Ping Identity announced that PingFederate Web Services 2.6 is available for immediate download from its Web site. Now packaged as an optional add-on module for PingFederate, Ping Identity's industry-leading standalone federated identity software, PingFederate Web Services 2.6 adds support for the OASIS WS-Trust 1.3 standard, as well as the ability to create and validate CA SiteMinder SMSESSION tokens.
Welcome to IDtrust XML.org.
This is the official community gathering place and information resource for identity and trusted infrastructure standards. The site is hosted by the OASIS IDtrust Member Section, a group that encourages new participation from developers and users. This is an open, vendor-neutral community-driven site, and the public is encouraged to contribute content. See more about this site.
Wasn't 1999 supposed to be "the year of Public Key Infrastructure (PKI)?" Yes, I know, another analyst prediction that didn't come to fruition. It's fair to chastise the analysts for another missed call, but PKI certainly shares some of the blame. It really is difficult to imagine a "year of PKI" because PKI isn't your typical technology trend. PKI isn't a standalone security widget, it is a complex infrastructure that must be integrated into existing applications and business processes.
Symmetric Key Management Systems address the need to improve the way that enterprises manage symmetric keys over their lifecycle.
While not as popular as public key methods, there are strong mechanisms for establishing authenticity through symmetric cryptography. If Alice and Bob know they have a reliable and unique shared secret (symmetric) key, then the ability for either of them to sensibly decrypt a message with that key provides strong evidence that the encrypted message came from the other party. Defence methods like the Fortezza card uses symmetric authentication in this way.
NEEDS MORE DETAIL
Setting aside the fact that smartcards and other cryptographic devices constitute "two factor" authentication, the term is often used to refer to a large class of personal authentication devices that generate a pass phrase or other login code, used to access online resources. There are three important sub-classes:
Time Syncronised One Time Password: every thirty seconds or so, the device generates a fresh pseudo random one time password. The pseudo random number generator is seeded uniquely for each specific device.