[GPC] OWASP Web Services Security Project

Paulo Coimbra paulo.coimbra at owasp.org
Mon Aug 31 14:06:14 EDT 2009


Hello Subu,

 

The questions below referred have been solved. 

 

As “it is recommended that an OWASP board member or Global Projects
Committee member be the second reviewer on Quality releases”, I ask you to
chose either Sahba Kazerooni or Rohit Sethi to assume the role of release’s
first reviewer. 

 

Should you have any queries or require any further information please do not
hesitate to contact me. 

 

Many thanks, best regards

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Paulo Coimbra [mailto:paulo.coimbra at owasp.org] 
Sent: quarta-feira, 26 de Agosto de 2009 16:43
To: 'Subu Ramanathan'
Cc: 'Kazerooni, Sahba'; 'Global Projects Committee'
Subject: RE: OWASP Web Services Security Project

 

Hello Subu,

 

Thanks much for getting back to me and sending me off the requested data.
Although I am still dealing with a couple of issues to make our new Project
Information Tab work, I’ve already uploaded how much information as I could
do right now. A couple of files are still misplaced and some information is
also to be uploaded. Both problems will be shortly solved.

 

I have also created a project’s mailing list and by now the password must
have been automatically sent to you.

 

Regarding your questions, please see below my inline answers.

 

I wish you good work.

 

Should you have any queries or require any further information please do not
hesitate to contact me. 

 

Many thanks, best regards

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Subu Ramanathan [mailto:subu at securitycompass.com] 
Sent: quarta-feira, 5 de Agosto de 2009 02:52
To: paulo.coimbra at owasp.org
Cc: Kazerooni, Sahba
Subject: RE: OWASP Web Services Security Project

 

Hi Paulo,

 

I am sorry, I should have marked these sections TBD instead of N/A. Here is
some more information for the Project page.

 

1.	Project Flyer/Pamphlet (PDF file),

Attached.

2.	Project Roadmap,

TODO

[pc] I will be waiting, please send it off as soon as you can.

 

3.	Project main links, 

N/A. – I don’t think this applies to this project. Please advice what I
should include here if I am mistaken.

[pc] This data is not imperative. This field can be used to upload all the
important links that the project might have. If you think the project
doesn’t have any other links besides its project page link, so that’s ok.

 

B – FIRST RELEASE

 

4.	Release Name,

First Release

5.	Release main features,

a.       OWASP Links on Web Services

b.      Tabbed interface for the Project page

6.	Release downloadable file link 

N/A – Again, I don’t think this applies to this project. Please advice if I
am mistaken

[pc] The final output of each OWASP project is usually a release. It can be
a document, a tool or both but in any situation, in my view, these outputs
should be placed inside a link to allow potential users to download it.
Please see a couple of examples:

-
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project#tab=Project_Id
entification (new template)

-
http://www.owasp.org/index.php/Category:OWASP_Ruby_on_Rails_Security_Guide_V
2 (new template)

 

However, if you think your project is an exception and doesn’t fit in the
above frame, please let us know your thoughts. They will surely be
considered. Also, I am carbon copying our Global Projects Committee to check
if they have another opinion about this issue.

 

Nevertheless, I suggest we deal again with this issue when you have your
first release ready to be publicly launched.

 

7.	Release Leader,

OWASP username: Subu Ramanathan

[pc] Your wiki account is still to be created.

 

The information below hasn’t yet been uploaded as we are having a couple of
issues with the template. It will be done as soon as the question is solved.

 

8.	Release Contributor(s),

OWASP username: Subu Ramanathan, Skazerooni

9.	Release Reviewer,

TBD – Most probably Sahba Kazerooni and Rohit Sethi

10.	Release Mentor (if any),

N/A

11.	Release Sponsor(s) (if any),

Security Compass

12.	Release Flyer/Pamphlet,

Same as project flyer. Attached.

13.	Release Roadmap,

TODO

[pc] I will be waiting. Take your time.

 

14.	Release Main Links,

N/A – Again, I don’t think this applies to this project. Please advice if I
am mistaken

[pc] Again, see my answer above.

 

Thank you for bearing with my delayed responses.

 

Regards,

Subu

 

Subu Ramanathan

Security Consultant

Security Compass

http://www.securitycompass.com <http://www.securitycompass.com/> 

Direct : 888-777-2211 ext. 107

Mobile: 732.284.8648

 

**************************************************************************

The information in this email is confidential and may be legally privileged.
Access to this email by  anyone other than the intended addressee is
unauthorized.  If you are not the intended recipient of this message, any
review, disclosure, copying, distribution, retention, or any action taken or
omitted to be taken in reliance on it is prohibited and may be unlawful. If
you are not the intended recipient, please reply to or forward a copy of
this message to the sender and delete the message, any attachments, and any
copies thereof from your system.

*************************************************************************

 

 

 

From: Paulo Coimbra [mailto:paulo.coimbra at owasp.org] 
Sent: Wednesday, July 29, 2009 1:57 PM
To: Subu Ramanathan
Cc: Kazerooni, Sahba
Subject: RE: OWASP Web Services Security Project

 

Hello Ramanathan,

 

I thank your prompt answer and the data you sent off.

 

It’s perfectly fine you send off the incomplete sections on an ongoing
basis. However, you have signaled several data with the reference N/A (I
suppose it means “not applicable”) and it seems to me that with a couple of
exceptions, i.e. Release Mentor and Release Sponsor, all the remaining
information will be needed. Please check the following links out:

 

- https://www.owasp.org/index.php/Category:OWASP_Project_Assessment

 

-  http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects 

 

- Example:
http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE
_Design_Patterns
<http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2E
E_Design_Patterns_Project> 

 

Please let me know your thoughts.

 

Thanks much,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Subu Ramanathan [mailto:subu at securitycompass.com] 
Sent: terça-feira, 28 de Julho de 2009 19:46
To: paulo.coimbra at owasp.org
Cc: Kazerooni, Sahba
Subject: RE: OWASP Web Services Security Project

 

Hi Paulo,

 

Here is the information you required. The highlighted sections need to be
completed. I figured I would send you everything I have now and will send
out the incomplete sections on an ongoing basis.

 

Sahba Kazerooni (Skazerooni) is a contributor to this project. Here is his
user link http://www.owasp.org/index.php/User:Skazerooni 

 

A – PROJECT

 

15.	Project Purpose,

The OWASP Web Services Security project is designed to serve as a
comprehensive starting point for any web services related inquiries on the
web.

16.	Project License,

GPL

17.	Project Leader, 

OWASP username: Subu Ramanathan

18.	Project Maintainer, 

OWASP username: Subu Ramanathan

19.	Project Contributor(s),

OWASP username: Subu Ramanathan, Skazerooni

20.	Conference style presentation that describes the tool in at least 3
slides,

Attached

21.	Project Flyer/Pamphlet (PDF file),

TODO

22.	Project Roadmap,

TODO

23.	Project main links, 

N/A.

 

B – FIRST RELEASE

 

24.	Release Name,

First Release

25.	Release main features,

c.       OWASP Links on Web Services

d.      Tabbed interface for the Project page

26.	Release downloadable file link 

N/A

27.	Release Leader,

OWASP username: Subu Ramanathan

28.	Release Contributor(s),

OWASP username: Subu Ramanathan, Skazerooni

29.	Release Reviewer,

N/A

30.	Release Mentor (if any),

N/A

31.	Release Sponsor(s) (if any),

N/A

32.	Release Flyer/Pamphlet,

N/A

33.	Release Roadmap,

N/A

34.	Release Main Links,

N/A

 

Please let me know if you need anything else.

 

Regards,

 

Subu Ramanathan

Security Consultant

Security Compass

http://www.securitycompass.com <http://www.securitycompass.com/> 

Direct : 888-777-2211 ext. 107

Mobile: 732.284.8648

 

**************************************************************************

The information in this email is confidential and may be legally privileged.
Access to this email by  anyone other than the intended addressee is
unauthorized.  If you are not the intended recipient of this message, any
review, disclosure, copying, distribution, retention, or any action taken or
omitted to be taken in reliance on it is prohibited and may be unlawful. If
you are not the intended recipient, please reply to or forward a copy of
this message to the sender and delete the message, any attachments, and any
copies thereof from your system.

*************************************************************************

 

 

From: Paulo Coimbra [mailto:paulo.coimbra at owasp.org] 
Sent: Tuesday, July 28, 2009 12:36 PM
To: Subu Ramanathan
Cc: Sethi, Rohit; Bhalla, Nishchal; Kazerooni, Sahba; 'Global Projects
Committee'
Subject: RE: OWASP Web Services Security Project

 

Dear Ramanathan,

 

It’s my pleasure to inform that your proposal has been thanked and accepted
by the OWASP Global Projects Committee. From now on we are counting on you
to lead the Project. Congratulations!

 

Therefore, as soon as you find the cycles, please send me off the previously
requested information.

 

I wish you good work and thank you for supporting OWASP mission.

 

Should you have any queries or require any further information please do not
hesitate to contact me. 

 

Many thanks, best regards,

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Subu Ramanathan [mailto:subu at securitycompass.com] 
Sent: segunda-feira, 27 de Julho de 2009 19:48
To: paulo.coimbra at owasp.org
Cc: Sethi, Rohit; Bhalla, Nishchal; Kazerooni, Sahba; 'Global Projects
Committee'
Subject: RE: OWASP Web Services Security Project

 

Hi Paulo,

 

Thanks for the quick response.

 

My vision for this project revolves around the same goal that initially
spawned the creation of this project. The idea is to facilitate a
comprehensive start up page for anyone looking to learn/research about Web
Services Security. In an attempt to achieve that, I have made modifications
to the layout of the project page. As you can see from the initial changes I
have implemented, we will now feature a tabular view. The purpose of each
tab is to demarcate the various aspects of Web Services Security. Each tab
will provide the reader with links to relevant resources (both OWASP related
and external).

 

In terms of further development, the project requires a solid base of
external resources that can be linked from the different tabs. The project
also requires an update feature that should be capable of posting updates to
the “Main” tab when any of the OWASP Web Services resources have been
updated/modified.

 

That’s a very high level idea of the Project’s current state and my plan for
future development. Please let me know if that will suffice.

 

Regards,

Subu

 

PS: I will update my personal information on my profile asap. Thanks.

 

From: Paulo Coimbra [mailto:paulo.coimbra at owasp.org] 
Sent: Monday, July 27, 2009 2:30 PM
To: Subu Ramanathan
Cc: Sethi, Rohit; Bhalla, Nishchal; Kazerooni, Sahba; 'Global Projects
Committee'
Subject: RE: OWASP Web Services Security Project

 

Dear Ramanathan,

 

First of all I thank your interest in leading an OWASP Project.

 

Secondly I inform that this project
http://www.owasp.org/index.php/Category:OWASP_Web_Services_Security_Project
has been considered orphaned because Sahba Kazerooni didn’t answer when we
asked him about his will to keep the leadership. Please see the email
attached.

 

Thirdly, regarding your current proposal, I ask whether you would be kind
enough to write down and send us off a couple of lines expressing your ideas
in terms of project development. The goal is to allow some feedback from the
OWASP Global Projects Committee (GPC). 


Afterwards, and if the GPC agrees with handing over the project leadership
to you, to set up the project’s information tab, I ask you to send me off
the following data:

 

A – PROJECT

 

35.	Project Purpose,
36.	Project License,
37.	Project Leader, 
38.	Project Maintainer, 
39.	Project Contributor(s),
40.	Conference style presentation that describes the tool in at least 3
slides,
41.	Project Flyer/Pamphlet (PDF file),
42.	Project Roadmap,
43.	Project main links, 

 

B – FIRST RELEASE

 

44.	Release Name,
45.	Release main features,
46.	Release downloadable file link 
47.	Release Leader,
48.	Release Contributor(s),
49.	Release Reviewer,
50.	Release Mentor (if any),
51.	Release Sponsor(s) (if any),
52.	Release Flyer/Pamphlet,
53.	Release Roadmap,
54.	Release Main Links,

 

Note: For Project Leader and Contributors please create a wiki account
<https://www.owasp.org/index.php/Special:Userlogin> s and please send me off
the links. See here <https://www.owasp.org/index.php/Tutorial>  and here
<http://www.owasp.org/index.php/User:Mtesauro>  how to do it and here
<http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project#tab=Project_I
dentification>  an example of how it will be used.

 

Meanwhile, please allow me a couple of directions.

 

Firstly, I recommend you glance at OWASP’s Assessment Criteria -
https://www.owasp.org/index.php/Category:OWASP_Project_Assessment. As you
may know, this set of rules will be used both to push the project up the
ladder and to eventually assess it. In addition, I also recommend you
briefly check out this link
http://www.owasp.org/index.php/Guidelines_for_OWASP_Projects as a mean to
understand our process of setting up new projects.

 

As for now it’s all - I wish you good work and thank you for supporting
OWASP mission.

 

Should you have any queries or require any further information please do not
hesitate to contact me. 

 

Many thanks, best regards,

 

PS. As you are contributor in this
http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE
_Design_Patterns
<http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2E
E_Design_Patterns_Project>  project, would you mind fill in here
http://www.owasp.org/index.php?title=User:Subu_Ramanathan
<http://www.owasp.org/index.php?title=User:Subu_Ramanathan&action=edit&redli
nk=1> &action=edit&redlink=1 with your personal details (see above for
guidance)?

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Subu Ramanathan [mailto:subu at securitycompass.com] 
Sent: segunda-feira, 27 de Julho de 2009 18:40
To: paulo.coimbra at owasp.org
Cc: Sethi, Rohit; Bhalla, Nishchal; Kazerooni, Sahba
Subject: OWASP Web Services Security Project

 

Hi,

 

I would like to take ownership of this project on behalf of Security
Compass. I have already made some changes to the layout of the page and
added some content. Please let me know if this qualifies us to remove the
orphaned template.

 

Regards,

 

Subu Ramanathan

Security Consultant

Security Compass

http://www.securitycompass.com <http://www.securitycompass.com/> 

Direct : 888-777-2211 ext. 107

Mobile: 732.284.8648

 

**************************************************************************

The information in this email is confidential and may be legally privileged.
Access to this email by  anyone other than the intended addressee is
unauthorized.  If you are not the intended recipient of this message, any
review, disclosure, copying, distribution, retention, or any action taken or
omitted to be taken in reliance on it is prohibited and may be unlawful. If
you are not the intended recipient, please reply to or forward a copy of
this message to the sender and delete the message, any attachments, and any
copies thereof from your system.

*************************************************************************

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20090831/a9bf213a/attachment-0001.html 


More information about the Global-projects-committee mailing list