Some people may think me a total whack job, but I think I have a serious plan for making the Internet secure. And it's not a pipe dream. The Internet can be made significantly safer starting today.
In May of last year, I published my thoughts on how to save the Internet in a whitepaper [PDF] and a series of Security Adviser posts, including "Fixing the Internet" and "Defending 'Fixing the Internet'." At the time I believed that it would take a bunch of new protocols to begin to pull off my vision, and I still believe that, at least for the full vision.
However, I did a disservice by not discussing the protocols and standards that already exist today, particularly a number of relatively new security protocols that are already helping to make the Internet a safer place. Created by many, many experts, these protocols aren't pie-in-the-sky dreams, but have already emerged as de facto standards. Any future Internet-based security system will likely use them, and perhaps contain all of them.
These are some of the protocols that are helping to build a more secure Internet:
Simple Object Access Protocol (SOAP) is a platform independent, XML-based protocol for sending messages (that is, data) between Web services and participating networks. If HTTP is the circulatory system, SOAP messages are the red blood cells.
Security Assertion Markup Language (SAML) is an XML-based standard for communicating identity, authentication, and authorization information between security domains. SAML 2.0 is quickly being accepted and adopted by most major players.
Web Services specifications and extensions (WS-*) are various (often unrelated) messaging standards related to Web services and frequently surrounding the security of Web services. The Web Services (WS) specifications themselves deal with how various applications and computers can successfully and reliably communicate over untrusted networks such as the Internet.