Mr Chai plans to write a three-part series on what he learnt about the Trusted Stack model, an idea that relies on not just hardware trusted security (a Trusted Platform Module, for example), a trusted operating system, and trusted applications, people and data.

I’m not sure if trusted people is the correct term, it’s more trust that the person is who he says he is or has at least told someone how to be who he says he is at the point he was asked.

I look forward to seeing the series of articles.

Read the full story on Security PortalPro.com here.

This is a favourable but level-headed look at the previously-reported keynote from Craig Mundie at the RSA Conference 2008. The three key elements of this is a chain of trust, an identity model, and industry participation. Regarding identity, Mr Oltsik has this to say:

In today’s computing environment, you also have to consider device type (i.e., am I communicating via my PC, cell phone, or PDA?), location, and the user’s work and personal profile. Yes, this complicates things but there is no getting around the fact that I use the same laptop to do my job during the day and then bid on vintage Gretsch guitars at night.

One can argue that people shouldn’t be using company hardware for buying off eBay, but a freelancer may have his own portable that needs to connect to a work network, so third-party hardware needs to be managed through this and Trusted Computing Group initiatives.

A final interesting point is that up until now Microsoft keynotes have been product demostrations and slick video presentations, but here they get back to basics and focus on issues, not image.

Of course, no article favourable to Microsoft would be complete without a reply from the peanut gallery, and this story is no exception, so be sure to check out the published comment.

The full story may be found on news.com here.

He writes:

“Ensuring that people can be identified raises the most complex social, political, and economic issues, with the No. 1 issue being privacy. The concern is twofold: (1) If authenticated identity is required to engage in Internet activity, anonymity and the benefits that anonymity provides, will be reduced; and (2) authenticated identifiers may be aggregated and analyzed, thus facilitating profiling.”

Trusted Computing has identification at its core, so how can anonymity be preserved by Trusted Computing? Microsoft’s seemingly contradictory claim is that secure identity ensures social anonymity.

There is also the PR problem in that Trusted or Trustworthy Computing plus Microsoft equal Big Brother in many people’s minds, with Trusted Computing earning a moniker like Digital Restriction Management, namely Treacherous Computing, used by many in the free software and open source communities.

Read the rest of this very thought-provoking article by Scott M. Fulton III at BetaNews.

The only way to restore trust in the online world is to get industry to work together to solve problems regarding authentication and identity protection on the internet. Trustworth Computing has addressed security on the client, but Scott Charney, corporate vice president of Trustworthy Computing at Microsoft says that these issues of identity and authentication need to be readdressed in other to restore faith in the internet.

Microsoft have authored a 20 page white paper outlining what needs to be worked on regarding online security and trust; and Craig Mundie, chief research and strategy officer at Microsoft, described Microsoft’s vision in a keynote speech at the RSA Conference. He said:

“For a long time, the industry didn’t do security well, and because of its market share, Microsoft became a very important player in all of this. We think that we’ve done a good job of improving things over the last six years, but still it’s not enough, and we need industry cooperation to do more in the Internet space.”

This new ecosystem needs to build up the same sort of consensus that initiatives such as the Trusted Computing Group’s Trusted Platform Module have achieved.

Fuller reporting on the situation is available at InfoWorld.

One key idea is proving you are who you say you are, such as providing a certificate that proves you are over eighteen before accessing an adult-oriented web site. At the moment management systems are disjoint and complicated, so Microsoft wants to make it simpler, or wants to own the process, depending on one’s view of the Redmond giant.

Bruce Schneier, chief security technology officer for BT, and all-round security guru, was asked for comments after seeing the Microsoft documents on End to End Trust. He dismissed the initiative saying “it feels general and like marketing hype”, and as for the need for centralised authentication, the idea “is just silly”. He sees Microsoft as using identity and rights management as a way to lock users into their products and deny competition entry into their arena.

Microsoft’s George Stathakopoulos, general manager of Microsoft’s Trustworthy Computing group, dismissed Schneier’s criticisms as the usual skepticism and conspiracy theories that all Microsoft’s initiatives attract.

This story was fully reported on News Blog.