[OWASP-GUIDE] Guide V2 - A time for action

Adrian Wiesmann awiesmann at swordlord.org
Fri Mar 14 11:24:16 EST 2003


> I never have the last word on anything ;-)

Married to the wrong woman then? :)

> I can see a case for SAML and Liberty and .NET passport being part of a
> chapter on SSO / Authentication. I can also see a case for it being part
> of web services. 

I would very much agree on SAML be put in the Web Services Chapter and
Liberty and Passport put into a "Privacy" chapter. SAML is about something
in XML, which the whole Web Services chapter is all about. The other two
are mostly about privacy and authentication which would not really fit in
there.

> Does anybody have an idealized list of all Chapter headings or strong
> feeling n how things should be laid out ?

Hmm havent we done so lately?

The last mail I found was by me :)

> Starter
> 1 - Introduction
> 2 - Background
> 3 - Thinking about the Problem
> 4 - Principles
> Theory
> 13- Privacy
> 14- Cryptography
> 12- Web Services and XML Security
> 5 - Web Security Architectures
> Practice
> 6 - Authentication (including SAML and Liberty)
> 8 - Access Control and Authorization
> 7 - Session Management
> 10- Data Validation
> 9 - Event Logging and Monitoring
> Summary
> 11- Common Problems and How to Mitigate them
> 
> I tried to get the guide into 4 logical groups. While I am not quite
> satisfied with that version above, I think it's a way to try to go on
> with. And we definitely would need better names for the 4 logical
> groups.

Let's take this as a starter?

> Anybody interested in re-doing the DocBook when the new layout is agreed
> ?

I could do so but would not burn my hands for if anybody else would be
interested :)

Regards,
Adrian




More information about the Owasp-guide mailing list