My blog has moved and can now be found at

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Thursday, December 28, 2006
« Threats to Message Exchanges in a SOA | Main | Got tagged.. again! »

Right after posting my last blog entry on Threats to Message Exchanges in a SOA, I cam across a blog entry by Gunnar Peterson of Cigital that points to a paper that he co-authored with Howard Lipson at CERT on "Security Concepts, Challenges, and Design Considerations for Web Services Integration" in which they describe "... best practices for development staff who want to actually build security services into the software they are developing. The paper is really two papers in one - the first part is on web services and their impact on security concepts, the second part deals with message level security (WS-Security, WS-Trust, WS-SecureConversation) to enable end to end security model for an integrated system, and the last part is on design considerations for security in Web Services." 

I have not had a chance to peruse this in detail, but this definitely looks like a must read document!

Tags:: Security
12/28/2006 12:35 AM Eastern Standard Time  |  Comments [0]  |  Disclaimer  |  Permalink    Tracked by:
"Week's Links" (Alessandro "jekil" Tanasi blog) [Trackback]
Comments are closed.