Tuesday, November 07, 2006

Intelligence Service Provider?

I'm watching an American Intelligence Officer critique the processing of intelligence data in the run-up to the Iraq War (think WMDs).

He (partially) ascribed the debacle as a result of those analysts tasked with assessing Saddam's abilities and plans failing to follow the Intelligence Golden Rule, to say:
What we know, how we learned it, and when we learned it.
Sounds like an IDP doesn't it?

For an SSO assertion, the 'what' is the authentication status of the user, the 'how' is the authentication context, and the 'when' is the time from which the assertion is valid.

He also said that a good analyst will always also provide 'What we don't know'. That would be a little tougher for an IDP. Maybe we need negative assertions in SAML.

No comments: