Page 2 - Microsoft Calls for Initiative on Web Security

Home

Architecture

Microsoft Calls for Initiative on Web Security
By Ryan Naraine
2008-04-09

Article Rating:

/ 0

Table of Contents:

Rate This Article:

Add This Article To:

Digg this

Del.icio.us

Slashdot

Y! My Web

E-mail

Furl

Google

Simpy

Spurl!

PDF Version

Microsoft Calls for Initiative on Web Security - 'A Trusted Stack'
( Page 2 of 2 )

Stathakopoulos said there are enough similarities between Microsoft's 2002 problems and the existing security nightmares haunting the Web.

"We don't want this to be interpreted as a Microsoft play," he said. “We're saying that these are the concepts that we generally support and we've put them together in this white paper and we're asking the industry to talk about it. We'd like to see everyone put the same energy into it that we put into the Trustworthy Computing initiative.

"The problem might be a little different but we think we can find ways to fix things. It's about how you exist online, what's your identity claim, how do you interact with the Internet. These are things we need to be talking about in a very serious way."

In the white paper, Microsoft spells out its own vision of how End to End Trust can be achieved through a "trusted stack" that features security rooted in the hardware, a trusted operating system, trusted applications, trusted people and trusted data.

"The entire stack must be trustworthy because these layers can be interdependent, and a failure in any can undermine the security provided by the other layers; for example, a document may be created by an identified individual, using secure hardware and a secure operating system, and sent to another as a signed attachment with integrity, but if it was created with an insecure application, it may not be trustworthy," according to the white paper.

"When trust is misplaced, it must be possible to identify the improvidently relied-upon party and have the right social and political mechanisms in place so that proactive and reactive steps can be taken. An appropriate audit capability can provide the evidence needed to inform response and drive an accountability framework."

The white paper also focuses heavily on establishing trusted identities on the Internet without abolishing the concept of anonymity.

Microsoft also makes it clear that the proposal is not meant to create unique, national identifiers or support the creation of mega-databases that collect personal information.

	Discuss Microsoft Calls for Initiative on Web Security

	>>> Be the FIRST to comment on this article!



	>>> More Architecture Articles >>> More By Ryan Naraine

Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article

Devsource Video Series

Great Minds in Development

Manipulating Society through Technology
Jeremy Bailenson, Director of the Virtual Human Interaction Lab at Stanford University, talks about virtual reality, avatars, Moore's law, how real world behaviors influence online reality, and societal manipulation through technology!
>> Play video
>> Read article
>> See all videos

Visual Studio 2008:
What we like best!

: Julia explores the Robotics Studio! (It's for more than you think.)

: Messages for Bill Gates!

.NET makes runtime type checking a breeze. See what Peter has to say about it in this week's tips!

Microsoft Counts on App Support for Vista: Microsoft has taken pains to demonstrate that Windows Vista will have ample application support.

	DevSource RSS FEEDS
	Want an easy way to keep up with breaking tech news? And the Get DevSource headlines delivered to your desktop with RSS.


DevSource Contact us \| Advertise \| Site Map

	Ziff Davis Enterprise Home \| Contact Us \| Advertise \| Link to Us \| Reprints \| Magazine Subscriptions \| Newsletters Tech RSS Feeds \| White Papers \| ROI Calculators \| Tech Podcasts \| Tech Video \| VARs \| System Builder
	Baseline \| Careers \| Channel Insider \| CIO Insight \| DesktopLinux \| DeviceForge \| DevSource \| eSeminars \| eWEEK \| Enterprise Network Security \| LinuxDevices \| Linux Watch \| Microsoft Watch \| Mid-market \| Networking \| PDF Zone \| Publish \| Security IT Hub \| Strategic Partner \| Web Buyer's Guide \| Windows for Devices
	Developer Shed \| Dev Shed \| ASP Free \| Dev Articles \| Dev Hardware \| SEO Chat \| Tutorialized \| Scripts \| Code Walkers \| Web Hosters \| Dev Mechanic \| Dev Archives \| igrep Use of this site is governed by our Terms of Use and Privacy Policy
	Copyright ©1996-2008 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. DevSource is a trademark of Ziff Davis Enterprise, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited. Microsoft is a registered trademark of The Microsoft Corporation.