Security architecture

Hot Topic

Issues With Delay Activity
Lookup task run very slow when hitting big tables
Error 1720. There is a problem with this windows installer package.
Data Exchange
Infopath xsd and sharepoint workflow serialization problem
What is SOA
VSeWSS
WSS 3.0 Disaster... Config database lost..
Problem adding to document library with content approval enabled
Detecting internal calls in business object without using TLS or overloaded internal method

SharePoint Products

Link two List Views to make Master Details
Corporate Internet Site template
System.Transactions.TransactionManagerCommunicationException: Communication with the underlying transaction manager has failed.
Creating new Application
Change the master page
Ent Application Blocks + Dev QA Production
Sharepoint authentication problem
Visual Studio 2005 Class Syncronization issues
Workflow created in SharePoint Designer doesn't work ...
Add pages to a blank site

Security architecture

Hi,

I am venturing into Security architecture.It will be covering the security features provided by .net as well as general concepts like EKE,Single Sign On, Race condition etc.

I wasn't been able to find any good forum where i can discuss these topics.

Could somebody please let me know a few forums and blogs in which we can have discussions on this.

regards

Answer this question

Security architecture

  • qrli

    I'd also keep an eye on the following NFRs....

    9. Compliance - are there laws / regulation guideance governing what protection you need to enforce on certain data - remember your company directors/vps can go to prison for this stuff. In the UK you'll need to consider Freedom of Information Act (regarding audit data), Data Protection Act, Disability Discimination Act (CAPTCHAs for example is a problem for blind people), Financial Services Act, Official Secrets Act. Security classifications of data and relating security classifications of staff. In the UK we would have an Information Security officer who could help you with this stuff

    10. Performance - do you have to fit your security reqyurements inside a performance requirement

    11. Scalability - how many end users / systems are you targeting - you'll need volumes from the business

    12. Interoperability - do you need to adopt an open standard to enable interop between existing systems - do you need to interop with an old system

    13. Availability - is this critical system for all others what is the requirement for availability

    14. Data Loss - This is really interesting with audit data - if someone wants to cover their tracks they need to delete the audit data, so what is the requirement to protect this and back it up - should this info go off site

    15. Data Latency - when you change a centralised security profile how long is you customer willing to wait - how many times you have you rung a help desk, they change your profile to give you access to a resource and they say "wait an hour and you'll be able to get access"

    Finally when looking at Security all keep in mind how your IT department will gain access to the system. What is done to keep them from accesing live data: seperate live network (seperate machines on live network), security cleared individuals or temps, do you audit their access These are your biggest threat as they can by pass application level security.

    In a survey by Prefix IT:

    • 37% of men beleive it is acceptable to take database information and sales leads
    • 49% of 16-24 year olds do not consider workplace theft as stealing
    • 73% of graduate trainees admit to office theft

    Be paranoid and enjoy it :-)



  • SamSam698

    Hi,

    Security requirements can be broadly grouped into following concepts.. if you can tell us which area you are dealing with.. may be we can discuss here itself.

    Security Requirements :

    1. Client Authentication

    2. Server Authentication – Phishing

    3. Repudiation – denying the action

    4. Confidentiality

    5. Integrity

    6. Auditing

    7. Replaying

    8. Authorization

    http://DotNetWithMe.blogspot.com
    vikas goyal



  • Axe22

    What is your security question

    What area are you worried on , it is imperative security, declarative security, attribute based security or encryption mechanism to be used and why use passport or what and in what app domain ( is it web based, window application based) as that also govern your security architecture.

    Race on condition is a mostly prevelant in threading aspect, not sure why u club that with security feature



  • Security architecture
Answer this question