This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
SnowFROC Abstract Neucom
The Presentation: Security Policy Management: Best Practices for Web Services and Application Security
A policy driven approach is fundamental to the secure deployment of web services and applications in today's environment. In a service oriented architecture, the goals established and driven by the business need to be consistent with corporate security policies and standards followed by IT operations. To achieve those goals, a unified security policy management approach should be considered to enable secure access to web services and applications. This session will discuss a standards-based (XACML, WS-SecurityPolicy) security policy management approach and the key set of requirements to enable web-services and application security. It will cover the high-level architectural requirements to enable organizations to safely externalize security from the web services and applications. The session will also discuss a case study of how a standards based, unified policy management and enforcement can address authentication, identity propagation, coarse-and fine-grained authorization security requirements and enable clients to demonstrate compliance in a loosely coupled, heterogeneous IT environment.
The Speaker: Ray Neucom
Ray Neucom is a Senior Security Architect with IBM. He has been actively involved in application security deployments for fortune 500 companies over the last 10 years. He has also been instrumental in helping IBM develop software solutions for application and web services security. Ray is currently providing technical enablement to IBM, worldwide, on application security.