Securing Web Services with CAS Proxy Tickets

539 views
466 views

Published on

A solution implemented at Simon Fraser University to use CAS proxy tickets to provide authorization to web services from thick client web applications.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
539
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Securing Web Services with CAS Proxy Tickets

  1. 1. Securing Web Services Solving the Web Services Security Problem with an XML Gateway June 2010
  2. 2. About Us IT Services - Jeremy Rosenberg / Steve Hillman
  3. 3. • Jeremy Rosenberg Developer in IT services since 2004 Identity management strategy Java Developer About Us IT Services - Jeremy Rosenberg / Steve Hillman
  4. 4. • Jeremy Rosenberg Developer in IT services since 2004 Identity management strategy Java Developer • Steve Hillman IT Architect With IT Services since 1987 Unix infrastructure About Us IT Services - Jeremy Rosenberg / Steve Hillman
  5. 5. About SFU IT Services - Jeremy Rosenberg / Steve Hillman
  6. 6. • Named after famous explorer Simon Fraser 1776 -1862 About SFU IT Services - Jeremy Rosenberg / Steve Hillman
  7. 7. • Named after famous explorer • Opened on September 9, 1965 Simon Fraser 1776 -1862 About SFU IT Services - Jeremy Rosenberg / Steve Hillman
  8. 8. • Named after famous explorer • Opened on September 9, 1965 • One University - Three campuses • Burnaby • Surrey • Vancouver Simon Fraser 1776 -1862 About SFU IT Services - Jeremy Rosenberg / Steve Hillman
  9. 9. • Named after famous explorer • Opened on September 9, 1965 • One University - Three campuses • Burnaby • Surrey • Vancouver • 32,000 students • 900 faculty • 1600 staff • 100,000 alumni Simon Fraser 1776 -1862 About SFU IT Services - Jeremy Rosenberg / Steve Hillman
  10. 10. About This Presentation IT Services - Jeremy Rosenberg / Steve Hillman
  11. 11. • Definitions About This Presentation IT Services - Jeremy Rosenberg / Steve Hillman
  12. 12. • Definitions • XML Security Challenges About This Presentation IT Services - Jeremy Rosenberg / Steve Hillman
  13. 13. • Definitions • XML Security Challenges • About the Layer 7 SecureSpan XML Gateway About This Presentation IT Services - Jeremy Rosenberg / Steve Hillman
  14. 14. • Definitions • XML Security Challenges • About the Layer 7 SecureSpan XML Gateway • Why we chose SecureSpan About This Presentation IT Services - Jeremy Rosenberg / Steve Hillman
  15. 15. • Definitions • XML Security Challenges • About the Layer 7 SecureSpan XML Gateway • Why we chose SecureSpan • A little about Public Keys About This Presentation IT Services - Jeremy Rosenberg / Steve Hillman
  16. 16. • Definitions • XML Security Challenges • About the Layer 7 SecureSpan XML Gateway • Why we chose SecureSpan • A little about Public Keys • Walkthroughs • SOAP • REST About This Presentation IT Services - Jeremy Rosenberg / Steve Hillman
  17. 17. • Definitions • XML Security Challenges • About the Layer 7 SecureSpan XML Gateway • Why we chose SecureSpan • A little about Public Keys • Walkthroughs • SOAP • REST • Questions About This Presentation IT Services - Jeremy Rosenberg / Steve Hillman
  18. 18. •First, A Few Definitions Definitions IT Services - Jeremy Rosenberg / Steve Hillman
  19. 19. Definitions IT Services - Jeremy Rosenberg / Steve Hillman
  20. 20. Web Service: Definitions IT Services - Jeremy Rosenberg / Steve Hillman
  21. 21. Web Service: • An API to a remote procedure Definitions IT Services - Jeremy Rosenberg / Steve Hillman
  22. 22. Web Service: • An API to a remote procedure • Typically accessed over HTTP Definitions IT Services - Jeremy Rosenberg / Steve Hillman
  23. 23. Web Service: • An API to a remote procedure • Typically accessed over HTTP • Machine-to-machine communications Definitions IT Services - Jeremy Rosenberg / Steve Hillman
  24. 24. Web Service: • An API to a remote procedure • Typically accessed over HTTP • Machine-to-machine communications • Allows data source to be loosely coupled to applications Definitions IT Services - Jeremy Rosenberg / Steve Hillman
