It seems that the security industry is at an interesting juncture, as it's been around long enough to have frightened pretty much everyone, and like anyone or anything that tries to play on your fears too long, it becomes downright annoying. Yep, I think the security industry is at its annoying stage.

Companies are annoyed at having to spend money to fend off risk after risk, only to find out they're still at risk, and consumers are annoyed that companies can't seem to get their act together and stop losing their damn data.

But the big problem is that there is one person who remains unannoyed and unafraid: yep, that's the hacker. Now I'm no expert in military doctrine, but it seems to me that one of the better times to attack your adversary is when they are annoyed, as that's when they've begun to lose their focus.

All the more reason we need to regain our security focus. And an excellent way to do that is by signing up for this Wednesday's 'Threatscape 2008,' hosted by Mike Rothman right here at ebizQ. If you needed any more proof that hackers are dreaming up whole news ways to attack your network, just sign up for it right here.

Posted by pschooff in SOA Security | Permalink | Comments (0) | TrackBacks (0)

As often happens with revolutionary new products or services, different standards and technologies often vie for market dominance. An easy example of this could be the battle between VHS and Betamax.

In terms of SOA and security, there seems to be an almost primal disconnect between the two. Essentially, SOA wants information and data sources to be free and fully integrated into all levels of a company’s operations and decision-making, but on the security side, the immediate question is, Information free to whom? Because we all know, cybercriminals thrive on free information.

ebizQ’s own Joe McKendrick, and one of the leading voices on the leading edge of SOA and BI, wrote this excellent blog on the very subject, wondering if security threatened to shut-down SOA altogether.

The standards currently battling for SOA security supremacy are:

1. SAML (Security Assertion Markup Language).
2. WS-Federation
3. WS-Trust

As you can probably guess, all three are incompatible, and while SAML is favored by almost everyone, it is incompatible with Microsoft, which favors WS-Federation.

Andy Dornan wrote this excellent article covering SOA security in great detail for Information Week, and according to him, with SOA in a state of near constant flux, there is long long way to go before a single standard is reached.

And we all know who won the battle between VHS and Beta: DVD. But for how long?

Tag: SOA Security, SAML, WS Federation, WS Trust

Posted by pschooff in SOA Security | Permalink | Comments (0) | TrackBacks (0)