May 2011
Paris 03 May, Tuesday
Hilton Arc de Triomphe
51/57, rue de Courcelles, Paris75008
London 06 May, Friday
IET London: Savoy Place
2 Savoy Place, London WC2R0BL
Zurich 09 May, Monday
Radisson Blu Hotel, Zurich Airport
PO Box 295, CH - 8058 Zurich
Frankfurt 11 May, Wednesday
Frankfurt Marriott Hotel
Hamburger Allee 2, Frankfurt,Hessen 60486
8.30 am to 4.30 pm
€150 per person (Includes Breakfast, Lunch and Coffee)


Paul Fremantle PaulFremantle
Co-founder & CTO

Award winning CTO and current co-chair of the OASIS Web Services ReliableeXchange Technical Committee, Paul has over fifteen years of experience under his belt and isa recognized expert in the enterprise middleware arena.

Thilina ThilinaMahesh Buddhika
Senior Software Engineer

An Apache committer, Thilina is an integral part of the WSO2 Security &Identity team. Backed by the practical knowledge gained from solving real-world problems,Thilina is an expert in WS- Security, SAML and will help demystify the finer details of securingyour SOA.

Selvaratnam Uthaiyashankar Selvaratnam Uthaiyashankar
Senior Software Architect

A part of the WSO2 Cloud Platform team, Shankar's isa recognized industry expert in security and cloud deployment. Equipped with an indepthunderstanding of the elements of security, he brings quality insight on the architectural aspect ofsecuring your enterprise to the table.

Lavi De Silva Lavi DeSilva
VP, Global Sales

Leading theWSO2 Global Sales team, Lavi is equipped with over twenty years of consultative salesexperience in the technology arena. His domain expertise in Financial Services and thoughtleadership in information technology helps customers in North America, the United Kingdom,Europe and the Caribbean leverage their technology investments.

With data protection at the peak of scrutiny, identity and security are fundamental tools in themanagement of enterprise web applications.

This full-day interactive workshop will highlight the growing challenges of identity and securitymanagement. We will demonstrate how enterprise architects and developers may overcomethese challenges and gain insight in to key security standards and identity management for SOA.

Topics to be covered :

Identity, Single sign-on, SAML2, OpenID, OAuth, Information Card

How has Identity evolved in the age of Internet? Is OpenID becoming obsolete due to theincreasing popularity of FBAuth? Why haven't Information Cards caught up to the Identity hype?Why do we have different standards to address the same problem? Who won, SAML2 orOpenID? Do you still need both on-premise and in-the-cloud user stores? All these questionsand more will be answered in our detailed, introductory presentation on Identity and what itmeans for you.

Entitlement and Authorization - XACML

I want my colleague Peter to be able to access Employee Information, but not salary. Andno way should he be able to do this remotely, or over the weekend.

Worried about defining authorization policies to this level of fine granularity. Our secondsession outlining how XACML can be used to define fine-grained authorization policies and theapplicability of XACML based authorization in SOAP based web services as well as in RESTfulservices is a real eye-opener for those who want to do more with their security withoutsacrificing existing usability.

How Governance affects your Security?

Is it possible for your data to be the next scandal courtesy of Wikileaks? Surely not. TheCableGate affair has shown even classified systems can have huge Governance and Securityissues. One reaction is to remove CD drives from classified systems. But is this the only choiceyou have? Won't this radical step hurt productivity and moral. We at WSO2 think that the "FIX"for these kinds of issues goes much deeper. Fundamentally, some of the blame for CableGatemust lie with the systems design that allowed too many people to access classified andconfidential data.

We will explore how to use Data Services to reduce batch data transfer and createaudit-able, limited access data systems based on policy-based entitlement to ensure that usersonly access what they need to. Also, we will suggest ways to create processes and proceduresfor managing entitlement policies and audit logs.

Best practices for securing your SOA, REST and Cloud (Patterns)

Rather than getting into yet another debate about message level security versus transportlevel security, or SOAP Vs. REST; we'd rather do some good and highlight the best practicesand the patterns we have learned for both SOAP and REST.

For example, what is the best practice one should follow while exposing internal servicesoutside via a DMZ? How to enforce security centrally to make sure no unauthenticated access ispermitted? Want your internal apps connected to the ones running on Cloud or vice versa? We'llbe exploring all this and much more during this, our final discussion of the day.

Summary/ Q&A