Topic: Security
Find out how Phil learned he'd been added to SpamCop.net's blacklist and how he managed to get his IP address removed. He's launched a new feature called Ask Phil at www.windley.com. He tells us why he's trying out web forum software rather than use the comments feature of his weblog.
Dan is the guy who was fired for co-authoring a report, "Cyber Insecurity," suggesting the security risks posed by the monoculture caused by Microsoft's dominance of the software industry. He talks about his long-term view of informations security, and a new white paper entitled "The Shrinking Perimeter -- Making the Case for Data Level Risk Management."
Andre explains his vision for how real-world federated identity will be deployed. His for-profit Ping Identity Corporation develops the software, which it then makes available using an open-source model from SourceID.org. The company also manages the shared network infrastrcture of PingID, which is the membership-driven entity that solves the scalability problem of the legal issues (managing the number of relationships that otherwise increases at an n-squared rate).
Tom Parenty's mission is to create a common language with which techies and managers can discuss the security of business activities. He sees two trends that demand this collaboration: that organizations are sharing more information, and that they're doing so without the traditional human intermediaries that act as filters.
Network World named Anne one of the 50 most powerful people in networking. Hear her insights on these hot topics: When will security and reliable messaging be part of web-services products? Which web-services vendors offer the greatest interoperability? Is the web-services specification process effective or a disaster? Will the EAI vendors survive the shift to open protocols for integration? Will SCO's Linux lawsuits destroy open source's GPL? Is C# "Java--the next generation?"
Imagine being able to send encrypted email to anyone using only their email address as a public key. No need to obtain and verify a public key in advance. PKI has failed as an email-encryption tool. Only a few of us use PGP. IBE could change all that. Founder Dan Boneh and CEO Sathvik Krishnamurthy are interviewed.
Is security for web services really all that different from security in other contexts? The author of Web Services Security tells it like it is. Which standards are fully cooked, and which should you avoid? What kinds of attacks will web services be vulnerable to? Are application/XML firewalls the answer?