I ran a Peer2Peer session yesterday on Web 2.0 Security and we had some great attendees in the room with some excellent ideas on how to fix the client side problem of securing JavaScript. Some traditional (let's use JavaScript signing) to some new ideas about how to extend the browser (Javascript, really) even more to provide better security. That's a great idea - use the same mechanisms the bad guys do to exploit it against them. I like irony.

I note that there is a wide variety of understanding about Web 2.0 and AJAX in general, ranging from "I don't know anything about it" to some who've been considering whether there are even really good business reasons to deploy something based on AJAX to those who are actively developing and getting ready to deploy it.

I also heard some great questions on load and performance, and this was as great a concern in terms of "security" as was the actual problem of potential exploits against the underlying technology.

There's a few vendors here focusing on Web 2.0 and SOA security, and others trying to root around (pun intended) and find out what everyone else is doing in this area.

And of course there is a lot of focus on SPAM and a few people really talking up NAC.

Believe it or not this is the first time I've actually made it to RSA, and it's quite a different show in terms of the atmosphere. Everyone seems more serious here than at other shows, and maybe that's because the topic of security is a serious one.

I'll update in more depth when I get back to the office - we've got lots of things to do here at the show and they're keeping us busy.

Imbibing: Bad hotel coffee