Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Security   (RSS)
Saturday, September 26, 2009 3:27 PM

SecPAL Parser Updated for VS2008 and F#1.9.6.16

I finally got around to updating the SecPAL Parser to run on the latest version of Visual Studio and F#. Development experience should be much cleaner now because F# is far better integrated into VS. If you run into any problems please post a note or
Posted by Jason Hogg | 0 Comments
Tuesday, January 27, 2009 10:05 PM

A Graphical DSL for Describing SOA Applications

Last October we ran a SOA workshop in Redmond, with the goal being to have members of the MCS field, global practices and other customer facing organizations discuss scenarios and patterns that they see on a regular basis. Having run several of these
Posted by Jason Hogg | 0 Comments
Attachment(s): SOA Library Visio Stencil.vss
Tuesday, January 06, 2009 3:29 PM

Are banks encouraging phone phishing attacks?

I recently called the support number to verify a charge on my Wells Fargo account and it surprised me when the automated teller requested that I enter my card number and then my pin number. I was always lead to believe that we should never share our pin
Posted by Jason Hogg | 1 Comments
Filed under:
Monday, October 27, 2008 12:08 PM

Geneva Identity Management Framework

For anyone who has followed my blogs around developing an STS or writing authorization policies you will be very interested in Kim Cameron 's announcement at PDC of the Geneva Identity Management platform. Genvea includes: Geneva Framework - A .NET framework
Posted by Jason Hogg | 1 Comments
Friday, June 20, 2008 7:51 AM

patterns & practices Improving Web Services Security: Now Available!

Over the last 12 months we have had a lot of people who used the Web Service Security - Scenarios, Patterns and Implementation Guidance ask us where the implementation guidance for WCF was. Great news. JD Meier, Jason Taylor, Prashant Bansode and Rob
Posted by Jason Hogg | 1 Comments
Tuesday, November 20, 2007 10:36 PM

SAML STS for WSE 3.0 (reposted)

Every week or so I get another email asking where the sample code for the SAML STS for WSE 3.0 has been moved to now that GotDotNet GotNuked. It wasn't moved anywhere. So I figured I would repost it here for those that needs i. For those new to this you
Posted by Jason Hogg | 13 Comments
Attachment(s): SAML_STS_for_WSE3_Jan06.zip
Tuesday, August 28, 2007 4:29 PM

Sample declarative access control policy

In my previous post I mentioned that we have now released a parser for SecPAL that allows policies to be written in a human readable simplified English grammar. I thought it might be worth including an example - based on the scenario that was used in
Posted by Jason Hogg | 0 Comments
Sunday, August 26, 2007 2:17 PM

Parser for SecPAL simplified English grammar now available!

One of the great strengths of SecPAL is its unique support for multiple representations of a security policy; XML for interoperability; and a simplified English grammar for human readbility. The SecPAL v1.1 Research Release (available from http://research.microsoft.com/projects/secpal)
Posted by Jason Hogg | 5 Comments
Monday, August 20, 2007 10:31 AM

Swiss Army Knife of X.509 Certificate Tools

Anyone who has dealt with X.509 certificates when trying to design, test and deploy secure Web services will know what an ordeal it can be to locate certificates in various cert stores using different cert identifiers, modify security properties of the
Posted by Jason Hogg | 6 Comments
Wednesday, August 08, 2007 4:41 PM

A Java implementation of SecPAL?

Panos, from the University of Newcastle just dropped me a note to say that he is making progress with his Java based SecPAL implementation - which is very exciting. I noticed that he has moved away from XSB and has decided instead to create his own custom
Posted by Jason Hogg | 0 Comments
Saturday, July 07, 2007 5:43 PM

The IEEE Computer Security Foundations Conference

The 20th IEEE Computer Security Foundations conference is underway in Venice at the moment, and our friends from Microsoft Research in Cambridge (Moritz Y. Becker, Cedric Fournet and Andrew D. Gordon) presented the first paper of the conference - based
Posted by Jason Hogg | 0 Comments
Tuesday, July 03, 2007 10:03 AM

Access Control Requirements for Grid Computing Environments

One question I hear a lot is "How does SecPAL compare with [InsertRandomSecurityTechnologyAcronymHere]?". Well the good news is that Marty Humphrey , Sang-Min Park, Jun Feng, Norm Beekwilder and Glenn Wasson from the Department of Computer Science at
Posted by Jason Hogg | 5 Comments
Filed under: , ,
Thursday, June 21, 2007 3:40 PM

SecPAL Query Editor Now Available

A couple of people have remarked to us that they like the flexibility that SecPAL provides, but feel that it is difficult for people to get to grips with the API's when they first start evaluating SecPAL. For this reason Lonnie Wall (a consultant from
Posted by Jason Hogg | 4 Comments
Filed under: , ,
Wednesday, June 20, 2007 9:24 AM

Writing SecPAL Assertions In F# - Contd

In my earlier post I showed how SecPAL could be used to grant access to a particular user based on a token issued by an STS that we explicitly established a trust relationship with using the SecPAL "canSay" predicate. Now I am going to show you something
Posted by Jason Hogg | 0 Comments
Filed under: , , ,
Friday, June 15, 2007 4:22 PM

Writing SecPAL assertions in F#

I figured I would try to learn F# over this summer - and thought what better way to start than create a couple of SecPAL samples in F#. I thought this might help people that are interested in learning more about F# , or potentially F# users that are interested
Posted by Jason Hogg | 3 Comments
More Posts Next page »
 
Page view tracker