Sunday, March 25, 2007
Cohen on Howard: Chapter 23
Chapter 23 is a grab bag of good practices.
In general, Cohen's review of this chapter is fair-minded. He criticizes the grab bag approach as indicative of the book's overall lack of organization. Seems fair: Chapter 23 is the "General Good Practices" chapter in "Part IV: Special Topics" (not to be confused with "Part II: Secure Coding Techniques" or "Part III: Even More Secure Coding Techniques").
One thing I must point out from having worked on Microsoft CardSpace is the following line in Cohen's review:
Microsoft CardSpace works on the WS-* protocols, which are open, freely licensed, and jointly developed by many contributors.
In general, Cohen's review of this chapter is fair-minded. He criticizes the grab bag approach as indicative of the book's overall lack of organization. Seems fair: Chapter 23 is the "General Good Practices" chapter in "Part IV: Special Topics" (not to be confused with "Part II: Secure Coding Techniques" or "Part III: Even More Secure Coding Techniques").
One thing I must point out from having worked on Microsoft CardSpace is the following line in Cohen's review:
They are right, we should have and use standards that allow representation to be product independent, but of course Microsoft is the company that brings you proprietary versions of everything to keep you from buying other vendor products.
Microsoft CardSpace works on the WS-* protocols, which are open, freely licensed, and jointly developed by many contributors.
