Doug Kaye: Liberty Alliance and the compartmentalization attack

Compartmentalization – a big word to describe the principle of separating things into small chunks to, in this case, minimize the risk of loss.

Doug Kaye worries that the Liberty Alliance, with its consolidated single sign-on capability, increases your risk of loss because one “key” can open so many “doors”. Makes sense. The risk would apply to any single sign-on system – including Passport in the consumer space and others in the enterprise space.

How big is the risk? In other words, does it really matter? What’s the tradeoff between risk and the need to be secure? Is it any worse than having users writing down multiple userids and passwords on stickie notes next to their screens or keyboards? Or, perhaps even worse, users who use the same userid/password combinations across multiple sites and thereby have the same risk of loss? Only by considering specific user/application scenarios can one answer that question.

[Update: Doug responds]

This site uses Akismet to reduce spam. Learn how your comment data is processed.