  25. 25. Web Service: • An API to a remote procedure • Typically accessed over HTTP • Machine-to-machine communications • Allows data source to be loosely coupled to applications • Makes systems reusable Definitions IT Services - Jeremy Rosenberg / Steve Hillman
  26. 26. Web Service: • An API to a remote procedure • Typically accessed over HTTP • Machine-to-machine communications • Allows data source to be loosely coupled to applications • Makes systems reusable • Very popular with Twitter, Facebook, Amazon, etc Definitions IT Services - Jeremy Rosenberg / Steve Hillman
  27. 27. Definitions - SOAP vs REST IT Services - Jeremy Rosenberg / Steve Hillman
  28. 28. •SOAP: Definitions - SOAP vs REST IT Services - Jeremy Rosenberg / Steve Hillman
  29. 29. •SOAP: • XML Message passing protocol Definitions - SOAP vs REST IT Services - Jeremy Rosenberg / Steve Hillman
  30. 30. •SOAP: • XML Message passing protocol • Numerous ‘WS-’ standards Definitions - SOAP vs REST IT Services - Jeremy Rosenberg / Steve Hillman
  31. 31. •SOAP: • XML Message passing protocol • Numerous ‘WS-’ standards • Associated with “Big” Web Services • Most vendor SOA solutions use SOAP Definitions - SOAP vs REST IT Services - Jeremy Rosenberg / Steve Hillman
  32. 32. Definitions - SOAP vs REST IT Services - Jeremy Rosenberg / Steve Hillman
  33. 33. •REST: • URL-addressable objects Definitions - SOAP vs REST IT Services - Jeremy Rosenberg / Steve Hillman
  34. 34. •REST: • URL-addressable objects • “http://maps.google.com/maps/api/geocode/xml? address=Memorial+University,+NL,+CA” Definitions - SOAP vs REST IT Services - Jeremy Rosenberg / Steve Hillman
  35. 35. •REST: • URL-addressable objects • “http://maps.google.com/maps/api/geocode/xml? address=Memorial+University,+NL,+CA” • Accessed and manipulated with standard HTTP GET/POST/PUT/DELETE Definitions - SOAP vs REST IT Services - Jeremy Rosenberg / Steve Hillman
  36. 36. •REST: • URL-addressable objects • “http://maps.google.com/maps/api/geocode/xml? address=Memorial+University,+NL,+CA” • Accessed and manipulated with standard HTTP GET/POST/PUT/DELETE • Lightweight client requirements Definitions - SOAP vs REST IT Services - Jeremy Rosenberg / Steve Hillman
  37. 37. •REST: • URL-addressable objects • “http://maps.google.com/maps/api/geocode/xml? address=Memorial+University,+NL,+CA” • Accessed and manipulated with standard HTTP GET/POST/PUT/DELETE • Lightweight client requirements • Stateless (every request is self-contained) Definitions - SOAP vs REST IT Services - Jeremy Rosenberg / Steve Hillman
  38. 38. •REST: • URL-addressable objects • “http://maps.google.com/maps/api/geocode/xml? address=Memorial+University,+NL,+CA” • Accessed and manipulated with standard HTTP GET/POST/PUT/DELETE • Lightweight client requirements • Stateless (every request is self-contained) • WS- standards are less mature Definitions - SOAP vs REST IT Services - Jeremy Rosenberg / Steve Hillman
  39. 39. ! •Web Services Security Challenges “Put out an A.P.B. on a donut, believed sprinkled.” IT Services - Jeremy Rosenberg / Steve Hillman
  40. 40. Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  41. 41. • Web Services can communicate over many transport protocols Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  42. 42. • Web Services can communicate over many transport protocols • Commonly accessed over web protocols like HTTP Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  43. 43. • Web Services can communicate over many transport protocols • Commonly accessed over web protocols like HTTP • Easy for Web services to bypass traditional firewalls Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  44. 44. • Web Services can communicate over many transport protocols • Commonly accessed over web protocols like HTTP • Easy for Web services to bypass traditional firewalls XML HTTP XML Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  45. 45. Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  46. 46. • XML-based messages can be deliberately or inadvertently malformed Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  47. 