RSA Conference Brochure 2008

sEcurity-oriEntEd architEcturE tuEsday, april 8 1:30 p.m. – 2:40 p.m. SOA-105 WEdnEsday, april 9 8:00 a.m. – 8:50 a.m. SOA-201 (T2) Crossing Domain Boundaries with SOA: A Federated Approach (T2) Java and Web Services Security in Action Marc Chanliau | Director, Product Management, Oracle Corporation Vikas Jain | Principal Product Manager, Oracle Corporation Ray Neucom | WW Technical Enablement, Tivoli Security, IBM Corporation Valery Zubovsky | Director, Messaging Architecture, Charles Schwab As enterprises evolve through mergers and acquisitions, technology is developed or acquired to meet specific business needs, resulting in an archipelago of security and business domains. This session will demonstrate how a federation of identities and user entitlements can enable the enterprise to cross internal and external boundaries to deliver a cohesive view of its business to customers. 3:00 p.m. – 3:50 p.m. SOA-106 This session introduces the various security standards of Java and web services and puts them in action by using an end-to-end scenario involving Java SE, Java EE applications (JAX-WS), business processes (BPEL) and the Enterprise Service Bus (ESB). 9:10 a.m. – 10:20 a.m. SOA-202 (T1) Web 2.0 Security Chess: Combat Strategies and Defense Tactics (T1) Honey, i Hacked the WS-Security Policy Symon Chang | Staff Software Engineer, BEA Systems, Inc. Shreeraj Shah | Founder & Managing Director, Blueinfy Solutions Pvt. Ltd. When using WS-Security Policy to specify web services security, poor choice of policy can lead to poor performance and interoperability issues — even threatening the security of the protected application. Pitfalls, loopholes, issues and best practices in using this standard for SOA will be discussed. How to select the right policy to meet application needs while preventing attacks will also be presented. 4:10 p.m. – 5:20 p.m. SOA-107 Ajax, web services and rich Internet (Flash) are redefining moves on the security chessboard. Attack strategies are emerging like cross-site scripting with JSON or cross-site request forgery with XML. This session will cover Web 2.0 attacks, tools for assessment and approaches for code analysis with demonstrations. Professionals can apply knowledge in real life to a secure Web 2.0 application layer. 10:40 a.m. – 11:50 a.m. SOA-203 (T2) Securing Your SOA: Entitlement Management (T2) The CSO’s Guide to Web 2.0 Technology Roger Thornton | Founder / CTO, Fortify Software in a Service-Oriented Application Sekhar Sarukkai | CTO, Securent, Inc. This session will address the security implications of deploying Web 2.0; specifically, applications based on JavaScript and Ajax within an organization. In addition, this presentation will shed light on the security issues related to Ajax — the web development technique popular in Web 2.0 technologies — and will delve into ways CSOs can protect assets from outside attacks. 5:40 p.m. – 6:30 p.m. SOA-108 Securing an SOA is different than securing other applications. Decoupling security logic from application logic is a necessity in order to preserve the principles of SOA. This session will explore entitlement management and demonstrate how implementing a policy-based security layer outside an SOA is the only effective way of managing access. Sessions and speakers are subject to change without notice. profEssional dEvElopMEnt & sEcurity-oriEntEd architEcturE (T3) Solving the Transitive Access Problem for SOA Alan Karp | Principal Scientist, Hewlett-Packard Managing the access rights of an indirect service request has been found to be an insurmountable problem in SOA implementations. Problems can arise due to poor choice of an access control model. Solutions based on user identity, role or attributes cannot work for some common access patterns. This presentation will show that using explicit authorizations makes the solution straightforward. Track sponsored by: rEsponsEs to custoMEr rEquirEMEnts and it Evolution sEssion codE AUTH - 303 Track Code Timeslot Code Day Code WWW.rsaconfErEncE.coM/2008/us 41 http://WWW.RSACONFERENCE.COM/2008/US

Table of Contents Feed for the Digital Edition of RSA Conference Brochure 2008

Table of Contents Who Should Attend & Why Keynote Speakers Agenda At-A-Glance Session Classification Special Events & Activities Connect & Network Highlights 1-Day Pre-Conference Tutorials 2-Day Pre-Conference Tutorials Tracks & Sessions Authentication Consumer Protection Business Trends & Impact Case Studies Cryptographers Deployment Strategies Developing with Security Enterprise Defense Hackers & Threats 1 Hackers & Threats 2 Identity & Access Management Industry Experts Law & Liability Policy & Government Professional Development Security-Oriented Architecture Standards Wireless Sponsor Sessions List of Exhibitors Registration Information Sponsors

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.