[cap-talk] Any hope in RSA 2008?
Karp, Alan H
alan.karp at hp.com
Wed Apr 2 18:17:23 EDT 2008
No. Well, maybe epsilon because I'm speaking. Last year, one of the attendees at my talk said it was the only one in the entire SOA track that made any sense.
Jed wrote:
>
> I must say that the experience was quite discouraging. I'd be quite
> interested to hear from anybody with a more optimistic view of
> the current state of the Computer Security field - e.g. as represented
> at RSA 2008.
>
You missed one, "Solving the Transitive Access Problem for SOA", Alan Karp. In spite of that one bright light, it's quite depressing. On Monday, the Liberty Alliance will have their full afternoon session, where they explain how federated identity management will solve all your access control problems once they've ironed out a few kinks. Of course, they've been saying that for 3+ years now.
>
> Securing Your SOA: Entitlement Management
> in a Service-Oriented Application
> Sekhar Sarukkai | CTO, Securent, Inc.
Sekhar is an ex-e-speaker. The Securent platform is based on the e-speak technology, but their access control is based on ACLs. I was arranging to give them a talk on using authorizations when they got bought out by Cisco. I plan to corner them at the conference and set up a talk.
I recommend that anyone on this list with a low boiling point stay away from the SOA and identity management talks at the conference. The amount of nonsense spouted as best practice boggles the mind. Go to the crypto sessions. At least what's presented there makes sense.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list