Sunday, March 09, 2008
Links for 2008-03-09
Would I love to see Microsoft embrace XACML? Absolutely! Reality though says that XACML is not part of the directory service. XACML does have a play in being incorporated directly into enterprise applications. I would love to see Microsoft build XACML support into SQL Server by replacing grant/revoke semantics as well as putting into Sharepoint. Of course, for Microsoft to get it right, requires them to hire an authorization czar like Kim Cameron is for identity.
Here is a blogger that is not only demonstrating SQL Injection and other attacks, but also providing an environment for others to do the same. Imagine if EMC, BMC, CA, IBM, Oracle and Microsoft did the same! Don't wait for this to happen...
A START-UP run by former Microsoft employees said it has made a tool to combat growing security risks on the web. Worth checking out.
I wonder if it is a forgone conclusion that Microsoft will always be weak in the software appliance marketplace? Maybe the answer for them is to figure out how to eliminate the operating system entirely for this demographic?
It is my prediction that the provisioning story has finally run out of air and that the marketplace will now focus on something more important such as managing entitlements to achieve their controls
MSHTML is the Windows component that renders HTML. It is part of Internet Explorer but also used by other applications (both from Microsoft and from third-parties) to embed HTML content. Hopefully, they are using static analysis tools to ensure that it is written securely such as Ouncelabs, Coverity and others...
