Sunday, March 14, 2010

Shooter game or warfare?

Are my children playing Counterstike?
Or flying a drone plane over Afghanistan?
Great article about pilots flying unmanned planes with remote control. But really remote: 10.000+ kms away.

Thursday, March 11, 2010

Claims explained


SAML, WS-Security and the Secure Token Service of WS-Trust result in a very interesting mix, where federated identity and integration (web services) come together.
Microsoft has published the free book(let) "A Guide to Claims–based Identity and Access Control". Obviously the book is focused on Microsoft technology, ADFS (code name Geneva), FAM and WIF in particular. But I found the first 2 chapters very informative and well written.

E.g. interesting to have confirmation that applications need to keep maintaining fine grained (data level) authorizations themselves.

Also intersting to read about the challenge of home realm discovery: how to know to what Identity provider an external user should be redirected to.

One of the main challenges in my opionion with federated identity is the transformation of tokens/claims. Unless there is further standardization (profiles), the integration with each external business partners will require token transformations. There seems to be a general tendency in WS-land not to bother too much with the actual business content of SOAP messages or SAML tokens.

The day when SAML tokens can be used in an interoperable manner to connect to back-end applications such as SAP or Oracle will be a great day. Looking forward to it.

Saturday, March 6, 2010

Securing my laptop

In my car, I spend quite some time listening to podcasts. On the topic of security, the podcasts Security Now and the Dutch podcast "De beveiligingsupdate" are my favourites.

Driven by the suggestions in these podcasts, I have taken a few extra measures to secure my laptop:
  1. Replace the ever leaky Adobe Acrobat PDF Reader with the Foxit reader.
  2. Set the Security level in Microsoft Internet Explorer to High for every zone. Even when using another browser, IE is used in MS-Office applications.
  3. Installed the NoScript plug-in in Firefox. NoScript allows to selectively allow the execution of Javascript. Only for a few sites I have allowed Java script permanently. For most sites, I only allow Javascript temporarily. It offers some extra defense against cross-site scripting attacks (XSS).
Disabling Javascript also helps with privacy: it reduces the amount of information exposed for browser fingerprinting. More Firefox add-ons for safer surfing are available here. Next one I'll try is Better Privacy to automatically remove Flash cookies.