Here is a look back at this blog in 2006
January
Service Oriented Security Architecture - paper published in ISB. This paper deals with a security model for a distirbuted system the assets are separated as Identity, Message, Service, Deployment Environment, and Transaction. This way the risks and countermeasures can be understood and the elements and constraints dealt with in their own domain to the extent possible.
Learning from EAs: The EA Bill of Responsibilities - the role of a useful EA
Phasing Security into the SDLC - a comparison of approaches, top down, bottom up and so on
February
April
Governance and Assurance Synthesis
Darwin Lives - Governance Models and the ability to govern
May
SOA security metrics - from my SOA, Web Services security training in Leuven
June
Assertion Federation Assurance - putting strong authN on the wire
July
Intro to Identity Management Risk Metrics - published in IEEE Security & Privacy
August
Notes from MetriCon 1.0 Part 1, 2, 3
September
Laws of Identity and Web Services
October
Decentralization and Good Enough Security - Part 1, 2, 3
J Peterman's Threat Levels - watch out for the Enterman's shim sham
Whatever happened to give 'em enough eyes? - open source security lagging MSFT
November
Defining Misuse in the development process - published in IEEE Security & Privacy
Playing for keep across the board - thumb fingerprints or cut off your opposeable thumbs -- the choice is yours.
December
A series of posts looking at Rest security issues Part 1, 2, 3
Security Concepts, Challenges, and Design Considerations for Web Services Integration - published the DHS/ CERT Build Security In portal
Comments