Discover the basics of single sign-on and how SAML assertions are finding their way into projects like OpenSSO, NetBeans and Glassfish to secure web services. SAML V2.0, approved by OASIS in March 2005, is an XML-based framework for communicating user authentication, entitlement, and attribute information. Beyond defining the industry-standard protocol for cross domain Web single sign-on (SSO), SAML is a keystone of higher level specifications such as Web Services Interoperability Basic Security Profile (WS-I BSP), the Liberty Alliance's Identity Web Service Framework (ID-WSF) and even Microsoft's Cardspace.
Pat Patterson is a software architect at Sun Microsystems, working on the OpenSSO project and Federated Access Management product line. Pat has been working on Internet security and identity management since 1997, joining Sun in 2000 as an engineering manager in the Trustbase secure Web services team. After a four-year stint in product management, he returned to engineering early in 2005, focusing on federation and identity-enabled Web services. Pat speaks regularly at a variety of forums, from one-to-one executive briefings to major industry events such as JavaOne. Pat's blog centers on identity-related topics.
Liberty Alliance ID-WSF 2.0— This session gives an overview of ID-WSF 2.0's layered architecture, focusing in particular on the new-in-version-2.0 People Service and how it allows consumers and organizations to manage social and enterprise applications such as bookmarks, blogging, calendars, e-mail, photo sharing and instant messaging in a federated social network. Learn how ID-WSF's SOAP based invocation framework builds on SAML's foundation to provide identity with privacy for web services.
OpenSSO— This session looks at the progress of OpenSSO over the past two years and gives an overview of its features and functionality, with an emphasis on how you can leverage it and get involved. The OpenSSO project (http://opensso.dev.java.net/) was launched by Sun Microsystems in July 2005 to bring its access control, single sign-on and federation technology to the open source community. Since then, the entire code base of Sun's Access Manager product has been released as open source and work is proceeding on Sun Java System Federated Access Manager 8.0 in the OpenSSO community. Come find out how OpenSSO can work in your identity project.
XML Security and JSR 105-106— Java programmers now have a standard solution for creating and validating XML signatures. And with the progression of JSR 106 (Java XML Encryption API) through the Java Community Process, a standard solution for XML encryption will soon be available.
Security Sins and their Solutions— The talk covers the most insidious security vulnerabilities in Java Web and EE applications through practical demonstration of how to exploit these vulnerabilities and recommendations on how to prevent them. The threat posed by each vulnerability is explained and strategies for mitigating the flaw are introduced. The talk concludes with a discussion about integrating security at every step of the development life cycle.
