David Strom: Federated identities create new security risks

David Strom reports on Dan Geer’s talk at the recent Burton Catalyst Conference in San Francisco.

Federation frustrates accountability. It is harder to keep track of what happened, and who penetrated your defenses, when the attack can come from anywhere in the world, use any protocol, and anyone can be the attacker, just as long as your system trusted them long enough to establish their credentials. No single person in your corporate network universe will be able to understand the entire picture of your applications infrastructure, and trying to debug some design error could be a troubleshooting nightmare, particularly if your developers have written very modular code that pulls in data from all over the place and uses all sorts of trusted nodes or users. This is exactly the kind of design ethic that those federation guys are pushing for. All of a sudden, complexity becomes corporate enemy number one.

This site uses Akismet to reduce spam. Learn how your comment data is processed.