Catalyst 2005 – Day Three
This morning’s sessions are "cross
cut" sessions – spanning multiple tracks. I attended the Application Security
session.
Dan
Blum, Senior VP, Group Research Director, Burton Group – Application
Security Strategies: Aligning Developer Needs and Security Imperatives
- Services Oriented Architectures, which are more than Web Services, should
be good for application security, becase SOA’s require disciplined governance. - Use a systematic, comprehensive approach to application security.
Ann
Thomas Manes, VP, Research Director, Burton Group – Security
in an SOA World
- The goal of SOA is to increase business agility and keep up with business
change. - SOA is more than web services. SOA may be implemented using web services,
but governance is paramount. - SOA is more about behavior than technology
- SOA will have a challenging adoption path for any enterprise
- Use Identity-based security throughout
Brook Schoenfield, Senior Security Architect Cisco Systems,
Inc. – From Web Services to Service Oriented Architectures
- Trust establishment is a currently a manual process that must be in place
before web services interaction - Trust establishment is currently blocking the promise of web services
- He proposed automation of trust establishment between enterprises, using
a trusted third party, modeled after the credit card infrastructure.
Nick
Nikols, Analyst, Burton Group – Leveraging Identity for Application
Security
- Identity management is becoming a basis for improving application security
- Identity services will facilitate the consumption of identity by applications
and services - The value of Identity increases with broader integration
Diana
Kelley, Senior Analyst, Burton Group – Application Security:
Everybody’s Problem
- Security awareness and methods must be an integral part of the entire Software
Development Life Cycle - Build security into applications using both process and technology
- Robust software begins with well defined requirements and thoughtful design
- Take a realistic, process based approach to software quality
Arthur Mateo, Founder and VP of Products, Service Integrity – SOA Transparency
Facilitates Security & Regulatory Compliance
- SOA promises agility and adaptability
- Transparent SOA Fastest Way to Compliance
- Need to see, understand and act in real-time for SOA Transparency
- Monitoring services should be an integral part of SOA
Note: A computer malfunction that occured during the
conference prevented me from posting this blog entry until Tuesday, July 19th.
Tag: Identity