47. • • XML-based messages can be deliberately or inadvertently malformed Causes parser or applications to break Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  48. 48. • • • XML-based messages can be deliberately or inadvertently malformed Causes parser or applications to break Creates new XML threats and vulnerabilities. E.g: Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  49. 49. • • • XML-based messages can be deliberately or inadvertently malformed Causes parser or applications to break Creates new XML threats and vulnerabilities. E.g: • XML parameter tampering Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  50. 50. • • • XML-based messages can be deliberately or inadvertently malformed Causes parser or applications to break Creates new XML threats and vulnerabilities. E.g: • XML parameter tampering • XDoS Attacks Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  51. 51. • • • XML-based messages can be deliberately or inadvertently malformed Causes parser or applications to break Creates new XML threats and vulnerabilities. E.g: • XML parameter tampering • XDoS Attacks • Message Replay Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  52. 52. • • • XML-based messages can be deliberately or inadvertently malformed Causes parser or applications to break Creates new XML threats and vulnerabilities. E.g: • XML parameter tampering • XDoS Attacks • Message Replay • Oversized/overdeep XML nodes Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  53. 53. • • • XML-based messages can be deliberately or inadvertently malformed Causes parser or applications to break Creates new XML threats and vulnerabilities. E.g: • XML parameter tampering • XDoS Attacks • Message Replay • Oversized/overdeep XML nodes • Code injection Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  54. 54. Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  55. 55. • Transactions are principally machine-to-machine Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  56. 56. • • Transactions are principally machine-to-machine New thinking around machine-to-machine credentialing Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  57. 57. • • • Transactions are principally machine-to-machine New thinking around machine-to-machine credentialing Login pages won’t work Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  58. 58. Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  59. 59. • Services and clients must agree on security parameters • crypto preferences • standards support Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  60. 60. • Services and clients must agree on security parameters • crypto preferences • standards support • Need for new kinds of policy coordination Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  61. 61. • Services and clients must agree on security parameters • crypto preferences • standards support • Need for new kinds of policy coordination • Incompatibilities have unforeseen consequences Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  62. 62. Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  63. 63. • Web services enable multi-hop composite applications Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  64. 64. • Web services enable multi-hop composite applications • Example: Student on boarding process Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  65. 65. • Web services enable multi-hop composite applications • Example: Student on boarding process • Message level security and audit that can span multihop SOA transactions end-to-end Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  66. 66. Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  67. 67. Web services expose business functionality through open APIs, requiring new application-aware security measures. Web Services Security Challenges IT Services - Jeremy Rosenberg / Steve Hillman
  68. 68. SecureSpan XML Gateway IT Services - Jeremy Rosenberg / Steve Hillman
  69. 69. • Enter the XML Gateway SecureSpan XML Gateway IT Services - Jeremy Rosenberg / Steve Hillman
  70. 70. SecureSpan XML Gateway IT Services - Jeremy Rosenberg / Steve Hillman
