All, the Concordia DG has created 2 short (~ 10 questions) surveys around assurance & authorization issues.

Authorization is one of the hottest topics in computing security today. Great strides have been made in the area of authentication, but the ultimate purpose of authentication is to provide input to authorization decisions. Security product vendors are offering packages that can serve as centralized authorization systems, or Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs) in XACML parlance. These products generally offer integration kits for various applications and platforms. Many organizations have or are beginning to architect XACML-based, logically-centralized authorization systems. The purpose of this survey is to generate data about both the business and technical drivers for authorization in the enterprise today.

http://www.surveymonkey.com/s/authz_survey


More and more, industries & governments are choosing a 'Level of Assurance' (LOA) model as a means to provide federation partners appropriate confidence in identity data received from external 3rd parties. But is the LOA model the only possible mechanism? This survey is intended to tease out real requirements of federated participants - perhaps answering this question.

http://www.surveymonkey.com/s/outsourced_id_data


Please consider taking the surveys yourself, and/or spread the word to partners, colleagues, etc not involved in KI.

Regards

Paul Madsen & Tatsuki Sakushima
Co-Chairs - Concordia DG