Skip to main content

SAML SLAM.

While undergoing few interviews in the past few months I realised why we get so many breaches and issues in the industry. With so many qualified security professionals the obvious question to ask is:
"How is it possible with so many CISSP's, CISM's, CISA's etc. that almost every week we hear about new breach, new security issue and so on?"
Not trying to diminish the value of the certifications just pointing out on something that no certification will teach - imagination and thinking outside of the box.
During the interview with one well-known company SVP of security have asked me:
"So when would you use SAML instead of Oauth?"
I answered to the best of my ability and in the end pointed out that SAML is somewhat heavier with all SOAP message exchanges etc. and somewhat old protocol.
The question itself didn't make sense as SAML is used with Oauth in some cases :)
They can complement each other.
Then I asked question of my own:
"Is there an API Gateway in your architectural landscape?"
He laughed and said that there is no need as they don't expose their web services.
I froze a bit and from this point on tried to understand how I would fit into that organisation.
Do I have to drive to him that SAML is an exchange of XML messages just like web services are.
SOAP over HTTP :)
API Gateway or XML firewall as it is sometimes called absolute requirement to protect against fragmented XML messages and other nasty attacks.
Will that particular SVP know how to protect his company infrastructure?
I guess he will be SLAMed by SAML :)

Comments

Post a Comment

Popular posts from this blog

Artificial I

Yes not misspelled and my title is right: Artificial I . Lets us zoom for a second on 'why' and 'what' and then we can have a look at 'when'. Why ? Look at yourself in the mirror for 1 min. until you have your image in your memory. (Warning: to some the experience may be to much to take. I am not joking or alluding to anything here. Simply stating the fact that this process is deeply personal and may evoke number of complex emotions. Some of them may be not as pleasant as you would expect it.) Then sit yourself somewhere comfortably and close your eyes. Concentrate and try to bring your image back. You may succeed or you may not. It all depends on your brain ability to recall the images quickly and reliably over time as well as strange desire and ability to forget certain images. Now you probably slowly starting to realize by yourself is 'why' :) We need some sort of third party involvement here to help us along way as we have our limitations...
Post a Comment
Read more

Fight for the Light within

Finally I understand. Or it seems that I do. There is no Attainment. My whole approach to life around me was and is wrong. The energies around me is not be controlled, they are to be adapted to and allowed to freely pass without interferring. John Lennon sang about it in his 'Fool on the Hill'. But his main theme was somewhat passive and reflective - 'See the world going round'. The true mastery is when you are riding the never ending 'merry-go-round' of life energies like a surfer - using high waves to propel you forward to the shore of your goals and destiny.  Inevitably will be the times when I will fall and will have to climb back on my board and attempt to catch the next wave.  Will be the times when I will be scared by the magnitude of the wave coming towards me and possibly the sharks swimming nearby.  I will see other people drowning and not reaching the shore and shouting to me: 'Its hopeless we will all drown'. Will be times...
Post a Comment
Read more

Locomotive Breath

Living through the transition period is quite extradionary. We all kinda know and anticipate the outcome but not in a position to do anything about it. Like watching your train leaving the station and taking you for a ride. Matrix showed us the final result with humans being used to power machines. We all in one or the other way using our own energies to breathe the life in cold metal - building networks, programming and maintaining computers. They getting smarter and smarter and we are all excited about the possibilities of artificial intelligence. But the train will arrive to the next station and it will be our turn to get off. The train will be smart enough to move on its own without us. The train will be smart enough to look for sources of alternative energy if we try to stop it. Jethro Tull - Locomotive Breath https://www.youtube.com/watch?v=i19d1QnstsA&list=PLvy5jih231dYToxVkCz4xN2SX6zqVkeYT&index=17
Post a Comment
Read more