• Security SIG: Securing Web Services Wednesday, October 09, 2002 - 06:30PM
    Cubberly Community Center
    4000 Middlefield Road, Room H-1
    Palo Alto, CA
    Software Architecture and Platform

Share This Event

Security SIG: Securing Web Services

REGISTRATIONPriceQuantity
$15.00
$0.00

Description

  • This session examines various components that constitute Web Services, and also explores several scenarios in which we will examine some possible approaches to secure Web Services.
     

    Presenter

    Anthony Nadalin (bio), Lead Architect - IBM Java Security Project

    Click here to view Anthony Nadalin's meeting presentation.

     

    Presentation Overview

    Securing Web Services

    In today's world of e-business and information technology, companies realize that to stay financially competitive they have to make their products and services available over the Internet. Web Services have the potential to enable application integration at a higher level in the protocol stack.

    The key to reaching this level is definition of a de-facto program-to-program communication model, built on standards such as HTTP, XML, SOAP, WSDL, and UDDI. While SOAP and HTTP are sufficient for interoperable XML messaging, and WSDL is sufficient to communicate what messages are required between service requestor and service provider, more is needed to cover the full range of requirements for e-business. To fully support e-business, extensions are needed for security, reliable messaging, quality of service, and management for each layer of the Web Services stack.

    The Web Service Security challenge is to understand and assess the risk involved in securing a Web-based service today and at the same time to track emerging standards and understand how they will be deployed to offset the risk in the future. Any security model must illustrate how data can flow through an application and network topology to meet the requirements defined by the business without exposing the data to undue risk. A Web Service Security model must support definition of business roles and policies as well as provide for the secure administration of the business policies at appropriate policy enforcement points.

    Is a Web Services Security layer really required? The industry already has a set of existing and widely accepted transport layer security mechanisms for message-based architectures such as SSL and IPSec, why add another? To answer these questions this session examines various components that constitute Web Services, and also explores several scenarios in which we will examine some possible approaches to secure Web Services.

    Anchor

    About the Presenter

    Anthony Nadalin, Lead Architect at IBM Java Security Project

    As lead architect, he is responsible for security infrastructure design and development across IBM. He serves as the primary security liaison to Sun Microsystems' JavaSoft division for Java security design and development collaboration.

     

    Event Logistics

    Location

    Cubberly Community Center
    4000 Middlefield Road, Room H-1
    Palo Alto, CA

    Agenda

    6:30-7:00pm registration/networking/refreshments/pizza
    7:00-9:00pm presentation and discussion
     

    Cost

    $15 for non-SDForum Members
    No charge for SDForum members and students with ID
    No registration required