Certificates Everywhere

  • Comments posted to this topic are about the item Certificates Everywhere

  • Certificates are one way. But in a connected world Claims Based Identity/Authourisation makes much more sense as it pushes the management of who can do what into the "source" domain which is controlled by the user or organisation making a claim. See http://en.wikipedia.org/wiki/Claims-based_identity

    As an example, I attempt to access this forum and this forum challenges me to supply credentials and a list of things I claim to be able to do (e.g. reply to a post). I reply to the challenge saying that my domain admin has configured me to post replies and supply an identity token issued by my domain server. The http://www.sqlservercentral.com web server responds by making a web request to my domain server which comfirms it issued the security token and the list of claims I'm making.

    In the MS world this is handled by WIF built into the web server application, ADFS services being published to the i-net and something like CardSpace (or whatever its called now) on the client device.

    Won't solve all the problems but solves many ...

  • certificates can be stolen or hacked. Authentication needs to have some real-time component if it is to be completely secure. I like having to use a combination PIN/Password and a 6 digit code (that is constantly changing) to access my banking accounts. That with perhaps a machine identity or certificate would present very accurate signature that identifies me as a client.

    The probability of survival is inversely proportional to the angle of arrival.

  • Steve

    Certificates are one way. But too often they are completely ignored by information professionals who really ought to know better (I'm pointing the finger at the British NHS).

  • Most folks, including IT and DBAs, don't truly understand certificates and PKI. Try explaining certificates to the general user base that don't understand compression and archives. :laugh:

  • It makes me think about the rapid development of quantum computing. All of the current schemes will shortly be useless and some new techniques will need to be invented or we will lose all aspects of authentication, authorisation, privacy and encryption.

  • I don't have a solution worked out, but I know there are some very smart security people out there and I'd hope that they are working on a variety of solutions that will increase the security we have, while allowing us lots of flexibility.

    Yes and we also have a number of brilliant hackers who so far seem to be very, very, very smart, in fact in many cases smarter than the security people.

    If everything seems to be going well, you have obviously overlooked something.

    Ron

    Please help us, help you -before posting a question please read[/url]
    Before posting a performance problem please read[/url]

  • Certificates are a useful part of a security scheme but surely platform vendors need to do more to build infrastructure into OS's etc for managing them more effectively?

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply