[Esapi-user] Call To Arms - Documentation

Chris Schmidt chrisisbeef at gmail.com
Mon Nov 22 12:07:11 EST 2010


Responses inline


On 11/22/10 9:53 AM, "Kevin W. Wall" <kevin.w.wall at gmail.com> wrote:

> On 11/22/2010 11:14 AM, Chris Schmidt wrote:
>> Community - 
>> 
>> With the impending release of 2.0GA ­ we need to shift some focus towards
>> getting relevant, up-to-date documentation added to the OWASP Wiki regarding
>> installation, configuration, and use of the ESAPI Libraries. While there is
>> a great deal of information already available on the wiki ­ there is a great
>> deal more that needs to be documented as well.
> 
> Chris, so what do we do with all the documentation under the 'documentation'
> directory? Do we xlate that to Wiki format? Or is it sufficient to just
> reference this documentation (from Google Code URLs) via the Wiki?

Ideally we would migrate this documentation to the wiki. Main reason being
that it is easier to compile everything together if we need to publish a
print documentation or create offline documentation than it is to do this
from a variety of locations.

> 
>> Dave Wichers ­ long time supported and contributer to the ESAPI Project (one
>> of the wizards behind the curtain if you will) has graciously offered to
>> spearhead this effort and roadmap the documentation sprint leading up to the
>> GA release. 
> 
> Dave... thanks for stepping up and volunteering to do this. It will really
> help.

To be clear, Dave has volunteered to roadmap the documentation effort, and
assist with tasks - which is a bit of a daunting task to begin with, so it
will fall to the rest of us (developers) to be there to answer any questions
and provide context to anyone doing documentation.

> 
>> If you have some spare cycles and can contribute anything from a few minutes
>> to a few hours contributing your collective knowledge and experience to
>> using and integrating ESAPI ­ I am sure that the world and future ESAPI
>> users would be forever indebted to your sacrifice. :)
> 
> Just an FYI... I am finishing up the design doc on ESAPI 2.0 crypto. I'm
> sure that such a document isn't going to be useful for most, but it will
> also provide a bit of a road map of where I intend to go in 2.1 and 3.0
> that some might find interesting. I've already completed a user guide for
> this, so not sure how much more is needed in the area of ESAPI crypto
> documentation.

This is great news and it is imperative that this information be included in
the documentation for the project. This will be extremely useful to anyone
who is a security architect for an application or other decision makers to
get a handle on the ESAPI reference encryptor and make informed decisions
about whether to use it or an adaptation of another provider (ie BC)

Thanks Kevin!

> 
> -kevin




More information about the Esapi-user mailing list