Spring Security 2, the former Acegi Security System for Spring, is a comprehensive framework which helps you implement enterprise application security requirements, like single sign-on, authorization checks and the use of several authentication technologies.
This session presents not only the new features of Spring Security 2, but also shows some best practices and examples to get the most out of it. Covered architectures will include web (2.0) applications, web services and client/server applications.
Since the beginning of J2EE Mike has worked on several enterprise development projects and started using Spring shortly after the first release. He has deep knowledge about making simple, transparent and powerful security solutions with tools like Spring Security (Acegi) and AspectJ. Besides this, he has implemented several Single Sign On solutions for customers using Kerberos and JA-SIG CAS. He is currently writing the first book about Spring Security (in German). Contact Mike: mike.wiesner (at) springsource.com.
Liberty Alliance ID-WSF 2.0— This session gives an overview of ID-WSF 2.0's layered architecture, focusing in particular on the new-in-version-2.0 People Service and how it allows consumers and organizations to manage social and enterprise applications such as bookmarks, blogging, calendars, e-mail, photo sharing and instant messaging in a federated social network. Learn how ID-WSF's SOAP based invocation framework builds on SAML's foundation to provide identity with privacy for web services.
OpenSSO— This session looks at the progress of OpenSSO over the past two years and gives an overview of its features and functionality, with an emphasis on how you can leverage it and get involved. The OpenSSO project (http://opensso.dev.java.net/) was launched by Sun Microsystems in July 2005 to bring its access control, single sign-on and federation technology to the open source community. Since then, the entire code base of Sun's Access Manager product has been released as open source and work is proceeding on Sun Java System Federated Access Manager 8.0 in the OpenSSO community. Come find out how OpenSSO can work in your identity project.
XML Security and JSR 105-106— Java programmers now have a standard solution for creating and validating XML signatures. And with the progression of JSR 106 (Java XML Encryption API) through the Java Community Process, a standard solution for XML encryption will soon be available.
SAML v2— Discover the basics of single sign-on and how SAML assertions are finding their way into projects like OpenSSO, NetBeans and Glassfish to secure web services. SAML V2.0, approved by OASIS in March 2005, is an XML-based framework for communicating user authentication, entitlement, and attribute information. Beyond defining the industry-standard protocol for cross domain Web single sign-on (SSO), SAML is a keystone of higher level specifications such as Web Services Interoperability Basic Security Profile (WS-I BSP), the Liberty Alliance's Identity Web Service Framework (ID-WSF) and even Microsoft's Cardspace.
Security Sins and their Solutions— The talk covers the most insidious security vulnerabilities in Java Web and EE applications through practical demonstration of how to exploit these vulnerabilities and recommendations on how to prevent them. The threat posed by each vulnerability is explained and strategies for mitigating the flaw are introduced. The talk concludes with a discussion about integrating security at every step of the development life cycle.
