This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Hartford"
(→Local News) |
|||
Line 22: | Line 22: | ||
Q&A and Raffles: 7:30 - 7:45 PM | Q&A and Raffles: 7:30 - 7:45 PM | ||
We will be raffling a Microsoft Zune Player, Apparel and Gift certficates to local restaurants | We will be raffling a Microsoft Zune Player, Apparel and Gift certficates to local restaurants | ||
+ | |||
+ | == Topics for June == | ||
+ | |||
+ | '''CardSpace and User Centric Identity''' | ||
+ | The CardSpace system is a new feature of Windows (XP, Vista and W2K3) that allows users to control their digital identity via the simple and familiar metaphor of a set of cards. When a user wants to access a web site or web service, rather than provide their username and password, they select a virtual card from a special, security-hardened UI - much like you would select a physical card from your wallet or handbag to identify yourself. This Information Card represents the digital identity of the user and enables services to receive all the data they need to authenticate and authorize the user. | ||
+ | |||
+ | Information about the user is provided in a secure and consistent way by Identity Providers such as the users employer, their bank, their government or indeed by the user themselves. The user can determine exactly what information is disclosed and to whom, while the identity provider asserts the validity of that information. | ||
+ | |||
+ | By using standard, interoperable web service protocols - e.g. WS-Security, WS-Trust - and ubiquitous web protocols - e.g. HTTP POST - the CardSpace system is able to provide users with a simple, consistent and secure sign-on experience while developers can add support for Information Cards to their web sites and services very easily, regardless of the platform and tools they choose to use. | ||
+ | |||
+ | '''Identity Governance Framework''' | ||
+ | Identity governance is an issue of particular importance in today’s society of identity theft and increasing understanding of the importance of privacy. This presentation will outline use cases for defining a framework to help enterprises easily determine and control how identity related information, including Personally Identifiable Information (PII), access entitlements, attributes, etc. are used, stored, and propagated between their systems. | ||
+ | |||
+ | The Identity Governance Framework (IGF) will enable organizations to define enterprise level policies to securely and confidently share sensitive personal information between applications that need such data, without having to compromise on business agility or efficiency. Furthermore, it will ease the burden of documentation and auditing of these controls, allowing organizations to be able to quickly answer questions on how personal information such as social security numbers and credit card data is being used, by whom, at what time, and for what purpose. | ||
+ | |||
+ | The Identity Governance Framework is designed to allow: (1) application developers to build applications that access identity-related data from a wide range of sources, (2) administrators and deployers to define, enforce, and audit policies concerning the use of identity-related data. As proposed, IGF will have four components: (a) identity attribute service, a service that supports access to many different identity sources and enforces administrative policy (b) CARML: declarative syntax using which clients may specify their attribute requirements, (c) AAPML: declarative syntax which enables providers of identity-related data to express policy on the usage of information, (d) multi-language API (Java, .NET, Perl) for reading and writing identity-related attributes. | ||
== Past Events == | == Past Events == |
Revision as of 16:07, 19 May 2008
OWASP Hartford
Welcome to the Hartford chapter homepage. The chapter leader is James McGovern
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
Sponsors
We would like to thank [Ounce Labs], [Forrester Research], [Cigital], [Whitehat Security], [Oracle] and [Microsoft] for their generous support and helping make application security visible...
Upcoming Events
Agenda: Wednesday, June 11th 2008
FOOD & NETWORKING: 5:30 - 5:45 PM
OPENING REMARKS: 5:45 - 6:00 PM James McGovern, Chapter Lead
CARDSPACE AND USER CENTRIC IDENTITY: 6:00 - 6:45 PM Chris Winn, Security Evangelist, Microsoft
IDENTITY GOVERNANCE FRAMEWORK: 6:45 - 7:30 PM Prateek Mishra, Product Manager, Oracle
Q&A and Raffles: 7:30 - 7:45 PM We will be raffling a Microsoft Zune Player, Apparel and Gift certficates to local restaurants
Topics for June
CardSpace and User Centric Identity The CardSpace system is a new feature of Windows (XP, Vista and W2K3) that allows users to control their digital identity via the simple and familiar metaphor of a set of cards. When a user wants to access a web site or web service, rather than provide their username and password, they select a virtual card from a special, security-hardened UI - much like you would select a physical card from your wallet or handbag to identify yourself. This Information Card represents the digital identity of the user and enables services to receive all the data they need to authenticate and authorize the user.
Information about the user is provided in a secure and consistent way by Identity Providers such as the users employer, their bank, their government or indeed by the user themselves. The user can determine exactly what information is disclosed and to whom, while the identity provider asserts the validity of that information.
By using standard, interoperable web service protocols - e.g. WS-Security, WS-Trust - and ubiquitous web protocols - e.g. HTTP POST - the CardSpace system is able to provide users with a simple, consistent and secure sign-on experience while developers can add support for Information Cards to their web sites and services very easily, regardless of the platform and tools they choose to use.
Identity Governance Framework Identity governance is an issue of particular importance in today’s society of identity theft and increasing understanding of the importance of privacy. This presentation will outline use cases for defining a framework to help enterprises easily determine and control how identity related information, including Personally Identifiable Information (PII), access entitlements, attributes, etc. are used, stored, and propagated between their systems.
The Identity Governance Framework (IGF) will enable organizations to define enterprise level policies to securely and confidently share sensitive personal information between applications that need such data, without having to compromise on business agility or efficiency. Furthermore, it will ease the burden of documentation and auditing of these controls, allowing organizations to be able to quickly answer questions on how personal information such as social security numbers and credit card data is being used, by whom, at what time, and for what purpose.
The Identity Governance Framework is designed to allow: (1) application developers to build applications that access identity-related data from a wide range of sources, (2) administrators and deployers to define, enforce, and audit policies concerning the use of identity-related data. As proposed, IGF will have four components: (a) identity attribute service, a service that supports access to many different identity sources and enforces administrative policy (b) CARML: declarative syntax using which clients may specify their attribute requirements, (c) AAPML: declarative syntax which enables providers of identity-related data to express policy on the usage of information, (d) multi-language API (Java, .NET, Perl) for reading and writing identity-related attributes.
Past Events
Agenda: Wednesday, April 30th 2008
OPENING REMARKS: 5:30 - 6:00 PM Alexander Daniels, CO-Chapter Lead
THE IDIOTS GUIDE TO DEVELOPING BAD ENTERPRISE APPLICATIONS AND WORST LOGGING PRACTICES:6:00 - 7:00 PM Anton Chuvakin, Chief Logging Evangelist, LogLogic
KEEPING SECRETS: APPLICATION SECURITY IS A BUSINESS IMPERATIVE: 7:00 - 8:00 PM Jack Danahy, CTO and Founder, Ounce Labs
Agenda: Thursday, February 28th 2008
OPENING REMARKS: 5:30 - 6:00 PM James McGovern, Chapter Lead
HOW WEB 2.0 HAS CHANGED THE LANDSCAPE OF APPLICATION SECURITY: 6:00 - 7:00 PM Chenxi Wang, Principal Analyst at Forrester Research
EXPLOITING ONLINE GAMES: 7:00 - 8:00 PM Gary McGraw, CTO of Cigital
Locations
All meetings are held at The Hartford, One Hartford Plaza, Hartford CT 06115 in our Tower Building. Free parking is available in our Tower Ramp Garage.