“1) Failure of the weakest links mustn’t lead to catastrophe – encrypting the channel doesn’t stop dumpster diving.
2) Not putting the role before the start role engineering is important, but it doesn’t drive the project.
3) Not every identity nail requires the technology hammer – technology may be fine, but without governance, it will fail.
4) Use of a system invites abuse of it so test the architecture with attack vectors.
5) Identifying things doesn’t make them more secure – identification can improve security, but it’s not the inevitable outcome.
6) Identity isn’t about the individual – it’s about the relationship; identity management encompasses the services communities need for organization.
7) There are a lot more than seven flaws.”
I especially like the last one.
Kim, will you comment on those,please? (Yes, I know I still have to write that article on stupid things in german digital signture law…)