Up ] KDick ] BDournaee ]

Web Security
Home News Listen Read Resources Feedback Contents Search RSS, Contacts

 

 

 

Sponsor Links
Fast, reliable data access for ODBC, JDBC, ADO.NET and XML
Need an expert for Java, XML and Web Services projects?
WSSC 2008: The only event dedicated to Web Services Security technology and business
IBM MQSeries for Compaq NSK - ( v. 5.1 ) - media
88x31 CTIX Logo - Clear Background
Microsoft SQL Server 2005 Standard Edition X64 - complete package
Corel DESIGNER Technical Suite - ( v. 12 ) - complete package
Find XML examples at XML Pitstop

 

Panel Discusses "Web Services Security Issues"
By Ken North

The adoption of XML, web services and service-oriented architectures (SOA) is an important trend, but it's engendered serious concerns about security. As Web services technologies and specifications continue to evolve, developers have focused on the need for industrial-strength, secure services. To update its members on security issues, the San Diego Software Industry Council (SDSIC) sponsored a panel discussion on August 10, 2004. The panel assembled to discuss "Web Services Security Issues" included experts and gurus from industry and the academic community.

Panelists discussed and debated security issues such as authentication, authorization, encryption, secure sockets, profiles and so on. Panel members brought a platform-neutral perspective to the panel. The discussion included topics of interest to the .Net, J2EE and open source communities. Panel members included Tony Darugar, Kevin Dick, Blake Dournaee, Michael Leventhal, and Ashraf Memon (biographies).

Note: We recorded audio and video programs during the panel. Check the list below.

There can be heavy overhead associated with XML processing and Web services security processing, but optimizing performance can be accomplished by throwing hardware at the problem. Blake Dournaee of Sarvega and Michael Leventhal of Tarari provided useful information about specialized hardware for content processing. They took a position that Web services security problems are serious and that hardware solutions are helpful in enforcing security policies and in reducing the overhead of encryption and security processing.

Kevin Dick took a devil's advocate position that we have already developed most of the tools and technologies we need for securing web services. His company, Claymore Systems, developed an SSL Auditing product for Defense Advanced Research Projects Agency (DARPA). Claymore is currently engaged in testing the software for commercial application.

Tony Darugar emphasized the importance of developing a security infrastructure. The idea is to invoke a common infrastructure from all of an organization's web services instead of including security-related code in every service. Ashraf Memon of San Diego Supercomputer Center was able to join the panel with little advance notice and deliver an interesting presentation. He spoke about security for web services and grid services used with large geospatial databases, such as ESRI ArcGIS web services.

Following presentations by panel members, the session concluded with a 30-minute question and answer period. To view the presentation slides or view or listen to the presentations, select a program from the table below.

High Level of Interest in Security

Judging by the number of questions and the active discussions after the session closed, the level of enthusiasm seemed high. This was attributable in part to the audience member's experience with web services. An informal survey of audience members about their organization’s adoption of web services showed:

 

  • 5% work for organizations that deployed web services in 2002
  • 12% work for organizations that deployed web services in 2003
  • 26% work for organizations that deployed web services in 2004
  • 66% work for organizations that expect to deploy web services in the future.

Sponsors

The panel was sponsored by the San Diego Software Industry Council (SDSIC) and Websense.

 

Ken North is editor and publisher of WebServicesSummit.com and SQLSummit.com.

 

Panel Member Biographies

Tony Darugar (Chief Architect, Blue Titan) has been architecting and building high performance Web based applications since 1994. His areas of interest include XML, Web Services, and high performance architectures for the Web. Tony is a regular speaker at industry events, including NextWare, Web Services Reality, XML Edge, XML Devcon, Networld + Interop, O'Reilly Open Source Conference, Usenix Tcl conference, and others. He also writes regularly for IBM Developer magazine and other publications.

Kevin Dick (CEO, Claymore Systems) is a B2B, XML, middleware expert and a specialist on technical architectures. He is the author of XML: A Manager's Guide (Addison-Wesley) as well as book length technical reports on J2EE servers and object databases. Claymore Systems specializes in security. It recently developed SSL auditing technologies for DARPA, the primary research arm of the Defense Department. One of its products is a secure Java toolkit.

Blake Dournaee (Senior Architect, Sarvega, Inc.) is the author of XML Security (McGraw-Hill) and he was on the program committee for XML Security 2002. Before joining Sarvega, Inc in 2003, he was an employee of RSA Security.

Michael Leventhal (Director of XML Technology, Tarari, Inc.) has architected and lead numerous projects in area of Web applications and infrastructure and XML (and SGML) including the DocSOAP XDK Web Services document-centric/ebXML XML and SOAP framework and a mozilla-based browser, DocZilla. He developed and taught the first university-level course in XML and wrote the first book on XML software development for the Internet.

Ashraf Memon (Researcher, San Diego Supercomputer Center) is a Spatial Database Specialist for Data and Knowledge Systems at the San Diego Supercomputer Center. He developed some of the software for the Geosciences Infrastructure grid (GEON). He spoke at the SDSIC Web Services Conference in 2004.

 

Video and MP3 Audio (Podcast) Programs

Slides and presentations from the SDSIC panel discussion are available in several formats. You can view HTML slide presentations, listen to MP3 audio programs or podcasts, or watch video programs. To view the video programs, you'll need Real Player or Windows Media Player. 

Program HTML Audio Video
Tony Darugar Web Services Security
(running time  00:00)		 Slides MP3 Real
Windows Media
Kevin Dick Security Taxonomy of Web Services: Mostly Secure Already Slides MP3 Real Video
Windows Media 368K
Blake Dournaee XML Security Gateway
(15:00)		 Slides MP3 Real Video 100K
Windows Media 498K
Michael Leventhal Web Services Security Issues (12:00) Slides MP3 Real Video 56K 128K
Ashraf Memon Geospatial Data Services and Security (5:00)   MP3 Real
Ken North Web Services Security Issues
(10:00)		   MP3 Real Video 56K 128K

 

 
 

 

Home ] Up ] KDick ] BDournaee ]

Copyright © 2008,  Ken North Computing, LLC
Last modified: March 31, 2008