LSEC - Leaders in Security

Secured Service Oriented Architectures

On Thursday May 28th, LSEC organized its first Secure SOA seminar. With the current evolutions of web services, increasingly integrated information flows between companies, complex softwware architectures where some components have been outsourced computing parts, or service oriented architectures for other purposes; the Need for well thought through Security guidelines in this domain were becoming increasingly important.

During the seminar the objective was to bring some clarity in the concepts of Service Oriented Architectures, and especially investigate, outline
and clarify some of the risks involved with such architectures and present solutions on how to improve security in the
various stages of such projects and applications. As a result companies could be enabling the development and deployment of secure distributed software applications.

Some of the following topics were addressed :
- from business requirement to architecting SOA and incorporating risk management along the way
- existing building blocks vs missing components
- is there a reference SOA security architecture?
- SOA security logical architectures
- Insourced/Serviced/Outsourced Components and real-time services issues?
- Managing Security across diverse environments, across companies, …
- Liabilities & Risks
- SOA using a Secure Development Lifecyle
- Risk management, policy management and enforcing and controlling ?
- …

Program

9.30h : welcome, registration & coffee


10.00h : Introduction, opening notes & agenda of the day, by Ulrich Seldeslachts, CEO LSEC


10.10h : Understanding SOA Security, by Martin Borret, Senior Security Architect IBM Tivoli


About : Martin Borrett is a senior security architect supporting IBM Tivoli Security brand across Europe. Martin has worked in the IT industry for 14 years, the last 12 of which have been with IBM. Martin is based at IBM Hursley in the UK and spends most of his time travelling across Europe advising clients about the business, technical, and architectural issues associated with security and assisting them in exploiting IBM Tivoli Security products. Over the last two years, Martin has worked increasingly with clients and IBM teams on SOA, in particular the security and management aspects and the technology that Tivoli can provide to help clients in this area. Martin is a Consulting IT Specialist, a certified member of the BCS and a chartered engineer (CEng) of the IET.

12.00h : Lunch & soft drinks offered by Vasco Data Security

12.50h : Breaking SOA Security & Performance Barriers Inside-Out, by Bart Callens & Sebastien Deleersnyder, Telindus – Belgacom ICT


SOA is a challenge for lots of organisations. It is even more difficult to “build in” reliability and security in SOA architectures.
This presentation explains the need for security and performance for successful SOA initiatives. This is not only important for external business connections, but also with ‘internal’ SOA roll-outs. 3 stages of SOA “Management, Policy and Optimalisation” are described together with practical usage scenario’s and tools. Integration of adequate Identity and Access Management into SOA is key for every SOA roll-out.


About : Bart Callens, Principle Application Security Consultant, Telindus - Belgacom ICT. Bart started the Belgacom E-Trust Certification Authority (CA) which leaded to the Certification Authority which is now issuing the certificates for the Belgian eID Card. He performed several public presentations on various application security topics such as IAM, DRM, eID, interoperable electronic signatures,etc.  He is currently responsible for the application security with regards to the Telindus Software as a Service offering.


About : Sebastien Deleersnyder, Lead Application Security, Telindus - Belgacom ICT. Sebastien started the successful Belgian OWASP Chapter and performed several public presentations on web application and web services security. Sebastien specialises in (web) application security, combining his software development and information security experience. He is currently OWASP Foundation board member and responsible for the Telindus application security offering.

13.50h : SOA – the risks outlined, by Martin Borret, Senior Security Architect, IBM Tivoli

15.30h : Coffee Break & Networking


16.15h : IDA for SOA environments – Microsoft’s best hidden secrets by Daniel Meyer, Enterprise Technology Architect, Microsoft


About Daniel Meyer : Daniel Meyer (Enterprise Technology Architect specialized in Identity & Security) is a frequent speaker at all kinds of internal and external international Identity and Security events.


17.30h : Discussion, Closing notes
18.00h : Reception, Drinks & Snacks offered by Vaso Data Secuirty
19.30h : Close of Event

Practical Details

LSEC Secure SOA 2009 : Secured Service Oriented Architectures
- Thursday May 28th, Wemmel - Vasco Data Security, Kon. Astridlaan 164 - 1780 Wemmel.
- Free participation upon registration prior to May 26th

Registration by sending a email with contact details to securesoa2009 @ lsec.be or by pushing the registration / subscription button below on this page(after registration on the website first, next returning to the online page and pushing the subscribe button).

Looking forward seeing you May 28th or at one of our earlier events.