  71. 71. XML Gateway - What it does IT Services - Jeremy Rosenberg / Steve Hillman
  72. 72. • Parses all Inbound and outbound XML messages XML Gateway - What it does IT Services - Jeremy Rosenberg / Steve Hillman
  73. 73. • Parses all Inbound and outbound XML messages • Inspection and modification of XML messages XML Gateway - What it does IT Services - Jeremy Rosenberg / Steve Hillman
  74. 74. • Parses all Inbound and outbound XML messages • Inspection and modification of XML messages • Replace “Username” value in inbound XML message with value extracted from client certificate • Prevent spoofing XML Gateway - What it does IT Services - Jeremy Rosenberg / Steve Hillman
  75. 75. • Parses all Inbound and outbound XML messages • Inspection and modification of XML messages • Replace “Username” value in inbound XML message with value extracted from client certificate • Prevent spoofing • Blank-out Student Number value in outbound XML messages • Prevent accidental leakage of confidential info XML Gateway - What it does IT Services - Jeremy Rosenberg / Steve Hillman
  76. 76. XML Gateway IT Services - Jeremy Rosenberg / Steve Hillman
  77. 77. • Thwart attacks XML Gateway IT Services - Jeremy Rosenberg / Steve Hillman
  78. 78. • Thwart attacks • Prevent malicious and inadvertent XML attacks XML Gateway IT Services - Jeremy Rosenberg / Steve Hillman
  79. 79. • Thwart attacks • Prevent malicious and inadvertent XML attacks • Prevent other not-so-obvious application-level attacks - e.g. SQL injection. • Are you sure every one of your developers sanitizes their inputs? XML Gateway IT Services - Jeremy Rosenberg / Steve Hillman
  80. 80. Benefits IT Services - Jeremy Rosenberg / Steve Hillman
  81. 81. • Single point-of-entry for Web Services means: Benefits IT Services - Jeremy Rosenberg / Steve Hillman
  82. 82. • Single point-of-entry for Web Services means: • Do rate-control/throttling/queueing to enforce SLAs Benefits IT Services - Jeremy Rosenberg / Steve Hillman
  83. 83. • Single point-of-entry for Web Services means: • Do rate-control/throttling/queueing to enforce SLAs • Standardized logging of all access Benefits IT Services - Jeremy Rosenberg / Steve Hillman
  84. 84. • Single point-of-entry for Web Services means: • Do rate-control/throttling/queueing to enforce SLAs • Standardized logging of all access • Auditing Benefits IT Services - Jeremy Rosenberg / Steve Hillman
  85. 85. • Single point-of-entry for Web Services means: • Do rate-control/throttling/queueing to enforce SLAs • Standardized logging of all access • Auditing • Centrally enforced policies Benefits IT Services - Jeremy Rosenberg / Steve Hillman
  86. 86. • Single point-of-entry for Web Services means: • Do rate-control/throttling/queueing to enforce SLAs • Standardized logging of all access • Auditing • Centrally enforced policies • Reusable rich set of authentication mechanisms Benefits IT Services - Jeremy Rosenberg / Steve Hillman
  87. 87. • Single point-of-entry for Web Services means: • Do rate-control/throttling/queueing to enforce SLAs • Standardized logging of all access • Auditing • Centrally enforced policies • Reusable rich set of authentication mechanisms • Managed by the Infrastructure team on behalf of all Web Services development groups Benefits IT Services - Jeremy Rosenberg / Steve Hillman
  88. 88. Why We Chose Layer7 IT Services - Jeremy Rosenberg / Steve Hillman
  89. 89. • Industry leader in this space Why We Chose Layer7 IT Services - Jeremy Rosenberg / Steve Hillman
  90. 90. • Industry leader in this space • Very responsive Why We Chose Layer7 IT Services - Jeremy Rosenberg / Steve Hillman
  91. 91. • Industry leader in this space • Very responsive • Available as either hard or soft appliance Why We Chose Layer7 IT Services - Jeremy Rosenberg / Steve Hillman
  92. 92. • • • • Industry leader in this space Very responsive Available as either hard or soft appliance Extensible using Java. We have Java experts. Why We Chose Layer7 IT Services - Jeremy Rosenberg / Steve Hillman
