In the past I already have posted several Google TechTalks. To be honest I have become quite addicted to them, some of them are very insightful and gives you a great deal of information. So if I am aloud to give you some advice, if you are not a Google employee, watch those video’s they can give you some very nice pointers for your own projects.
It is just like my advice as to read some RFC’s if you can find the time.
Please find some of them in this post and take the time to take a look.
Google TechTalk by Phillip Hallam-Baker:
Dr Hallam-Baker is a leading designer of Internet security protocols and has made substantial contributions to the HTTP Digest Authentication mechanism, XKMS, SAML and WS-Security. He is currently working on the DKIM email signing protocol, federated identity systems and completing his first book, The dotCrime Manifesto which sets out a comprehensive strategy for defeating Internet crime.
Dr Hallam-Baker has a degree in Electronic Engineering from Southampton University and a doctorate in Computer Science from the Nuclear Physics Laboratory at Oxford University.
ABSTRACT Internet Crime is a serious and growing problem. Phishing, Advance Fee and Consumer fraud continue to grow at alarming rates. Internet crime is a business that makes huge profits for some. But despite the fact that security has regularly polled as almost every type of Internet user's top priority over the past ten years, almost none of the security mechanisms developed in response are effectively controlling Internet crime.
Google TechTalks by Narayanan Shivakumar:
Shivakumar is a Google Distinguished Entrepreneur. Earlier, he was a Director of Engineering responsible for many of Google's advertising products and Google Search Appliances. Before Google, he cofounded Gigabeat ('99), a startup in the online music space, and later acquired by Napster. He graduated with a BS '94 (Summa Cum Laude) from UCLA in Computer Science and PhD '99 in Computer Science from Stanford University.
ABSTRACT Google deals with large amounts of data and millions of users. We'll take a behind-the-scenes look at some of the distributed systems and computing platform that power Google's various products, and make the products scalable and reliable.
Google TechTalks by Mark Miller:
Mark Miller Open Source Coordinator E Project at erights.org Dr. Miller is a designer of several distributed secure programming languages including Vulcan for Xerox PARC, Trusty Scheme for AutoDesk, Joule for Agorics and Fujitsu, Tclio for Sun Labs, and E for Electric Communities, ERights.org, Combex, and HP.
ABSTRACT The first Authorization Based Access Control (ABAC) model dates from Dennis and van Horn's 1965 Supervisor. Strikingly, their paper does not mention security as a separate concern. Rather, they considered modularity, naming, abstraction, composition, and security as inherently related problems, to be simultaneously addressed by a unified set of abstraction mechanisms. The close relationship between their model, lambda calculus, and object-oriented languages was appreciated and stated clearly by the mid 1970s. To emphaisize these relationships, we term their model "object-capabilities".
Unfortunately, the formal models of access control used in the academic security literature created a tragic disconnect between theory and practice. These models implicitly assumed away the power that abstraction contributes to security. With these blinders on, security theorists then "proved" that object-capability systems could not enforce various basic policies, despite the existence of actual systems that were already doing so.