Hi Gary, I think they are doing it, Cardspace is the key enabling technology to making it happen. Given how many enterprises are federation-enabled (and how simply the rest can be), the biggest missing piece right now is that we need an Identity Provider for the Internets.
Of course this only helps to solve the access control problem, not the defensive programming problem, you can still shoot yourself in the foot with SAML and WS-* (Brian Chess and I gave a talk on this at RSA). But at least it will be nice to have the banks and brokerage houses stop having people type their username and passwords into web browsers, and then blaming the consumer when things go amiss. -gp Gary McGraw wrote: > hi sc-l, > > Here's an article about Mundie's keynote at RSA. It's worth a read from a > software security perspective. Somehow I ended up playing the foil in this > article...go figure. > > http://reddevnews.com/features/article.aspx?editorialsid=2470 > > So what do you guys think? Is this end-to-end trusted computing stuff going > to fly with developers? > > gem > > company www.cigital.com > podcast www.cigital.com/silverbullet > blog www.cigital.com/justiceleague > book www.swsec.com > > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > _______________________________________________ > > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________