A (Re)Introduction to Patterns

A couple of people have asked me why I haven’t responded to this initial post on the SE Insight site. Partially it was because I recently changed teams and this has just meant that I am crazy busy at the moment. One of the top asks was for a list of good pattern guides –…

0

SecPAL Parser Updated for VS2008 and F#1.9.6.16

I finally got around to updating the SecPAL Parser to run on the latest version of Visual Studio and F#. Development experience should be much cleaner now because F# is far better integrated into VS. If you run into any problems please post a note or drop me an email. For more information please see…

0

A Graphical DSL for Describing SOA Applications

Last October we ran a SOA workshop in Redmond, with the goal being to have members of the MCS field, global practices and other customer facing organizations discuss scenarios and patterns that they see on a regular basis. Having run several of these workshops in the psat, one challenge that is hard to overcome is…

0

Are banks encouraging phone phishing attacks?

I recently called the support number to verify a charge on my Wells Fargo account and it surprised me when the automated teller requested that I enter my card number and then my pin number. I was always lead to believe that we should never share our pin numbers as that obviously breaches the security…

1

Geneva Identity Management Framework

For anyone who has followed my blogs around developing an STS or writing authorization policies you will be very interested in Kim Cameron‘s announcement at PDC of the Geneva Identity Management platform. Genvea includes: Geneva Framework – A .NET framework for writing interoperable, claims aware applicatoins Geneva STS – An STS integrated with AD. Supports issuance…

1

patterns & practices Improving Web Services Security: Now Available!

Over the last 12 months we have had a lot of people who used the Web Service Security – Scenarios, Patterns and Implementation Guidance ask us where the implementation guidance for WCF was. Great news. JD Meier, Jason Taylor, Prashant Bansode and Rob Boucher and the rest of his P&P team have just released their…

1

SAML STS for WSE 3.0 (reposted)

Every week or so I get another email asking where the sample code for the SAML STS for WSE 3.0 has been moved to now that GotDotNet GotNuked. It wasn’t moved anywhere. So I figured I would repost it here for those that needs i. For those new to this you should also take a…

17

Sample declarative access control policy

In my previous post I mentioned that we have now released a parser for SecPAL that allows policies to be written in a human readable simplified English grammar. I thought it might be worth including an example – based on the scenario that was used in the GridToday post on Access Control in Grid Computing…

0

Parser for SecPAL simplified English grammar now available!

One of the great strengths of SecPAL is its unique support for multiple representations of a security policy; XML for interoperability; and a simplified English grammar for human readbility. The SecPAL v1.1 Research Release (available from http://research.microsoft.com/projects/secpal) allows SecPAL assertions to be created using the rich and flexible.NET object model or deserialized from (or serialized…

6