Anil's Security and Identity Management Blog
Authorization (Access Control) Best Practices
May 17, 2013 5:35 AM, by Anil Saldhana
After the recent wrestling match in the blogosphere that included vendors and analysts on XACML, I want to provide some best practices for access control/authorization. The wrestling match is covered ...
Is XACML really dead? Should we all go OAUTH?
May 8, 2013 9:48 PM, by Anil Saldhana
Andras Cser from Forrester has a blog entry titled "XACML is dead ". That is a catchy title for the blog post. :) As a participant in the creation of OASIS XACML v3 specification (http://docs.oasis-op...
JAX-RS and HTTPOnly flag in Cookies
Feb 1, 2013 7:23 PM, by Anil Saldhana
JAX-RS in Java JAX-RS is an important technology/standard/specification in the JavaEE family. Version 1.1 is included in Java EE 6. JAX-RS enables Java applications to become REST enabled. Currently J...
GMail can be key to your digital life
Aug 8, 2012 2:54 PM, by Anil Saldhana
Matt Honan (Wired) has this heart wrenching story of his digital life being erased. The door to this tragedy was his gmail account. http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hackin...
PicketLink and Salesforce/Google Apps Integration
Jul 24, 2012 3:27 AM, by Anil Saldhana
Marek Posolda from the GateIn team has created an excellent article on integrating salesforce or google apps with JBoss. It is done via project PicketLink . The article is at https://docs.jboss.org/a...
LinkedIn has a wake up call
Jun 11, 2012 6:49 AM, by Anil Saldhana
All the IPO fun news - soaring personal assets - increasing cash pile must have gone a bit sour at LinkedIn now. They have probably started living on earth now, like the rest of us. I am referring to ...
When Access Control Systems Fail or are Absent,
May 27, 2012 6:13 AM, by Anil Saldhana
you can have squatters at your company. And they are not in camp sites in your parking lots or dressed differently - they mingle and coexist with your legitimate employees. How cool is that. :) Exampl...
Growing need for Social Intelligence
May 23, 2012 6:24 PM, by Anil Saldhana
In the past, there were firewalls, employee agreements and corporate training to inculcate proper corporate etiquette in employees. As an employee, you were told that when you are in public, then sens...
Obfuscate your maven settings passwords
May 7, 2012 7:48 PM, by Anil Saldhana
If you still have cleartext passwords in your settings.xml, then it is time for you to mask/obfuscate them. It will not be fool proof but definitely better than having your passwords in the open. htt...
GSOC 12 at JBoss is ready to roll
Apr 24, 2012 9:43 PM, by Anil Saldhana
Google has announced the 1200+ students that will be participating via 180 organizations this year (2012). As announced a month ago, JBoss Community is one of the organizations participating in GSOC....