The Patterns & Practices folks have updated Threat Modeling for Web Applications Security Guidance [via Anil John]. The iterative threat modeling process as defined consist of: Identify security objectives. Clear objectives help you to focus the threat modeling activity and determine how much effort to spend on subsequent steps. Create an application overview. Itemizing your application's important characteristics and actors helps you to identify relevant threats during step 4. Decompose your...
Very interesting paper about Microsoft's vision for an Identity Metasystem by Kim Cameron (author of The Laws of Identity). It desribes challenges for digital identity in Internet and Microsoft's approach to solve them (Indigo, InfoCards and lessons from Passport). [Update] Stefan Brands provided some details on possible technologies behind InfoCard some time ago. More links available at P.T.Ong blog. [Update 19/05/2005] It seems that developer preview of InfoCard would be available by the end of...