Access "Key to the World"
This article is part of the January 2005 issue of How security pros can benefit from information sharing
BITS & BOLTS SAML's portable trust makes federated identity work. The way most e-commerce works--B2B and B2C--is that a person signs on to a Web site and provides his credentials, which are verified through stored identities typically only valid for that session and that domain. It's a cumbersome process that slows the user experience and transactions, and requires expensive identity stores and management systems. The idea behind Web services and federated identities is that you only need one identity to access multiple accounts and resources across different, trusted domains. The magic behind the process is Security Assertion Markup Language (SAML), the standard that breathes life into the growing world of XML-based communications. SAML, developed by OASIS in collaboration with several identity management vendors, provides a means for trusted parties to leverage federated identities and for trusted third parties to act as an authority for hundreds or thousands of service providers simultaneously. In theory, this means that one identity can be ported across ... Access >>>
Premium Content for Free.
You're just plugging holes if you don't have the right processes and policies.
The Sky's the Limit
What security technology do you need that you can't get today? Here's your wish list.
Content Filtering: Websense Enterprise 5.5
Websense's Enterprise 5.5
Authentication: RSA SecurID 6.0 for Windows
RSA Security's SecurID 6.0 for Windows
Seattle CISOs Ernie Hayden and Kirk Bailey are pioneering a new level of trust and cooperation to secure their enterprises.
Hot Pick: F5 Networks' FirePass 4100 Series
F5 Networks' FirePass 4100 Series
- Vulnerability Mismanagement
Antispyware: Webroot Software's Spy Sweeper Enterprise
Webroot Software's Spy Sweeper Enterprise
Secure Reads: Gray Hat Hacking
Gray Hat Hacking: The Ethical Hacker's Handbook
Recent Releases: Security product briefs, January 2005
Learn about the information security products released in January 2005.
by Steven Weil, Contributor
Avinti's iSolation Server 1.1
The Myths of Security
The ancient Greeks spun myths to explain the unexplainable. Modern enterprises use commonly held myths as a foundation for security.
Key to the World
SAML's portable trust makes federated identity work.
- Antispyware: Webroot Software's Spy Sweeper Enterprise
Logoff: Government tosses pennies toward information security
Death by a Thousand Cuts
Editor's Desk: Remembering the dearly departed
Built to Sell
Layer 8: The security governance myth
Perspectives: Walk in management's shoes
One security manager describes his experience with a management program that helped him understand how to align security with business objectives.
- Logoff: Government tosses pennies toward information security
More Premium Content Accessible For Free
As more security professionals take on greater roles in global risk management, Global 2000 companies are investing in cybersecurity measures above ...
All indications show that DDoS attacks are increasing in variety, number and size. No network system is immune and information security pros can't ...
The Fast Identity Online (FIDO) standards reached the public draft stage in February, and the first deployments of FIDO-ready technologies followed ...