Two E-Commerce Tales
- MIT and e-purchasing sites
- end-users have MIT-issued certs in browsers
- vendors want to provide MIT-specific services
- MIT works with vendors to accept MIT CA and
certs
... many do, some don't, based on business requirements
- UDub and bank "procurement card" site
- end-users use UW "weblogin" service for web SSO
- UW wants its users to have SSO to third-party bank-run site
- bank site runs UW security software on their web
site, users get SSO
- Lessons?
- it's business arrangements, not technology
- it's reuse of your infrastructure, not "standards"
- liability worked out case-by-case
- lots of risks turn out to be acceptable
|
|
|