Certificates Everywhere

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » SQLServerCentral.com » Editorials » Certificates Everywhere

Certificates Everywhere

Rate Topic

Display Mode

Topic Options

Author

Message

Steve Jones - SSC Editor

Posted Monday, April 09, 2012 10:08 PM

SSC-Dedicated

Group: Administrators
Last Login: 2 days ago @ 1:47 PM
Points: 31,406, Visits: 13,722

Comments posted to this topic are about the item Certificates Everywhere

Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help

Post #1280585

belgarion

Posted Monday, April 09, 2012 10:18 PM

Valued Member

Group: General Forum Members
Last Login: Sunday, April 21, 2013 6:28 PM
Points: 53, Visits: 198

Certificates are one way. But in a connected world Claims Based Identity/Authourisation makes much more sense as it pushes the management of who can do what into the "source" domain which is controlled by the user or organisation making a claim. See http://en.wikipedia.org/wiki/Claims-based_identity

As an example, I attempt to access this forum and this forum challenges me to supply credentials and a list of things I claim to be able to do (e.g. reply to a post). I reply to the challenge saying that my domain admin has configured me to post replies and supply an identity token issued by my domain server. The www.sqlservercentral.com web server responds by making a web request to my domain server which comfirms it issued the security token and the list of claims I'm making.

In the MS world this is handled by WIF built into the web server application, ADFS services being published to the i-net and something like CardSpace (or whatever its called now) on the client device.

Won't solve all the problems but solves many ...

Post #1280591

sturner

Posted Tuesday, April 10, 2012 6:52 AM

Ten Centuries

Group: General Forum Members
Last Login: 2 days ago @ 11:27 AM
Points: 1,314, Visits: 2,882

certificates can be stolen or hacked. Authentication needs to have some real-time component if it is to be completely secure. I like having to use a combination PIN/Password and a 6 digit code (that is constantly changing) to access my banking accounts. That with perhaps a machine identity or certificate would present very accurate signature that identifies me as a client.

The probability of survival is inversely proportional to the angle of arrival.

Post #1280744

tim.pinder

Posted Tuesday, April 10, 2012 7:25 AM

SSC Rookie

Group: General Forum Members
Last Login: Monday, February 04, 2013 9:24 AM
Points: 25, Visits: 177

Steve

Certificates are one way. But too often they are completely ignored by information professionals who really ought to know better (I'm pointing the finger at the British NHS).

Post #1280775

chrisn-585491

Posted Tuesday, April 10, 2012 1:56 PM

SSC-Addicted

Group: General Forum Members
Last Login: 2 days ago @ 7:18 AM
Points: 478, Visits: 1,260

Most folks, including IT and DBAs, don't truly understand certificates and PKI. Try explaining certificates to the general user base that don't understand compression and archives. Laugh

Post #1281120

davoscollective

Posted Tuesday, April 10, 2012 6:34 PM

SSC-Addicted

Group: General Forum Members
Last Login: Thursday, May 16, 2013 5:27 PM
Points: 408, Visits: 681

It makes me think about the rapid development of quantum computing. All of the current schemes will shortly be useless and some new techniques will need to be invented or we will lose all aspects of authentication, authorisation, privacy and encryption.

Post #1281278

bitbucket-25253

Posted Tuesday, April 10, 2012 8:52 PM

SSCertifiable

Group: General Forum Members
Last Login: Yesterday @ 9:21 AM
Points: 5,099, Visits: 20,191

I don't have a solution worked out, but I know there are some very smart security people out there and I'd hope that they are working on a variety of solutions that will increase the security we have, while allowing us lots of flexibility.

Yes and we also have a number of brilliant hackers who so far seem to be very, very, very smart, in fact in many cases smarter than the security people.

If everything seems to be going well, you have obviously overlooked something.

Ron

Please help us, help you -before posting a question please read
Before posting a performance problem please read

Post #1281297

david.gray 17570

Posted Wednesday, April 11, 2012 3:55 AM

SSC Rookie

Group: General Forum Members
Last Login: Friday, June 22, 2012 1:41 AM
Points: 39, Visits: 50

Certificates are a useful part of a security scheme but surely platform vendors need to do more to build infrastructure into OS's etc for managing them more effectively?

Post #1281409

« Prev Topic | Next Topic »

Permissions