[OWASP-GUIDE] Guide V2 - A time for action

Adrian Wiesmann awiesmann at swordlord.org
Fri Mar 14 11:24:16 EST 2003

> I never have the last word on anything ;-)

Married to the wrong woman then? :)

> I can see a case for SAML and Liberty and .NET passport being part of a
> chapter on SSO / Authentication. I can also see a case for it being part
> of web services. 

I would very much agree on SAML be put in the Web Services Chapter and
Liberty and Passport put into a "Privacy" chapter. SAML is about something
in XML, which the whole Web Services chapter is all about. The other two
are mostly about privacy and authentication which would not really fit in

> Does anybody have an idealized list of all Chapter headings or strong
> feeling n how things should be laid out ?

Hmm havent we done so lately?

The last mail I found was by me :)

> Starter
> 1 - Introduction
> 2 - Background
> 3 - Thinking about the Problem
> 4 - Principles
> Theory
> 13- Privacy
> 14- Cryptography
> 12- Web Services and XML Security
> 5 - Web Security Architectures
> Practice
> 6 - Authentication (including SAML and Liberty)
> 8 - Access Control and Authorization
> 7 - Session Management
> 10- Data Validation
> 9 - Event Logging and Monitoring
> Summary
> 11- Common Problems and How to Mitigate them
> I tried to get the guide into 4 logical groups. While I am not quite
> satisfied with that version above, I think it's a way to try to go on
> with. And we definitely would need better names for the 4 logical
> groups.

Let's take this as a starter?

> Anybody interested in re-doing the DocBook when the new layout is agreed
> ?

I could do so but would not burn my hands for if anybody else would be
interested :)


More information about the Owasp-guide mailing list