A recent article by Robert Mullins, called “Enterprises warned to approach Web 2.0 with caution”, says:
“Danny Allan of IBM had just finished his primer on potential security risks of Web 2.0 applications when enterprise software developers filing out were overheard telling each other, “That was scary!” and “Now I’m depressed.” Allan says he didn’t mean to scare, but to educate. “The lesson is not to run away but to prepare,” said Allan, director of security research at Watchfire, an IBM-owned security firm”
This is also consistent with what HP SPIDynamics said sometimes ago, in particular about security risks and issues with Enterprise Web 2.0 (see here and here).
In a previous post of mine, called “Web 2.0/Ajax “Submission Throttling” and Privacy Concerns” I also highlighted a (simple) example of a potential Web 2.0 privacy threat (ok, this was primarily from a B2C perspective, but this could also apply to enterprise and federated IdM contexts …). I am sure this is just the tip of the iceberg …
I would be interested in knowing what the outcome of a similar risk/security/threat analysis/assessment would *specifically* be for “Identity 2.0”-based solutions (including Liberty Alliance, of course …) – in B2C, Enterprise and federated IdM contexts.
I believe there will be interesting findings, from a privacy and data security perspective, in particular when dealing with personal and confidential information.
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment