Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Andy Gordon and Karthik Bhargavan - Web services security research

Download

Right click “Save as…”

Andy Gordon and Karthik Bhargavan (researchers from Microsoft's research center in Cambridge, England) take us out to see "Lake Bill" back on Microsoft's main campus in Redmond where we avoid the geese and talk about their Web Services Security research and get a tour of their toolkit.

They also talk about the F# language, which they've used to build their toolkit.

Tags:

Follow the Discussion

  • figuerresfiguerres ???
    interesting...

    a bit over the top for many folks to "Get" but sounds like some good work going on.

    the outdoors laptop was not a good idea IMHO.

    I'd have walked into a room and done the demo and then back out after it.
  • William Staceystaceyw Before C# there was darkness...
    Very cool.  A while ago I did a SecurityContextToken (SCT) "getter" to allow you to get a SCT using TCP channel (or http) and an RSA public key (i.e. does not require X509 cert).  This is nice, because if you sign your assem, you already have the public key and don't need to mess around with certs.  I wonder if Andy or Karthik can prove this out using the first tool.  The desc and c# code is at http://spaces.msn.com/members/staceyw/Blog/cns!1pnsZpX0fPvDxLKC6rAAhLsQ!303.entry

    I know one weakness is the public key.  If someone can change that at the client side, then a man in the middle attack could be done.  But failing that, I wonder if the rest is ok.  Cheers!

    --William Stacey [MVP]
  • adgadg Andy Gordon

    Thanks; we didn't say in the interview but we have a website about the project at http://Securing.WS  The whole project is joint work with Cédric Fournet, who couldn't make the interview.

    We have papers and talks there, info about how to download the two tools, and lots and lots of web services security links.

    I guess the Channel9 guys thought that the outdoors interview was a good experiment.  I was impressed by how much of the screen you can see in the video; it didn't seem to be a problem.

    The interview was a lot of fun.  Wednesday at the TechFest Jon Pincus said we should mail Charles about doing an interview.  We sent mail about 6pm, he replied in the evening, and we arranged to meet by the bit of the Berlin Wall at the conference centre at 11am Thursday.  We had 60 minutes until the TechFest opened.  We couldn't find an office so Charles and Robert just took us across the street to "Bill's lake".  I've done formal presentations to the press before on behalf of MS, and there is usually a heck of a fuss about it, many rehearsals etc etc.  This was entirely impromptu, which undoubtedly shows, but still I hope it's informative.

Remove this comment

Remove this thread

close

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.