Mark O'Neill's Radio WeblogLaptop Skin from Aspoke (6.12.2005, 19:03 UTC)
Aspoke are giving out free laptop skins to people attending the Les Blogs conference in Paris. I've got a laptop skin from Ascape, sporting the Vordel logo on the back of a 17" screen. I've posted a photo of it below. It's very shiny and reflective, which makes it look great but also makes it hard to photograph without getting reflections in it. Fantastic idea - I'd certainly recommend these laptop skins, especially if you're at Les Blogs and can get one for free.
Link | Clicks: 0
Mark O'Neill's Radio WeblogIdentity Services (3.11.2005, 17:03 UTC)
Phil Wainewright at Loosely Coupled has a timely piece on "Identity as a Service" today. He points out that such services would be useful for "Web 2.0" companies who have enough on their plate already to deliver "the next Flickr", and who don't have the time (or probably the expertise either) to develop code to log their users in manually, to automatically log them in if they've already logged in elsewhere, to authenticate XML-based invocations of their Web 2.0 apps, etc. Remember, many "Web 2.0...
Link | Clicks: 0
Mark O'Neill's Radio Weblog"SOA and Security" Panel at SOA Executive Forum, New York City, 7-8 November (31.10.2005, 16:36 UTC)
I'm speaking on a Panel on SOA Security at the SOA Executive Forum in New York City next week. Jon Udell has listed some talking points for the discussion. Based on those talking points, here are my notes for the discussion: On the role of security in SOA and ESB architectures: Vordel allows security services to be part of the “fabric” of services that are on tap as part of an ESB. This work has involved drawing on some of the standards which are in place for security services. I...
Link | Clicks: 0
Mark O'Neill's Radio WeblogBlog coverage of Vordel at RSA Europe Conference (24.10.2005, 18:34 UTC)
"Rather than thinking of how to implement security in each part of the web services Morris suggested implementing security as web services themselves. He advocated security in depth by using existing features like directories and web access authorization and the like (which makes sense, no reason to re-invent the wheel time and time again). XML introduces a lot of new security threats like SQL injection through XML payload, XPath Injection, unexpected attachments (and how to deal with those), m...
Link | Clicks: 0
Mark O'Neill's Radio WeblogNew version of SOAPbox tool to test security compliance of XML / SOA systems (18.10.2005, 19:52 UTC)
Today we released the latest version of the SOAPbox tool, which is the world's most widely-used tool to test the security compliance of XML applications. SOAPbox compliments Vordel's XML Gateway and Web Services Management products. Full details are here: http://www.securitypark.co.uk/article.asp?articleid=24452&CategoryID=1
Link | Clicks: 0
Mark O'Neill's Radio WeblogVordel at the RSA Conference Europe in Vienna today (18.10.2005, 14:09 UTC)
Vordel's CEO, Vic Morris, is speaking today about "Security in an Open World". If you're at the conference in Vienna, go along and you will hear about how why "secure and open" are not mutually exclusive, and how this enables integration using XML and Web Services. Vic uses three of our customer case studies as illustrations (one government, one financial, and one insurance example).
Link | Clicks: 0
Mark O'Neill's Radio Weblog"It's harder to build good stuff than to break junky stuff" (13.10.2005, 20:24 UTC)
I love this slide from Gary McGraw at Cigital.
Link | Clicks: 0
Mark O'Neill's Radio WeblogThe less exciting side of Identity (4.10.2005, 19:42 UTC)
On Sunday, Scott Loftesness makes the cheeky (but painfuly true) point that there is a lot "blather" in the world of identity. I've noticed that a lot of blog discussion of identity focuses on drivers licenses, online banking, bill payment, and travel. These are certainly all "big fish" and lend themselves well to discussion. However, there is also a more mundane aspect to identity. Unless you've worked with many architects who are deploying Web Services inside their organizations, you...
Link | Clicks: 0
Mark O'Neill's Radio WeblogReal World Real World SOA (3.10.2005, 18:48 UTC)
In David Linthicum's "Real World SOA" column last Thursday, he talked about "Why you should extend your SOA for Inter-company integration". He says that: "In essence, you're creating a virtual set of applications that exists between trading partners that allow those trading partners to function like a single entity, and thus service common business processes as if they existed in a single company" Good short article. However, it didn't mention security and I think security is the enabler f...
