Security Architecture - Beyond Passwords?

a voice in the crowd asks: "We're investigating different PKI technologies to introduce support for strong authentication, single sign-on and secure messaging. There seems to be a broad range of both companies and approaches out there. I'm looking for success and horror stories from those who have taken point on this issue. Your help is appreciated." Read on for more information on what is being evaluated and the critical questions being asked.

"Some of the pieces currently under review include:

• Verisign's Onsite Lite
• USB Token holders (aladdin, hasp, etc)
• smart cards

Some of our questions include:

• What headaches is key recovery going to be?
• Is there any meaningful long-term competition?
• How reliable is the hardware once deployed?
• How is vendor support?
• Is the integration with Win2k, Notes, etc both functional and seamless?
• What policy administration issues do we need to be aware of?
• What best-practice documents are available?
• How locked in will we be?
• Will our Blackberry 5810's grok the secured messages, and if so do they represent a point of vulnerability for the certificates?
• Can we enforce non-trivial PINS
• What changes to your help desk workload and practices have resulted?

Most importantly, Do the users like it?"

Re:Anonymous Coward (mod this up)

[geoswan]

I am posting AC because bloody /. won't accept my smartcard login.

Come on moderators, this is funny.