Rick Laplante - Talking about Visual Studio Team System (Licensing), Part II
Andy Gordon and Karthik Bhargavan - Web services security research
Play Andy Gordon and Karthik Bhargavan - Web services security research
Description
Andy Gordon and Karthik Bhargavan (researchers from Microsoft's research center in Cambridge, England) take us out to see "Lake Bill" back on Microsoft's main campus in Redmond where we avoid the geese
and talk about their Web Services Security research and get a tour of their toolkit.
They also talk about the F# language, which they've used to build their toolkit.
They also talk about the F# language, which they've used to build their toolkit.
Download
Download this episode
More episodes in this series
Karsten Januszewski - Home video of Avalon presentation at Flash Forward conference
Related episodes
Drawbridge: A new form of virtualization for application sandboxing
How to Shop for Free Online
E2E: Erik Meijer and Cormac Herley - Rational Rejection of Security Advice by Users
Expert to Expert: Helen Wang and Alex Moshchuk - Inside Gazelle
Pacific Northwest Probability Seminar: An Analysis of Spatial Mixing
Keynote: Smart Enough to Work With Us? Foundations and Challenges for Teamwork-Enabled AI…
Pacific Northwest Probability Seminar: Gravitational Allocation to Uniform Points on the…
Pacific Northwest Probability Seminar: A Characterization Theorem for the Gaussian Free…
Two-round Secure Multiparty Computations from Minimal Assumptions
Intent and Emotions in Image Search and Viewing
The Discussion
-
figuerres interesting...
a bit over the top for many folks to "Get" but sounds like some good work going on.
the outdoors laptop was not a good idea IMHO.
I'd have walked into a room and done the demo and then back out after it. -
staceyw Very cool. A while ago I did a SecurityContextToken (SCT) "getter" to allow you to get a SCT using TCP channel (or http) and an RSA public key (i.e. does not require X509 cert). This is nice, because if you sign your assem, you already have the public key and don't need to mess around with certs. I wonder if Andy or Karthik can prove this out using the first tool. The desc and c# code is at http://spaces.msn.com/members/staceyw/Blog/cns!1pnsZpX0fPvDxLKC6rAAhLsQ!303.entry
I know one weakness is the public key. If someone can change that at the client side, then a man in the middle attack could be done. But failing that, I wonder if the rest is ok. Cheers!
--William Stacey [MVP] -
adg Thanks; we didn't say in the interview but we have a website about the project at http://Securing.WS The whole project is joint work with Cédric Fournet, who couldn't make the interview.
We have papers and talks there, info about how to download the two tools, and lots and lots of web services security links.
I guess the Channel9 guys thought that the outdoors interview was a good experiment. I was impressed by how much of the screen you can see in the video; it didn't seem to be a problem.
The interview was a lot of fun. Wednesday at the TechFest Jon Pincus said we should mail Charles about doing an interview. We sent mail about 6pm, he replied in the evening, and we arranged to meet by the bit of the Berlin Wall at the conference centre at 11am Thursday. We had 60 minutes until the TechFest opened. We couldn't find an office so Charles and Robert just took us across the street to "Bill's lake". I've done formal presentations to the press before on behalf of MS, and there is usually a heck of a fuss about it, many rehearsals etc etc. This was entirely impromptu, which undoubtedly shows, but still I hope it's informative.