[Auth]Re: Auth digest, Vol 1 #79 - 1 msg

[Peter Bachman]

address@hidden wrote:

> Send Auth mailing list submissions to
>         address@hidden
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://subscribe.dotgnu.org/mailman/listinfo/auth
> or, via email, send a message with subject or body 'help' to
>         address@hidden
>
> You can reach the person managing the list at
>         address@hidden
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Auth digest..."
>
> Today's Topics:
>
>    1. Anything newsworthy on the auth front? (Norbert Bollow)
>
> --__--__--
>
> Message: 1
> Date: Thu, 8 Nov 2001 08:42:02 +0100
> From: Norbert Bollow <address@hidden>
> To: address@hidden
> Subject: [Auth]Anything newsworthy on the auth front?
>
> Hi,
>   this is just a quick call to the various auth
> projects.... does one of them have something newsworthy to
> report that I could put into the next "This Week in DotGNU"?
>
> Greetings, Norbert.
>
> --
> A member of FreeDevelopers and the DotGNU Steering Committee: dotgnu.org
> Norbert Bollow, Weidlistr.18, CH-8624 Gruet   (near Zurich, Switzerland)
> Tel +41 1 972 20 59       Fax +41 1 972 20 69      http://thinkcoach.com
> Your own domain with all your Mailman lists: $15/month  http://cisto.com
>
> --__--__--
>
> _______________________________________________
> Auth mailing list
> address@hidden
> http://subscribe.dotgnu.org/mailman/listinfo/auth
>
> End of Auth Digest

I don't know if this qualifies as "new" but certainly worth the time of
review is
the progress being made with the Oasis SAML specification and it's progress
through
the Java community process.  There's also some links to other auth projects
at the oasis-open  site, some of which are aimed at different communities,
such as education. One would find further links to the consolidation of PKI
efforts which is certainly an ongoing effort at NIST.


Also a thought provoking re-read of Ed Gercks work on trust models and
information theory which challenges
what is really required to establish trust.

http://www.mcg.org.br/trustdef.htm


On the c=US front I decided to come up a patriotic DOD submission for
potential funding which combines
a personal identification token/transponder that could be GPS enabled and
RFI capable, which could be passed out by ground troops in war zones to
friendly  civilians. It's called FLAG for Federated Logical Affinity
Grouping.  The "FLAG" unit would be capable of showing up electronically,
as an ID token, or even showing a group of people in an electronic
battlefield to avoid casualties. After the  conflict had ceased and there
was a desired return to a non-military use, it would be converted over to a
secure voting token. The data, keys, etc would be registered in a
repository, likely a directory, along with selected attributes.  I know
there is some work over at the IEEE on secure voting which might be
leveraged at some point.

The reversal of the pub-sub model is an idea which is beginning to gain
some steam, one uses multicast messaging to have vendors subcribe to your
"control center"  with their services.  Your data remains persistent with
them only as long as they actually need it, with a ttl of some sort. The
server on your end manages the connections, updates and messages instead of
going to various web sites. This is consistent with Vivek Randive's idea of
a "multiverse" where everything begins to happen in real time. This could
prove to be very interesting, especially if affinity groups gather together
(as they do now) to get special deals, etc.

Of course the details of how Passport was exploited makes for interesting
reading, and what happens when people can steal your cookies.

peterb.vcf
Description: Card for Peter Bachman