Archive for January, 2008

Service Oriented Architecture (SOA) Deployment

Thursday, January 24th, 2008

SOA is all about Architecture.  It is my belief that the Services exposed must also include some form of usage guidance (apart from development API and WSDL).  The usage guidance could be in the form of “Best Practices for using this Service X” which should contain some of the scenarios for which this Service was developed.  It must also contain how this Service can be used in “Enterpise Integration Patterns”.  An excellent cheat of these Patterns is available here. This guidance is necesary for developing a Threat Model not only for the Service being provided, but also for developing a Threat Model for the another Service or Application that is consuming this published Service.

Microsoft has published excellent information on developing Threat Models, necessary Tools and Blog.

Posted in SOA | 2 Comments »

Web 2.0 Security

Thursday, January 17th, 2008

If you start a conversation today and ask “what are you working on?” the answers you get are interesting – “web 2.0″, “SOA”, “Web Services”.  If you ask followup questions on this, you will get more confused about what is this is all about.  So, what is the problem here?  Well, terminology has been overloaded and technologists are trying to put meaning into marketing terms. 

Based on customer surveys related to Web 2.0 technologies and security, I found a common theme.  It is this theme that has been documented in my white paper on Web 2.0 Security.  Feel free to chime in on your thoughts …

Posted in Web 2.0 Security, White Papers and Articles | 2 Comments »