Wednesday, 28 November 2007
What's Your Trust Model?
« Dynamic Federation. A Game Changer? | Main | Federation as Anti-Phishing Technology »"...what's your trust model?" That was the first question asked of me as I sat across the table from the former CTO of RSA Security a few months after starting Ping. Suffice it to say, that question went right over my head like an SR-71 Blackbird doing Mach 5 at 100k feet. I'm no crypto-head, so five years later, I think I'm only now beginning to even remotely understand what he was asking me.
That said, we've got a few crypto-trust experts here at Ping, and one of them described for us recently the trust model for our new dynamic federation. I thought it might be interesting to share.
Static vs. Dynamic Trust
The fundamental security difference between normal SAML connections and dynamic federation is the trust model
- Static connection: establish trust by explicitly exchanging certificates
- Dynamic connection: uses PKI-based dynamic trust
With dynamic federation, we build a trust chain which bootstraps off of the Internet trust provided for by agreed to CA's.
[Trackback URL for this entry]
