Silverlight and Security Documentation


Recently, there was an article in EWeek about the various platforms for Rich Internet Application (RIA) development, including Silverlight. It was an interesting article but one thing I found a bit worrisome is the author’s conclusion that Adobe has put the most effort into security and documenting secure practices. I own the security node for the Silverlight documentation on MSDN, which means that although I don’t own the feature-specific security concerns, I am responsible for pulling all these pieces together in a coherent way. As part of this charter, for the Silverlight 4 release I created a security topic based largely on a security whitepaper written by Nick, a PM for Silverlight. I worked with Nick to create this topic and it was reviewed by the Silverlight security team.

One of the ways that I think this topic adds value above Nick’s whitepaper is the fact that I can link to relevant feature-based security information. Also, since this topic is published on MSDN, it’s localized into several languages. In a previous release, I created a topic that describes the coding model under which Silverlight was created, to shed some light on why we think Silverlight is secure.

I noticed that although Bing returns this topics fairly high in the stack when searching for Silverlight security, that is not the case with all search engines, so obviously there is a bit of a discovery issue here.

But assuming you can find these security topics, what other kinds of security guidance are you looking for, or is there another way we could present the information that you would find more useful?

Waiting for the deluge…

–Cheryl


Comments (5)

  1. R. Bresarte says:

    "…so obviously there is a bit of a discovery issue here."

    Security issues are rarely addressed, and there is insufficient media for us to conclude that it is anything but a liability. Security is enormously important to the success of Silverlight.  Assume responsibility and fix it.

  2. Greg Hollywood says:

    As a suggestion, I think the Security topic an whitepaper mentioned above are too technical from a manager/eweek author perspective.  An author like who wrote the above article was obviously not a technie, but a writer, and I think was looking more for a security overview from a Manager (not techie) perspective.

    In other words, a paper on why SL can be and is security that could be given to corporate individuals to show that a SL RIA app is security enough to be on their network would be great.  Also I would publish it as a web article, not a word doc so it gets more converage and is easier to link to.  When I go to a link and it says download this document and read it, I rarely do so unless I have a really compelling reason.

    Anyhow, just my thoughts.  I think it SL got some good marks in the article about security itself, just maybe the documentation could be improved as suggested.

    Greg

  3. Bigsby says:

    I'm with Greg. It makes very little sense to have the Deployment Guide (or any documentation, whatsoever, I say) in a Word Document. People (myself included) want searchable practical and technical content with case scenarios. This is what MSDN is all about, isn't it?

  4. Wow nice post! I'm happy that I've found an article like this. Just keep on doing great.

  5. Alfredo De Regil says:

    Cheryl, this type of articles talking about the 3 main RIA platforms is of great value for us because we are investing heavely in Silverlight. Please share with us any other article not only about security.

    Thanks.