This is the official community gathering place and information resource for identity and trusted infrastructure standards. The site is hosted by the OASIS IDtrust Member Section, a group that encourages new participation from developers and users. This is an open, vendor-neutral community-driven site, and the public is encouraged to contribute content. See more about this site.
The new Dutch transit card system, on which $2 billion has been spent, was recently shown by researchers to be insecure. Three attacks have been announced by separate research groups. Let’s look at what went wrong and why.
Read the rest of the story at Ed Felten's blog at http://www.freedom-to-tinker.com/?p=1250.
If you want to transact business with credit cards, you have to follow the rules: the payment card industry security standards. Companies that don't comply face fines or worse. So why aren't more mid-market merchants already in compliance?
By Michael Jackman
CIO Magazine,
January 15, 2008
StrongAuth, Inc. , the creators of StrongKeyTM the first open-source Symmetric Key Management System (SKMS), has submitted a new version of the Symmetric Key Services Markup Language (SKSML) to the OASIS Enterprise Key Management Infrastructure (EKMI) Technical Committee.
Encryption of data is the last bastion of defense.
Since the dawn of computing, operating systems and applications have
used many schemes to identify and authenticate entities accessing
resources within computers. While the technologies and schemes have
varied, there appears to have been little attempt to classify them
based on their ability to resist attacks from unauthorized entities.
