TechTalks Event
Web Access Management/Security
with guest expert Phil Schacter of the Burton Group
February 22, 2001
Audio
• Streaming
MP3
• Download
MP3 (Download
Tips)
Technology Anchor Howard Straus and Co-Host Mark Bruhn quizzed guest expert Phil Schacter on Thursday, February 22 at 4:00 pm EST, about institutional issues and solutions regarding Web access management and security.
Guest Expert
Phil Schacter director, network strategy service and
an analyst with the
Burton Group, where his work focuses on network security, platforms,
messaging, and electronic commerce. Phil has 25 years' experience
in the network industry, spanning mainframe network applications,
network-delivered services, distributed messaging systems, messaging
standards and interoperability, network security policy and architecture,
and network management systems. He has designed and developed network
applications; managed network services and messaging product lines;
worked on standards groups; managed product engineering; and authored
industry reports on messaging, security and networking topics.
A valuable resource to 44 percent of the Fortune 100, The Burton Group provides world-class integrated consulting, advisory and research services focused on network architecture design and management. The Burton Group guides IT Professionals in making strategic enterprise infrastructure recommendations/decisions with in-depth, integrated, interactive and highly accessible knowledge, research and analysis of emerging and existing network technologies. With The Burton Group's superior network decision-support resources, IT Professionals are empowered to strategically design and tactically manage scalable, secure, efficient networks based on evolving business models. The Burton Group, a technology industry pioneer, is the first organization to combine traditional research services with invaluable consulting experience exclusively focused on network architecture. The Company offers the only in-depth, expert knowledgebase integrated with interactive, web-based decision tools. The Burton Group comprises a world-renowned team of Consultants and Analysts that is committed to providing only the highest quality services. The company's experts provide a unique, visionary, vendor-independent viewpoint based on the State of the Industry, as well as the end-user's long-term technological health and welfare.
Co-Hosts
Howard Strauss (above, left), Manager of Academic Applications
at Princeton University, is TechTalk's Technology Anchor.
Mark Bruhn is the Chief Information Technology Policy Officer for Indiana University, he is standing in this week, as co-host, for Judith Boettcher.
Together, Howard and Mark will ask the really tough questions—and relay the questions you email to them at expert@cren.net.
Background & Resources
One of the very best ways to get background on an issue is by reviewing the audio, transcript, and resource list from any related Tech Talks which have been previously broadcast and are now fully archived. And we're in luck, this event's co-host, Mark Bruhn was a guest last year on a Tech Talk about The Top Ten User Mistakes that Make Security Tough! Another related, archived CREN Tech Talk is Campus Certificate Authorities with Jeff Schiller in April, 2000. Jeff also visited us in October of 1998 in a session entitled, Certificate Authority Services. Directories are a related issue: Ken Klingenstein and Keith Hazelton were with us on the topic, Building Directories: the Fundamentals and Frank Grewe and Mike LaHaye were interviewed on Directories on Campus: Getting Started
Our guest expert, Phil Schacter, suggests that the following list (no particular order) of the leading vendors who provide what he calls Privilege Management Infrastructure is a good start for those who might want to see what the state of the art is:
- Netegrity
- Entrust Technologies
- Tivoli
- Securant Technologies
- Oblix
- Entegrity Solutions
- Baltimore Technologies
- Hewlett-Packard
- Transindigo
- Open Net, Inc.
- Vasco
- Novell
From the Chronicle of Higher Education: Are really far enough along that Security Software Enables Some Universities to Administer Exams With Laptops? And, security is at issue here: Obstacles Remain to the Creation of Paperless Campuses. Also read: Do 'Digital Certificates' Hold the Key to Colleges' On-Line Activities? and At the U. of Pittsburgh, Digital Certificates Begin Replacing Passwords. (You may need a Chronicle password to access the latter article.)
Ever wonder about the legalities and policies regarding the use of certificate authorities? Here's The Role Of Certification Authorities In Consumer Transactions which is the draft report of the ILFP Working Group On Certification Authority Practices.
Want some help with terminology? Here are some definitions from MACE: Middleware Architecture Committee for Education (of Internet2): identifiers, authentication, directories, authorization, and certificates and PKI.
CREN's Certificate Authority Service can be a part of Web access management and security for many institutions, especially CREN member institutions.
Along those lines, here is A White Paper on Authentication and Access Management Issues in Cross-organizational Use of Networked Information Resources by Clifford Lynch, an occasional CREN Tech Talk guest expert. Cliff's paper is referenced in this paper, Access Management of Web-based Services: An Incremental Approach to Cross-organizational Authentication and Authorization, by Ariel Glenn and David Millmanby, which has an excellent bibliography. And the Chronicle recently interviewed Cliff on this and related issues.
Trend Micro Inc. has a list of white papers, some downloadable in Word and others in PDF. A few are directly pertinent. Rather than sifting through them, we'll let you decide which ones are important to you.
As usual, the EDUCAUSE Information Resources Library is an excellent source of related resources, including:
- From EDUCAUSE2000: Who's Who, Who Isn't, What They Can Do, and How by another CREN Tech Talk expert, Gregory A. Jackson
- Also by Jackson from EDUCAUSE Review, Digital Certificates: How, Why, What to Do Next (pdf)
- The PKI for Networked Higher Education Working Group reported last year on Higher Education Partners with the Federal Government on PKI (pdf)
- From EDUCAUSE Review: Security vs. Anonymity: The Debate over User Authentication and Information Access by Virginia Rezmierski and Aline Soules
- From CAUSE/EFFECT in 1999: Web Security Solutions: Central Authentication for Locally Developed Applications by Noam Arzt and Daryl Chertcoff
- And Jack McCredie examines some of the unintended consequences of new technologies that relate to this topic, in Build It and They Will Come - Although You May Wish They Had Not.
