, I attempt to access this forum and this forum challenges me to supply credentials and a list of things I claim to be able to do (e.g. reply to a post). I reply to the challenge saying that my domain admin has configured me to post replies and supply an identity token issued by my domain server. The www.sqlservercentral.com web server responds by making a web request to my domain server which comfirms it issued the security token and the list of claims I'm making.

In the MS world this is handled by WIF built into the web server application, ADFS services being published to the i-net and something like CardSpace (or whatever its called now) on the client device.

Won't solve all the problems but solves many ...
Post #1280591
Posted Tuesday, April 10, 2012 6:52 AM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Today @ 8:03 AM
Points: 1,421, Visits: 3,221
certificates can be stolen or hacked. Authentication needs to have some real-time component if it is to be completely secure. I like having to use a combination PIN/Password and a 6 digit code (that is constantly changing) to access my banking accounts. That with perhaps a machine identity or certificate would present very accurate signature that identifies me as a client.



The probability of survival is inversely proportional to the angle of arrival.
Post #1280744
Posted Tuesday, April 10, 2012 7:25 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Wednesday, February 19, 2014 9:12 AM
Points: 27, Visits: 185
Steve

Certificates are one way. But too often they are completely ignored by information professionals who really ought to know better (I'm pointing the finger at the British NHS).
Post #1280775
Posted Tuesday, April 10, 2012 1:56 PM
Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: Friday, April 04, 2014 8:42 AM
Points: 598, Visits: 1,504
Most folks, including IT and DBAs, don't truly understand certificates and PKI. Try explaining certificates to the general user base that don't understand compression and archives.
Post #1281120
Posted Tuesday, April 10, 2012 6:34 PM


SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: 2 days ago @ 8:42 PM
Points: 444, Visits: 825
It makes me think about the rapid development of quantum computing. All of the current schemes will shortly be useless and some new techniques will need to be invented or we will lose all aspects of authentication, authorisation, privacy and encryption.
Post #1281278
Posted Tuesday, April 10, 2012 8:52 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 3:05 PM
Points: 5,472, Visits: 23,551
I don't have a solution worked out, but I know there are some very smart security people out there and I'd hope that they are working on a variety of solutions that will increase the security we have, while allowing us lots of flexibility.


Yes and we also have a number of brilliant hackers who so far seem to be very, very, very smart, in fact in many cases smarter than the security people.


If everything seems to be going well, you have obviously overlooked something.

Ron

Please help us, help you -before posting a question please read

Before posting a performance problem please read
Post #1281297
Posted Wednesday, April 11, 2012 3:55 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Friday, June 22, 2012 1:41 AM
Points: 39, Visits: 50
Certificates are a useful part of a security scheme but surely platform vendors need to do more to build infrastructure into OS's etc for managing them more effectively?
Post #1281409
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse