[cap-talk] [securitymetrics] CSIS report is published
Karp, Alan H
alan.karp at hp.com
Wed Dec 10 11:18:31 EST 2008
(Continuation of an off-line discussion)
Mike Davis, Technical Authority (sort of Chief Architect) for Information Assurance for SOA for the US Navy has said that he will bring these comments up at an NSA sponsored security conference in February. Mike is a strong advocate of ZBAC, so he should be able to make a good case.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
> -----Original Message-----
> From: Monty Zukowski [mailto:monty at codetransform.com]
> Sent: Wednesday, December 10, 2008 8:14 AM
> To: Karp, Alan H
> Subject: Re: [cap-talk] [securitymetrics] CSIS report is published
>
> Maybe you should go on list with this comment? Is there any way to
> lobby for a better way to do it?
>
> Monty
>
> On Mon, Dec 8, 2008 at 5:21 PM, Karp, Alan H <alan.karp at hp.com> wrote:
> > The list of contributors shows up on page 79 (sheet 85) of my copy.
> >
> > The banking example makes it clear that they have confused strong
> authentication with strong authorization. Following their advice will
> lead to a nightmare of world-wide Federated Identity Management, making
> it so hard to cooperate that people will share credentials just to
> avoid the hassle. Strong authentication and you still have no idea who
> you're talking to.
> >
> > ________________________
> > Alan Karp
> > Principal Scientist
> > Virus Safe Computing Initiative
> > Hewlett-Packard Laboratories
> > 1501 Page Mill Road
> > Palo Alto, CA 94304
> > (650) 857-3967, fax (650) 857-7029
> > http://www.hpl.hp.com/personal/Alan_Karp
> >
> >
> >
More information about the cap-talk
mailing list