WSO2 Workshop on SOA Security and Identity Management Best Practices Comes to Paris, London, Zurich and Frankfurt

One-Day Workshops Offer IT Professionals Real-World Best Practices for Designing and Deploying Secure SOA, REST and Cloud Implementations

Mountain View, CA – April 21, 2011 – The ability of WikiLeaks to obtain thousands of confidential documents from the US government provides an important security lesson for enterprise IT professionals worldwide. It is not enough to simply authorize users; it is also crucial to implement policy-based entitlement that limits what users can access based on their roles and relationships to the organization. That is true whether the service-oriented architecture (SOA) being secured is based on SOAP or REST, and whether it is on-premise or resides in the cloud.

WSO2 will provide enterprise architects and software developers with an overview of proven security and identity management best practices to address these demands in a dynamic one-day workshop, “SOA Security & Identity,” which is being held in four European locations:

  • Paris, Tuesday, May 3– Hilton Arc de Triomphe.
  • London, Friday, May 6 – IET London: Savoy Place.
  • Zurich, Monday, May 9 – Radisson Blu Hotel, Zurich Airport.
  • Frankfurt, Wednesday, May 11 – Frankfurt Marriott Hotel.

Each one-day workshop will run 8:30 a.m. – 4:30 p.m. The cost is €150 per person to attend, but participants who register by April 25, 2011 qualify for the €100 early bird discounted rate. To register, visit

Real-world Examples Bring Key Concepts to Life

Leading the workshop will be SOA experts Paul Fremantle, WSO2 co-founder and CTO, vice president of the Apache Software Foundation Synapse Project, and co-chair of the OASIS Web Services Reliable eXchange Technical Committee; Thilina Mahesh Buddhika, WSO2 senior software engineer, an Apache committer, and SOA security expert; and Selvaratnam Uthaiyashankar, senior software architect and an authority on cloud security. They will review the key security standards for enabling authentication and identity management; the role of governance in managing access; and proven patterns for securing SOA, REST and cloud implementations. The lively and practical sessions will include brief demonstrations using the WSO2 Carbon family of middleware products and WSO2 Stratos cloud platform.

Workshop session topics will include:

  • Identity, Single Sign-on, SAML2, OpenID, OAuth, Information Card:This introductory session will look at how identity has evolved in the age of the Internet, review the roles and applicability of the various industry standards in use today, and examine whether companies still need both on-premise and in-the-cloud user stores.
  • Entitlement and Authorization – XACML:This session outlines how XACML can be used to define fine-grained authorization policies and the applicability of XACML-based authorization in SOAP-based Web services, as well as in RESTful services, to provide more robust security without sacrificing usability.
  • How Governance Affects Your Security:This session will explore how to ensure that users only access what they need by using data services to reduce batch data transfer and create auditable, limited-access data systems employing policy-based entitlement. Attendees will also learn recommended practices for creating processes and procedures to manage entitlement policies and audit logs.
  • Best Practices for Securing Your SOA, REST and Cloud (Patterns):This final session will review best real-world security practices and patterns for both SOAP and REST. It will answer such questions as: What is the best practice for exposing internal services outside via a DMZ? How can security be enforced centrally to make sure no unauthenticated access is permitted? How can internal applications securely How can internal applications securely connect to those running on a cloud or vice versa?

About WSO2

WSO2 is the lean enterprise middleware company. It delivers the only complete open source enterprise SOA middleware stack purpose-built as an integrated platform to support today’s heterogeneous enterprise environments—internally and in the cloud. WSO2’s service and support team is led by technical experts who have proven success in deploying enterprise SOAs and contribute to the technology standards that enable them. For more information,visit and the WSO2 OxygenTank developer portal at, or check out WSO2 on Twitter, LinkedIn, Facebook, WSO2 Blogsand FriendFeed.

Trademarks and registered trademarks are the properties of their respective owners.