Comments on: Show 040 – An Interview with Bob Blakley http://www.cigital.com/silverbullet/show-040/ In-depth conversations with leading security gurus, hosted by Gary McGraw, sponsored by IEEE Security & Privacy Magazine. Thu, 28 Jan 2010 16:25:18 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: gem http://www.cigital.com/silverbullet/show-040/comment-page-1/#comment-40144 gem Wed, 22 Jul 2009 15:06:38 +0000 http://www.cigital.com/silverbullet/?p=51#comment-40144 death to smileys. sorry for the technical difficulties on this one. we're usually better and we will be again. gem death to smileys.

sorry for the technical difficulties on this one. we’re usually better and we will be again.

gem

]]> By: rmacmich http://www.cigital.com/silverbullet/show-040/comment-page-1/#comment-40143 rmacmich Wed, 22 Jul 2009 15:03:47 +0000 http://www.cigital.com/silverbullet/?p=51#comment-40143 Von -- This one was a particularly difficult one to level out due to a lot of background noise (and, therefore, the use of noise reduction) and level inconsistencies. Sorry it was a tough listen for you -- hopefully past and future episodes aren't so jarring. :) ... Ryan Von — This one was a particularly difficult one to level out due to a lot of background noise (and, therefore, the use of noise reduction) and level inconsistencies. Sorry it was a tough listen for you — hopefully past and future episodes aren’t so jarring. :)

… Ryan

]]> By: Von http://www.cigital.com/silverbullet/show-040/comment-page-1/#comment-40142 Von Wed, 22 Jul 2009 14:57:39 +0000 http://www.cigital.com/silverbullet/?p=51#comment-40142 Technical gripe on the podcast audio: I found the difference in volume between Gary and Bob so great that I was constantly having to adjust my volume in my car to understand Bob but not get blasted away by Gary. Don't mean to just complain though. Really enjoy the podcasts and the mix of technical and non-technical questions. Technical gripe on the podcast audio: I found the difference in volume between Gary and Bob so great that I was constantly having to adjust my volume in my car to understand Bob but not get blasted away by Gary.

Don’t mean to just complain though. Really enjoy the podcasts and the mix of technical and non-technical questions.

]]> By: Gunnar http://www.cigital.com/silverbullet/show-040/comment-page-1/#comment-40049 Gunnar Fri, 17 Jul 2009 19:46:35 +0000 http://www.cigital.com/silverbullet/?p=51#comment-40049 Great interview. Bob pointed out his main gripe with Java's security model which is how it treats fine grained authorization. It requires defining all of the policy up front, very difficult or impossible to do in real world. And it lacks layers of indirections that we can use to resolve when we don't know a priori the full subject + object + session policies (i.e. most of the time). Bob opines that XACML and Claims may help resolve this, and I agree (if nothing else it represents our best current hope), but they didn't drill down on this Bob or Gary - anything to add here? Great interview.

Bob pointed out his main gripe with Java’s security model which is how it treats fine grained authorization. It requires defining all of the policy up front, very difficult or impossible to do in real world. And it lacks layers of indirections that we can use to resolve when we don’t know a priori the full subject + object + session policies (i.e. most of the time). Bob opines that XACML and Claims may help resolve this, and I agree (if nothing else it represents our best current hope), but they didn’t drill down on this

Bob or Gary – anything to add here?

]]>