Thursday, April 17, 2008

WCF Security Guidance v1 Released

J.D. Meier's Blog - patterns & practices WCF 3.5 Security Guidelines Now Available

"For this week's release in our patterns & practices WCF Security Guidance project, we released our first version of our WCF 3.5 Security Guidelines.  Each guideline is a nugget of what to do, why, and how.  The goal of the guideline format is to take a lot of information, compress it down, and turn insight into action.

...

Here's a snapshot of the guidelines, but you can see our security guidelines explained at our WCF Security Guidance project site.

Categories
Our WCF Security guidelines are organized using the following buckets:

  • Auditing and Logging
  • Authentication
  • Authorization
  • Binding
  • Configuration Management
  • Exception Management
  • Hosting
  • Impersonation and Delegation
  • Input/Data Validation
  • Proxy Considerations
  • Deployment considerations 

..."

Wiki based guideline to help you keep secure when you use WCF.

I don't use WCF now, but I'm sure it's only a matter of time (I hope as I think WCF is pretty darn cool and I really want to use it... and there IS a project feature I have in mind where it's the right tool for the job...  :)

No comments: