November 25, 2003

carol coye benson on federation and liability transfer

Carol Coye Benson of Glenbrook Partners has a article, Liability and Federated Identity: Much Ado About Nothing on why Federated identity probably may not live up to expectations: they will likely never provide a basis for transferring liability for between the parties to an on-line transaction. But, as she points out, this probably won't matter. This is the thing I think most security wonks miss -- it's tilting windmills to try to make risks disappear or to transfer them all away. But this doesn't mean you can't do business. It just places a burden on you as the business manager to understand the risks and how they affect the prospects of turning a profit. Its perfectly reasonable to take an informed risk, and often significantly cheaper than trying to eliminate the risk altogether. Posted by dapkus at November 25, 2003 10:13 PM | TrackBack