One-day workshops offer IT professionals real-world best practices for designing and deploying secure SOA, REST and cloud implementations
Palo Alto, CA – June 9, 2011 - The repeated security breaches at Sony and WikiLeaks’ ability to obtain thousands of confidential documents from the US government provide an important security lesson for enterprise IT professionals. It is not enough to simply authorize users; it is also crucial to implement policy-based entitlement that limits what users can access based on their roles and relationships to the organization. That is true whether the service-oriented architecture (SOA) being secured is based on SOAP or REST, and whether it is on-premise or resides in the cloud.
WSO2 will provide enterprise architects and software developers with an overview of proven security and identity management best practices to address these demands in a dynamic one-day workshop, “SOA Security & Identity,” which is being held in two locations:
- Palo Alto, CA on Tuesday, June 28
- Seattle, WA on Thursday, June 30
Each one-day workshop will run 8:30 a.m. – 4:30 p.m. To request an invitation for one of these invitation-only events, visit http://wso2.com/events/workshops/2011-june-usa-security-and-identity-workshop?060911sw.Real-world Examples Bring Key Concepts to Life
Leading the workshop will be SOA experts Jonathan Marsh, vice president of business development and product design and a previous representative for W3C standards Working Groups in the XML and Web Services area, serving as a W3C editor and helping develop several XML and Web services-related technologies; Asanka, Abeysinghe, WSO2 director of solutions architecture and an Apache Software Foundation (ASF) committer; and Thilina Mahesh Buddhika, WSO2 senior software engineer, an Apache committer, and SOA security expert.
Jonathan, Asanka and Thilina will review the key security standards for enabling authentication and identity management; the role of governance in managing access; and proven patterns for securing SOA, REST and cloud implementations. The lively and practical sessions will include brief demonstrations using the WSO2 Carbon family of middleware products and WSO2 Stratos cloud platform. Workshop session topics will include:
- Identity, Single Sign-on, SAML2, OpenID, OAuth, Information Card:This introductory session will look at how identity has evolved in the age of the Internet, review the roles and applicability of the various industry standards in use today, and examine whether companies still need both on-premise and in-the-cloud user stores.
- Entitlement and Authorization – XACML:This session outlines how XACML can be used to define fine-grained authorization policies and the applicability of XACML-based authorization in SOAP-based Web services, as well as in RESTful services, to provide more robust security without sacrificing usability
- How Governance Affects Your Security: This session will explore how to ensure that users only access what they need by using data services to reduce batch data transfer and create auditable, limited-access data systems employing policy-based entitlement. Attendees will also learn recommended practices for creating processes and procedures to manage entitlement policies and audit logs.
- Best Practices for Securing Your SOA, REST and Cloud (Patterns): This final session will review best real-world security practices and patterns for both SOAP and REST. It will answer such questions as: What is the best practice for exposing internal services outside via a DMZ? How can security be enforced centrally to make sure no unauthenticated access is permitted? How can internal applications securely connect to those running on a cloud or vice versa?
WSO2 is the lean enterprise middleware company. It delivers the only complete open source enterprise SOA middleware stack purpose-built as an integrated platform to support today’s heterogeneous enterprise environments—internally and in the cloud. WSO2’s service and support team is led by technical experts who have proven success in deploying enterprise SOAs and contribute to the technology standards that enable them. For more information,visit http://wso2.com and the WSO2 OxygenTank developer portal at http://wso2.org, or check out WSO2 on Twitter, LinkedIn, Facebook, WSO2 Blogsand FriendFeed.All trademarks and registered trademarks are the properties of their respective owners.