Link | Clicks: 0
Mark O'Neill's Radio WeblogNotes from the field: Implementing a security solution for Web Services (30.9.2005, 18:14 UTC)
An ISTR (Information Security Technical Report) Journal article which I jointly wrote with Allan MacPhee from Entrust is now online. The journal article describes the security architecture used to manage and secure Web Services for a customer. The customer used a unified security policy to manage both Web and XML traffic. To read the journal article in PDF or text, go to http://dx.doi.org and insert the following document ID: doi:10.1016/j.istr.2005.02.002
Link | Clicks: 0
Mark O'Neill's Radio WeblogCustomer case study: Vordel provides security for SAP XI (29.9.2005, 18:49 UTC)
We're pleased to announce, along with the leading German security solutions firm SHE, a case study of a customer who is using VordelSecure to manage and secure the traffic between their SAP XI system and their logistics partners. Südzucker chose VordelSecure to provide security and management for its XML-based connections to its logistics partners. This was key to the successful enhancement of the company’s business intelligence reporting system based on linking its in...
Link | Clicks: 0
Mark O'Neill's Radio Weblog (29.9.2005, 17:24 UTC)
WS-Plumbing I talked to Jon Udell as part of the research for his piece on the WS-* specifications. I think it's important to seperate out the usage of WS-* for message authentication and the usage of WS-* for integration between security products. While there are very good arguments for using alternatives to WS-* for message authentication (that's why Vordel supports SSL, HTTP-Auth, etc), the arguments against using WS-* for "security plumbing" between differnet vendor products are less compell...
Link | Clicks: 0
Mark O'Neill's Radio Weblog (27.9.2005, 17:08 UTC)
Roslindale I'm now on the Roslindale blogger list. I guess that means I should post something about Roslindale! So here are some of my Roslindale pictures on Flickr: The view from my house by day:http://www.flickr.com/photos/96443330@N00/23805072/ The view from my house by night:http://www.flickr.com/photos/96443330@N00/25181572/ Night view, plus fireworks which play havok with the night filter on my camera:http://www.flickr.com/photos/96443330@N00/46652352/The local Lutheran Church before it wa...
Link | Clicks: 0
Mark O'Neill's Radio Weblog (26.9.2005, 04:14 UTC)
Book chapter on XML security The chapter I wrote on XML Security in the book "Hardening Network Security" is available at the link below.  I recommend the book to anyone who wishes to get into information security, for example for CISSP certification, since it covers a wide range of material. http://www.vordel.com/knowledgebase/book2.html
Link | Clicks: 0
Mark O'Neill's Radio Weblog (24.9.2005, 13:31 UTC)
A closer look at VOIP security In today's Boston.com, I see an article casting doubt on the security of VOIP, with the ubiquitous Vonage advertisment below it. The gist of the article is that VOIP is vulnerable denial of service attacks. It doesn't draw a distinction between hardware-based VOIP (e.g. Vonage) and P2P-based VOIP (e.g. Skype). There is a difference. Let me try to explain what I'm getting at: I'm a Vonage customer. I was about to describe my home network, but I'm pleased to see tha...
Link | Clicks: 0
Mark O'Neill's Radio Weblog (13.9.2005, 15:16 UTC)
Skype & Ebay - wallets and the Irish angle I've seen a lot of articles with titles like "Why Ebay bought Skype", but then I read them and the article basically says "who knows?". Here are the only two insightful comments I've seen about the acquisition: Donnacha on Slashdot : "Ebay's interest in Skype has nothing to do with augmenting their auctions with calls between buyers and sellers. This is about taking those (alleged) 50 million non-paying Skypers and giving them an easy, more a...
Link | Clicks: 0
Mark O'Neill's Radio Weblog (12.9.2005, 02:27 UTC)
On RSS "security" It's been interesting to follow the debate over the past few days about the concept of "RSS Security". Greg Reinacker made the point that saying "RSS security" alone is quite meaningless, and he breaks it out into encryption, authentication, and authorization. This is very helpful, since there is a huge tendency in the general public to think "security=encryption". i.e. "If something is encrypted, it's secure". Following that logic, in the HTTP world you have "if we use SS...
Link | Clicks: 0
Mark O'Neill's Radio Weblog (30.8.2005, 15:48 UTC)
Recreating "value addedness" Sabre replacing EDI with Web services : http://www.computerworld.com/developmenttopics/development/webservices/story/0,10801,104072,00.html This is a topic close to my heart because I used to work for an EDI Value-Added-Network (VAN). One of my jobs was to identify how EDI data could be sent over the public Internet. There were really to main sides to this. The first was the data format: when XML came along, it seemed like the no-brainer answer to that problem. Of co...
Link | Clicks: 0
MetaRSS 0.92 Feed   RDF 1.0 Feed
Atom Feed
TechPHP5 Powered   PEAR Powered
Popoon Powered   Planet PHP Powered
ButtonsPOTB Button   POTB Button 2