Whitfield Diffie, chief security officer for Sun, sees reliably securing Web Services as a fundamental concern facing network security experts. With the advancements in Web technology rapidly evolving and users relying on it as a primary resource, this is one challenge that will take years to conquer.

"These problems will dominate security over at least the working lifetime of old farts like me," Diffie said during his keynote address at the NetSec 2004 computer security conference in San Francisco and reported on by InternetWeek's Mitch Wagner.

Issues surrounding Web Services security are complex because of code and data that must be run routinely on systems that users cannot control. Web applications are most frequently run on a user's desktop system or occasionally on another site like Google or Amazon.com, Diffie explained.

"Now, I do most of my computing on a chip a couple of feet in front of me, or if I do it elsewhere, I know it," Diffie said. "I believe that within a decade, it will become true that a typical program, without human effort, will go out on the network and look for resources wherever they are available."

Diffie commented that these automatically sought after resources could be generated from a variety of sources such as Google's search algorithms, computing power or proprietary information like the databases at Mead Data that publish the NexisLexis compilation of newspaper and magazine articles.

Contracting Web Services and configuration control inevitably will be necessary as two computing entities require negotiated agreements to utilize each others' services. These factors will also be of concern regarding future security issues, Diffie continued.

Diffie, who discovered public key cryptography in 1975, stated that all of these issues will be major problems for secure computing in the same way that encryption and secure operating systems dominated computer security in the 20th Century. He did note, however, that computer security has had some great advances in the last 30 years.

"Everyone is so worried about network security that they fail to notice that networking has made some great contributions to security," Diffie said. "The least noticed security discovery of the late 20th Century, and certainly the most important outside of cryptography, is client-server computing."

Client-server computing allows a user looking to isolate sensitive information to encapsulate the information on a single computer and guard access to the computer. Prior to this discovery, users had the cumbersome task of gaining access to "the big computer that's down in the basement," and create a secure section on that computer.

"Now, if you have a secret project, you get a computer, you get a room, you put it in the room, you lock the door," he said. "You get to decide how the computer communicates with the outside world." [...read more...]

		fullsource
Print Email Current Profile Archive Blog Generate newsletter