spacer element
Products

Wednesday, 28 November 2007

What's Your Trust Model?

"...what's your trust model?" That was the first question asked of me as I sat across the table from the former CTO of RSA Security a few months after starting Ping. Suffice it to say, that question went right over my head like an SR-71 Blackbird doing Mach 5 at 100k feet. I'm no crypto-head, so five years later, I think I'm only now beginning to even remotely understand what he was asking me. 

That said, we've got a few crypto-trust experts here at Ping, and one of them described for us recently the trust model for our new dynamic federation. I thought it might be interesting to share. 

Static vs. Dynamic Trust

The fundamental security difference between normal SAML connections and dynamic federation is the trust model

  • Static connection: establish trust by explicitly exchanging certificates
  • Dynamic connection: uses PKI-based dynamic trust


With dynamic federation, we build a trust chain which bootstraps off of the Internet trust provided for by agreed to CA's.

 

 

 

 

 

del.icio.us digg Yahoo! MyWeb Posted by adurand at 10:36 AM in IdM | Responses (0) | Permalink




Syndication

Most Viewed:

Recently Posted: