The “Indigo Security” Project

The “Indigo Security” project was an in depth study on security analysis on Windows Communication Foundation (WCF) carried out by newtelligence for the Federal Office for Information Security of the German government (BSI).

The results of this study demonstrate how to securely implement and deploy distributed systems on the Microsoft .NET Platform.

The reason for the study is that the BSI was concerned about the security risks involved for building distributed applications using the Windows Communication Foundation because the technology will be one cornerstone of web service based E-Government applications.

The “Indigo Security” project was launched in 2005 to identify use scenarios within the German government and leverage WCF security features in the identified scenarios.

newtelligence and the BSI began the investigation by first performing a security analysis and building a threat model. This was followed by the creation of a sample application demonstrating both how to build and deploy a Service Oriented system, securely. The project culminated in a series of documents and program code containing guidance on architecture, development and deployment for building solutions with WCF.

If you are interested in attaining the documents please request them from the BSI directly through the email address: os-security@bsi.bund.de.

To attain the code sample created for the study visit our download page.