Secure SOA Seminar
Secured Service Oriented Architectures
On Thursday May 28th, LSEC organized its first Secure SOA seminar. With the current evolutions of web services, increasingly integrated information flows between companies, complex softwware architectures where some components have been outsourced computing parts, or service oriented architectures for other purposes; the Need for well thought through Security guidelines in this domain were becoming increasingly important.
During the seminar the objective was to bring some clarity in the concepts of Service Oriented Architectures, and especially investigate, outline
and clarify some of the risks involved with such architectures and present solutions on how to improve security in the
various stages of such projects and applications. As a result companies could be enabling the development and deployment of secure distributed software applications.
Some of the following topics were addressed :
- from business requirement to architecting SOA and incorporating risk management along the way
- existing building blocks vs missing components
- is there a reference SOA security architecture?
- SOA security logical architectures
- Insourced/Serviced/Outsourced Components and real-time services issues?
- Managing Security across diverse environments, across companies, …
- Liabilities & Risks
- SOA using a Secure Development Lifecyle
- Risk management, policy management and enforcing and controlling ?
9.30h : welcome, registration & coffee
10.00h : Introduction, opening notes & agenda of the day, by Ulrich Seldeslachts, CEO LSEC
10.10h : Understanding SOA Security, by Martin Borret, Senior Security Architect IBM Tivoli
About : Martin Borrett is a senior security architect supporting IBM Tivoli Security brand across Europe. Martin has worked in the IT industry for 14 years, the last 12 of which have been with IBM. Martin is based at IBM Hursley in the UK and spends most of his time travelling across Europe advising clients about the business, technical, and architectural issues associated with security and assisting them in exploiting IBM Tivoli Security products. Over the last two years, Martin has worked increasingly with clients and IBM teams on SOA, in particular the security and management aspects and the technology that Tivoli can provide to help clients in this area. Martin is a Consulting IT Specialist, a certified member of the BCS and a chartered engineer (CEng) of the IET.
12.00h : Lunch & soft drinks offered by Vasco Data Security
12.50h : Breaking SOA Security & Performance Barriers Inside-Out, by Bart Callens & Sebastien Deleersnyder, Telindus – Belgacom ICT
SOA is a challenge for lots of organisations. It is even more difficult to “build in” reliability and security in SOA architectures.
This presentation explains the need for security and performance for successful SOA initiatives. This is not only important for external business connections, but also with ‘internal’ SOA roll-outs. 3 stages of SOA “Management, Policy and Optimalisation” are described together with practical usage scenario’s and tools. Integration of adequate Identity and Access Management into SOA is key for every SOA roll-out.
About : Bart Callens, Principle Application Security Consultant, Telindus - Belgacom ICT. Bart started the Belgacom E-Trust Certification Authority (CA) which leaded to the Certification Authority which is now issuing the certificates for the Belgian eID Card. He performed several public presentations on various application security topics such as IAM, DRM, eID, interoperable electronic signatures,etc. He is currently responsible for the application security with regards to the Telindus Software as a Service offering.
About : Sebastien Deleersnyder, Lead Application Security, Telindus - Belgacom ICT. Sebastien started the successful Belgian OWASP Chapter and performed several public presentations on web application and web services security. Sebastien specialises in (web) application security, combining his software development and information security experience. He is currently OWASP Foundation board member and responsible for the Telindus application security offering.
15.30h : Coffee Break & Networking
16.15h : IDA for SOA environments – Microsoft’s best hidden secrets by Daniel Meyer, Enterprise Technology Architect, Microsoft
About Daniel Meyer : Daniel Meyer (Enterprise Technology Architect specialized in Identity & Security) is a frequent speaker at all kinds of internal and external international Identity and Security events.
17.30h : Discussion, Closing notes
18.00h : Reception, Drinks & Snacks offered by Vaso Data Secuirty
19.30h : Close of Event
LSEC Secure SOA 2009 : Secured Service Oriented Architectures
- Thursday May 28th, Wemmel - Vasco Data Security, Kon. Astridlaan 164 - 1780 Wemmel.
- Free participation upon registration prior to May 26th
Registration by sending a email with contact details to securesoa2009 @ lsec.be or by pushing the registration / subscription button below on this page(after registration on the website first, next returning to the online page and pushing the subscribe button).
Looking forward seeing you May 28th or at one of our earlier events.
Are you a
leader in Security ? Do you want to share your expertise and join the
Leaders in Security as a Core Expert Member ?
Contact us via email! Or call +18.104.22.168.41 for a direct contact and more information.
An information set and your Membership Welcome Pack awaits you.
Copyright LSEC vzw 2007-2008 with the support of the IWT.
LSEC vzw Kasteelpark 10 - 3001 Heverlee - VAT BE BE 478 045 395 - fax. +22.214.171.124.69 - info @ lsec.be