Hi, I am Syam Pinnaka, Sr. SDE in InfoSec tools team. In AuthZ component of CISF, we have a requirement to perform authorization checks in a WCF service. Since CISF AuthZ module has a custom implementation of IPrincipal called as CISFPrincipal, Its looks little tricky to use the CISFPincipal in a WCF...

The Microsoft Information Security Tools (IST) team has released the Connected Information Security Framework (CISF) , a software development framework comprises of API’s and reusable components that is designed to ‘create bespoke or custom information security and risk management solutions.’ Additionally...

Hi Anil Chintala here. I am working on a requirement for a Portal, which is to share the look and feel of the portal by multiple web applications seamlessly and without any rework. I started doing some prototyping work and writing up some scenarios we would like to consider for the requirement. For the...

Vineet Batta here….This is a short introduction to the Application Portfolio Management (APM) component of the Connected Information Security Framework or CISF that we hope to reach the CTP milestone in next 2-3 weeks.  The APM component is designed to let you couple this lightweight application...

[As part of CISF we will ship an ASP.NET AJAX web portal in which you can host your custom security management applications. The portal allows users to personalize certain pages by selecting various widgets made available to them. The information in this blog post is informational only at this stage...

[As part of CISF we will ship an ASP.NET AJAX web portal in which you can host your custom security management applications. The portal allows users to personalize certain pages by selecting various widgets made available to them. The information in this blog post is informational only at this stage...

[As part of CISF we will ship an ASP.NET AJAX web portal in which you can host your custom security management applications. The portal allows users to personalize certain pages by selecting various widgets made available to them. The information in this blog post is informational only at this stage...

Mark Curphey here. Nearly two years ago I came to Microsoft to explore an idea. As Big Weld in the film Robots said “see a need, fill a need” and I had seen a need! For several years I had been looking at the security management tools space and talking with security professionals about their custom and...

Syam Pinnaka here, I am a Senior Developer on the Information Security Tools team focused mainly on building identity management software using Microsoft Forefront Identity Manager (more info about FIM can be found here and well be talking about the work we do on FIM in future post) as well as the Security...

Marius Grigoriu here… I’m the Product Manager for Risk Tracker and parts of the Connected Information Security Framework, some of the software we’re building for Microsoft Information Security and that we will frequently mention on this blog. The other day I got a link to the following article: http...

Randy Evans here…I am a Principal Architect on the Information Security Tools team. During the Risk Tracker project (something well be talking more about in the coming weeks), we found that a natural hierarchy of roles was inherent in the RBA authorization design. For example, the “Task User” role has...

Mark Curphey here (Follow me using @curphey on Twitter ). June is a busy time of year around MSFT. For most teams you have a pretty good idea about your budget for the next year (July – July) and the end of year performance review cycle kicks in. You spend most of your time in retrospective of the last...

We used to be called the Connected Information Security Group (CISG). The name change reflects an increased scope of tools that we are building and areas that we are focusing on so we have updated the blog URL. Well leave all the content on the old blog but all new content will be posted here. As well...