Web Security Patterns - Page 11 of 11 - a practitioner's notes on security best practices, pitfalls, sʞɔɐɥ and fixes

MSDN praises Core Security Patterns :-))

Ramesh November 28, 2005 No Comments

This morning, a friend of mine forwarded a note by Jimmy Nilsson (a Microsoft Patterns Guru) about “Core Security Patterns”, at http://msdn.microsoft.com/architecture/. It is truly a pleasant surprise…

Jimmy Nilsson, Microsoft solution Architect writes…

I have been asked a couple of times about a book about security patterns when I have given my patterns course. I’m afraid I really can’t say that security is my field at all, but from the little I do know I didn’t think that there was such a book. Anyway, the other day “Core Security Patterns” dropped down on my desk. Perhaps it’s just the book they were looking for.

Here is the link to Mr.Nilsson’s blog – http://jimmynilsson.com/blog/

Thank you, Mr.Nilsson and MSDN. We appreciate those nice words.

Belgium eID Authentication for Web SSO and Sun Ray Desktop Authentication.

Ramesh October 2, 2005 No Comments

Belgian eID

Last 3 weeks, been so hectic…the days were faster than light, I was pulling my-hair-out on a critical proof-of-concept that requires demonstrating Web Single Sign-on (via Sun Java System Access Manager) using PKI/Digital certificate credentials (from Belgian eID) and then enable Smartcard PKI based Desktop authentication/Session Mobility using Sun Rays. The secret sauce on this architecture is using OpenSC PAM and PKCS#11 framework. Interesting to note, OpenSC is not Microsoft friendly !

I can’t dump more details about this effort at this time…(Ofcourse it works…a great relief). I am a bit cautious, that I don’t want to dump crucial information on the web before my guys present it to those Belgian Govt audience. With all those caution..here is a tip-of-the-iceberg details of my project.

Using JAAS for Biometric Authentication – Yes, it works.

Ramesh June 30, 2005 No Comments

Last few months, I was passionately busy working on an interesting project opportunity …to implement a biometric authentication module for a security sensitive J2EE application (Sorry…don’t ask who is the customer :-)). Ofcourse, the target is a die-hard Sun customer who believed on us -not- that armed contractor. They suggested me to use CrossMatch Verifier-E Fingerprint scanner and BioBex middleware for supporting biometric enrollment and authentication. I also lucky to work together with a good friend of mine from Finland “Tuomo Lampinen”…I should credit him here – he taught me the ABCs of Biometrics. I lost hopes initially..as there is no easy way to initiate/receive the JAAS callbacks to/from biometric device and then convert it to web-based text callbacks to perform actual authentication with the biometric middleware. The complexities goes even a bit more harder, when you want to make a browser plugin to handle the device callbacks. After trial-and-errors with several callback mechanisms (believe me,…at some point I lost all my hopes) – Finally, It worked without any hacks. Way cool, I even performed multi-factor authentication by combining with another JAAS LoginModule we built for using PKI/digital certificates.

If you are curious to know the secrets – Couple of days ago, Reid Williams and I did deliver a session at JavaONE entitled ” Biometric Authentication for J2EE Applications” and we also demonstrated it. You may also interested to read my follow-on article “Building Biometric Authentication for J2EE, Web and Enterprise Applications“.

Enjoy.

Poor monkey…

Ramesh June 7, 2005 No Comments

Don’t forget to close the tap after drinking 🙂

Our show at RSA…

Ramesh February 26, 2005 No Comments

We did two panel sessions at RSA Conference, SFO last week – Both were well received. Here is the links to the slides that we used to present “Core Security Patterns” in the sessions.

Unfortunately, We had less time for Q & A sessions and we did’nt have short answers to those real long questions on WS-* standards..especially its roadmap and God knows when some of them will be ratified as real standards. We certainly don’t blame OASIS for that process !!

Enjoy.

Tackling XML Web Services Performance & Scalability

Ramesh February 1, 2005 No Comments

It’s been a while.. I forgot to publish this post !!!

Last JavaONE, Sameer and I had an opportunity to present on “High-performance Web Services: Tacking Scalablity and Speed”. We digged into the XML Web services and its architecture/deployment characteristics and how its QoS mechanisms contributes to performance overheads that impedes its adoption. We explored on several mitigation strategies that can help eliminate the performance overheads and achieve scalability…. by adopting to right strategies….from choice of platform, network infrastructure, distributed processing, compression, content encoding schemes, content processing & routing, XML parsing/transformation/validation and acceleration….

See for yourself….you may find it worth browsing 🙂

Click on the image for downloading the slides...

My first day at Blog school…

Ramesh January 27, 2005 No Comments

“What, you don’t have a blog ! Dude, it is very easy to maintain a blog”…..One of my close friend looked at me as if I missed something for so long. I always wondered to know, whether I would able to maintain blog on my own or atleast for the purpose promoting our current work – Core security patterns.

I know, the blogosphere buzz started couple of years ago but now it makes me a faint to see a bee hive of blogs at bloggers.com. Anyway, I learnt that trick now….and this is my first post to blogosphere.

That’s my story for today ! I will keep you all posted.