BKW3JI23.RVW   980411

"Web Security", Rohit Khare, 1997, 1-56592-329-4 ISSN 1085-2301,
U$29.95/C$42.95
%E   Rohit Khare editor@w3j.com
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   1997
%G   1-56592-329-4 ISSN 1085-2301
%I   O'Reilly & Associates, Inc.
%O   U$29.95/C$42.95 800-998-9938 fax: 707-829-0104 nuts@ora.com
%P   272 p.
%S   World Wide Web Journal
%T   "Web Security: A Matter of Trust"

Many issues of the World Wide Web Journal coincide with major
specification announcements: Web standards that have been in process,
and anticipated, for some time determine the topic.  That does not
seem to be the case with this issue, although the first report covers
the use of PICS (Platform for Internet Content Selection) 1.1 labels
for DSig 1.0 signature labels, the second gives more detail on DSig,
and the third reports on the Joint Electronic Payment Initiative
(JEPI).

Still, the "technical" papers in this issue seem to have a decidedly
philosophical bent.  This emphasis is not necessarily a bad thing,
since it serves to redirect attention from the minutiae of Web server
"hole patching" and towards a more fundamental question, that of
trust.  An interesting reversal of perspective occurs when you turn
from the concept of a closed and opaque system to one where
everything, including identity, is transparent.

Topics included in the papers include a cryptography primer, the
REFEREE system for trust management, SSL (Secure Sockets Layer) and
the free SSLeay implementation, security for the DNS (Domain Name
System), name server security in BIND, security in CGI (Common Gateway
Interface) and API (Application Programmer Interface) programming,
secure electronic business with E2S (End-to-End Security), concerns
and benefits with medical record availability, digital signature
legislation and regulation, and the risks and government promotion of
key escrow and recovery.

copyright Robert M. Slade, 1998   BKW3JI23.RVW   980411