Update: (SecurityFocus) followed up as well, "Developers warned to secure AJAX design"
Update: Joris Evers from C-Net blogged the story.
The paper digs into the various AJAX development frameworks, how they defend against CSRF attacks, or don’t, possible solutions, risks, advice etc. Brian Chess, Yekaterina Tsipenyuk O'Neil, Jacob West did an good job researching this, consulted with the experts, and presented the technical bits in an easy to understand fashion. For those already up to speed on the bleeding-edge web attacks, you’re not going to find anything “new”. This is more for developer and organizations that want something simple to understand what’s going on and what they can do about it. Good stuff.