In the Cryptographer's panel, Whitfield Diffie, Vice President and Fellow Chief Security Officer, Sun Microsystems, said that within 10 years he believes that technology will create the genetic offspring of two women thereby rendering men a clumsy and inefficient means of reproduction. I think he then said that due to genetic engineering, it won't be humans having this discussion in another 10 years. I look forward to reviewing the video to see if I heard all of that correct. He got some good laughs, but I think he was serious.
The BT/CNBC Risk Resilience webcast was one of the more entertaining sessions for me. Michelle Dennedy, Chief Privacy Officer for Sun Microsystems, said that Sun employees' avatars in the game Second Life must adhere to a Sun-approved dress code. I believe she said that Sun wasn't trying to interfere with how employees play games on off-hours while at home, but I can't imagine Sun has a policy that encourages playing games at work? As a CPO, she has a tough job, but I thought Dennedy did a good job at being a likable bad cop to Schneir's good cop.
In the same session, Bruce Schneir said that we're currently experiencing the biggest generation gap since Rock n Roll. He reminded me of a quote that I heard
In Thomas Kurian's keynote, he talked about protecting data across the network even from the DBA. He joked that DBAs should be the highest paid people in the world since they have direct access to change salary information in the database. Technologies exist to prevent that access while allowing the DBAs to continue doing their job. He described the need for transparent encryption so that applications won't need to be re-written. He then talked about the absolute need for strong identity management solutions and emphasized the fact that a comprehensive identity solution must include an audit of identity transactions. (ding ding) I almost stood up and said "yes" but luckily I stayed quietly in my seat. That hit home for me because it's what we do at NetVision and as I walked the expo floor and spoke with Identity solution vendors, nobody could audit transactions outside of what their own system does. I was glad to hear it emphasized on the big stage.
Last one - in the track on Consolidating Logical and Physical Access Control, John Thielens and Michael Hejtmanek explained that part of the friction holding back convergence has been that the physical security vendors haven't been traditionally trained in enterprise IT architecture. More often, they resemble cable installers who may not know how to join a workstation to a domain. The big take-away for me from that session is that there is hope. PAC and LAC are coming together. Training is happening and vendors on both sides recognize the urgency. So, what I saw a year or two ago (which was discouraging) sounds like it's getting closer to reality for widespread adoption. I don't know how companies are dealing with the fact that they're in shared or leased buildings, but at least progress is being made.
OK, I think that gets all the highlights out of my head.
UPDATE: Apparently, that quote wasn't from Doc Searls. Sorry Yogi. um, Doc. Unfortunately, I'm fairly confident it was someone on stage that passed the quote as yours - can't recall who though.