WSO2 CTO and Director of Security to Present Three Sessions at European Identity & Cloud Conference 2014

EIC Sessions will look at open security approaches along with security for APIs and Internet of Things; WSO2 workshop will examine federated identity and access management

Palo Alto, CA – May 7, 2014 – The cloud, APIs and Internet of Things (IoT) are providing new opportunities for bringing enterprises, their customers and partners together. However, these technology developments also are bringing new challenges to protecting privacy, data, and other corporate assets. WSO2 Co-founder and CTO Paul Fremantle and WSO2 Director of Security Prabath Siriwardena will examine these issues in three sessions at the KuppingerCole European Identity & Cloud Conference (EIC) 2014.

WSO2 is a Platinum Sponsor of EIC 2014, which will run May 13-16, 2014 at the Dolce BallhausForum in Munich, Germany. At the event, WSO2 will demonstrate its integrated, 100% open solutions for identity management, governance, API management, and enterprise mobility management, which run both on-premises and in the cloud.

Additionally, WSO2 will host a half-day workshop, “Federated Identity & Access Management” on Monday, May 12, 2014, in advance of the conference at The Charles Hotel in Munich.

Keynote – Borderless Identity: Managing Identity in a Complex World

In his keynote presentation, WSO2 Co-founder and CTO Paul Fremantle asserts that centralized identity management is dead, and passwords should be dead. He will examine how the identity assumptions of the first 50 years of computing are no longer meeting the needs of the 21st century.

Paul then will discuss the need to use open standards and open security models to federate identity and access control—not just across organizations but across different technologies, different standards and different models. Finally, he will introduce the concept of an “identity bus” as a reference architecture for solving these problems, enabling a strategically federated approach to identity, and creating approaches that support borderless identity.

The keynote will be held on Wednesday, May 14, 2014, from 8:50 – 9:10 a.m.

Presentation – An Ecosystem for API Security OAuth 2.0, OpenID Connect, UMA, SAML, SCIM and XACML

WSO2 Director of Security Prabath Siriwardena will discuss how enterprise APIs—both public and private—have become the preferred way of exposing business functions and need to be protected, monitored and managed. He then will examine how API security cannot be an afterthought and instead needs to be an integral part of any development project.

Prabath will next review how API security has evolved significantly in last five years, bringing exponential growth in standards, and he will discuss the need to weigh the tradeoffs of different options carefully. Finally, he will elaborate on how to build an ecosystem for API security around OAuth 2.0, OpenID Connect, Unlicensed Mobile Access (UMA), Security Assertion Markup Language (SAML), System for Cross-domain Identity Management (SCIM), and eXtensible Access Control Markup Language (XACML).

The presentation is part of a combined session in the IAM Infrastructure Trends & Concepts track, which will run 3:30 – 4:30 p.m. on Wednesday, May 14, 2014.

Panel - Security and Identity Challenges for the Internet of Everything

WSO2 Co-founder and CTO Paul Fremantle joins a panel of industry experts to explore the security challenges that the IoT brings, as well as emerging solutions. For example, standard approaches for security and identity, such as public key infrastructure (PKI), may not be appropriate or suitable for memory and CPU-constrained devices. Even when the device can handle asymmetric encryption, the key distribution may be a significant issue.

The panel session will cover identity, confidentiality, denial of service, privacy and other aspects and specifically how those are different in the IoT space. This session is aimed at professionals who understand identity and security issues and wish to understand how those concepts apply in the IoT space. It also will be relevant to IoT specialists looking to understand security issues.

Joining Paul will be KuppingerCole Managing Partner Rob Newby, serving as moderator, along with panelists: ForgeRock Vice President of Product Management John Barco, Safenet Vice President of CloudJason Hart, nexus CTO Per Hägerö, and NetIQ Senior Director of Solution Strategy Geoff Web.

The panel is part of a combined session in the Internet of Things track, which will run 5:00 – 6:00 p.m. on Thursday, May 15, 2014.

WSO2 Workshop: Federated Identity & Access Management

In advance of the conference, WSO2 will host an interactive workshop on best practices for implementing federated identity and access management.

WSO2 Director of Security Prabath Siriwardena will begin by discussing how—with data protection at the peak of scrutiny—identity and security are fundamental tools in the management of enterprise Web applications. He will review the growing challenges of identity and security management. Then Prabath will demonstrate how enterprise architects and developers can overcome these challenges and gain insight into key security standards and identity management for a service-oriented architecture (SOA).

Key topics Prabath will cover, include:

  • Identity federation and provisioning: risks, challenges and best practices
  • Identity federation gateway pattern
  • Bring your own identity (BYOID)

The half-day workshop will be held 1:30 – 4:30 p.m. on May, 12, 2014, at The Charles Hotel in Munich. To learn more and register, visit

About the Presenters

Paul Fremantle is WSO2 co-founder and CTO, and he is co-chair of the OASIS Web Services Reliable eXchange Technical Committee. Recognized by InfoWorld as a Top 25 CTO, he was responsible for simultaneously leading development of the groundbreaking WSO2 Enterprise Service Bus and Apache Synapse ESB. Paul has played a pioneering role in open source development, beginning with the original Apache SOAP project and his role in leading IBM's involvement in the Axis C/C++ project. Paul is a member of the Apache Software Foundation, and he previously served as vice president of the Apache Synapse project.

Prabath Siriwardena, WSO2 director of security, is a member of the OASIS Identity Metasystem Interoperability (IMI) Technical Committee (TC), OASIS XACML TC, and OASIS Security Services (SAML) TC. Prabath is also a member of the Apache Axis Project Management Committee (PMC). He has delivered talks at numerous international conferences.

About European Identity & Cloud Conference 2014

KuppingerCole’s European Identity & Cloud Conference 2014 is the place where identity management, cloud and information security thought leaders and experts get together to discuss and shape the future of secure, privacy-aware agile, business- and innovation-driven IT. With its world-class list of speakers, a unique mix of best practices presentations, panel discussions, thought leadership statements and analyst views, EIC has become an absolute must-attend event for more than 500 enterprise IT leaders from all over Europe and beyond. To learn more, visit

About KuppingerCole

Founded in 2004, KuppingerCole is a global Analyst Company headquartered in Europe focusing on Information Security and Identity and Access Management (IAM). We further specialize in Governance, Risk Management and Compliance (GRC). Our analysts are experienced in deriving corporate value from securing and maintaining information security and privacy across cloud, mobile and social computing platforms. For more information, visit

About WSO2

WSO2 is the only company that provides a completely integrated enterprise application platform for enabling a business to build and connect APIs, applications, Web services, iPaaS, PaaS, software as a service and legacy connections without having to write code; using big data and mobile; and fostering reuse through a social enterprise store. Only with WSO2 can enterprises use a family of governed secure solutions built on the same code base to extend their ecosystems across the cloud and on mobile devices to employees, customers and partners in anyway they like. Hundreds of leading enterprise customers across every sector—health, financial, retail, logistics, manufacturing, travel, technology, telecom and more—in every region of the world rely on WSO2’s award-winning, 100% open source platform for their mission-critical applications. To learn more, visit or check out the WSO2 community on the WSO2 Blog, Twitter, LinkedIn, Facebook, and FriendFeed..