Security "Bluebricks" (Application Blocks)
I think the “Bluebricks” (Application Blocks) are exceptional (pun intended). They have distilled patterns & practices in code-form and help build robust systems. I see a need for Security “Bluebricks” and since the security subject is relatively broad, developing it in discrete chunks, as mentioned in the GotDotNet PAGS' workspace, would be very conducive in getting the job done. The sections listed in the message forum are -
- Authorization (everyone's favorites)
- Authentication (AD is there, but when you have to do it, or integrate it with a SSO (Single Sign On) solution, you may need to extend)
- Secure communication (from secure remoting channels, such as the article)
- Auditing
In the meantime, we make do with security guidelines (e.g., Authorization & ASP.NET) and checklists. Codifying all this with “Bluebricks“ would be nice.