  93. 93. • • • • • Industry leader in this space Very responsive Available as either hard or soft appliance Extensible using Java. We have Java experts. Supports every standard known to Man Why We Chose Layer7 IT Services - Jeremy Rosenberg / Steve Hillman
  94. 94. Standards IT Services - Jeremy Rosenberg / Steve Hillman
  95. 95. XML 1.0 SOAP 1.2 REST AJAX XPath 1.0 XSLT 1.0 WSDL 1.1 XML Schema LDAP 3.0 SAML 1.1/2.0 PKCS #10 X.509 v3 Certificates FIPS 140-2 Kerberos W3C XML Signature 1.0 W3C XML Encryption 1.0 SSL/TLS 3.0/1.1 SNMP SMTP POP3 IMAP4 HTTP/HTTPS JMS 1.0 MQ Series Tibco EMS FTP WS-Security 1.1 WS-Trust 1.0 Standards IT Services - Jeremy Rosenberg / Steve Hillman WS-Federation WS-Addressing WSSecureConversation WS-MetadataExchange WS-Policy WS-SecurityPolicy WS-PolicyAttachment WS-SecureExchange WSIL WS-I WS-I BSP UDDI 3.0 XACML 2.0 MTOM
  96. 96. The Gateway Changes Everything IT Services - Jeremy Rosenberg / Steve Hillman
  97. 97. SOAP Security - Cowboy Style IT Services - Jeremy Rosenberg / Steve Hillman
  98. 98. SOAP Security - Cowboy Style IT Services - Jeremy Rosenberg / Steve Hillman
  99. 99. SOAP Security - Cowboy Style IT Services - Jeremy Rosenberg / Steve Hillman
  100. 100. SOAP Security - Cowboy Style IT Services - Jeremy Rosenberg / Steve Hillman
  101. 101. SOAP Security - Cowboy Style IT Services - Jeremy Rosenberg / Steve Hillman
  102. 102. SOAP Security - Cowboy Style IT Services - Jeremy Rosenberg / Steve Hillman
  103. 103. SOAP Security - Cowboy Style IT Services - Jeremy Rosenberg / Steve Hillman
  104. 104. SOAP Security - Cowboy Style IT Services - Jeremy Rosenberg / Steve Hillman
  105. 105. About DNPKI IT Services - Jeremy Rosenberg / Steve Hillman
  106. 106. Definitely Not a Public Key Infrastructure (DNPKI) About DNPKI IT Services - Jeremy Rosenberg / Steve Hillman
  107. 107. Definitely Not a Public Key Infrastructure (DNPKI) • Named out of frustration with the phrase: • “Cool we have PKI now” About DNPKI IT Services - Jeremy Rosenberg / Steve Hillman
  108. 108. Definitely Not a Public Key Infrastructure (DNPKI) • Named out of frustration with the phrase: • “Cool we have PKI now” • Needed a way to manage X.509 certificates for: • https client certificate authentication • WS-Security Signature Authentication About DNPKI IT Services - Jeremy Rosenberg / Steve Hillman
  109. 109. Definitely Not a Public Key Infrastructure (DNPKI) • Named out of frustration with the phrase: • “Cool we have PKI now” • Needed a way to manage X.509 certificates for: • https client certificate authentication • WS-Security Signature Authentication • Store and push RSA public keys into LDAP About DNPKI IT Services - Jeremy Rosenberg / Steve Hillman
  110. 110. Definitely Not a Public Key Infrastructure (DNPKI) • Named out of frustration with the phrase: • “Cool we have PKI now” • Needed a way to manage X.509 certificates for: • https client certificate authentication • WS-Security Signature Authentication • Store and push RSA public keys into LDAP • Ability to de-provision certificate access About DNPKI IT Services - Jeremy Rosenberg / Steve Hillman
  111. 111. Definitely Not a Public Key Infrastructure (DNPKI) • Named out of frustration with the phrase: • “Cool we have PKI now” • Needed a way to manage X.509 certificates for: • https client certificate authentication • WS-Security Signature Authentication • Store and push RSA public keys into LDAP • Ability to de-provision certificate access • Leveraged existing IdM architecture About DNPKI IT Services - Jeremy Rosenberg / Steve Hillman
  112. 112. About DNPKI IT Services - Jeremy Rosenberg / Steve Hillman
  113. 113. About DNPKI IT Services - Jeremy Rosenberg / Steve Hillman
  114. 114. About DNPKI IT Services - Jeremy Rosenberg / Steve Hillman
  115. 115. About DNPKI IT Services - Jeremy Rosenberg / Steve Hillman
  116. 116. About DNPKI IT Services - Jeremy Rosenberg / Steve Hillman
  117. 117. About DNPKI IT Services - Jeremy Rosenberg / Steve Hillman
  118. 118. About DNPKI IT Services - Jeremy Rosenberg / Steve Hillman
  119. 119. About DNPKI IT Services - Jeremy Rosenberg / Steve Hillman
  120. 120. About DNPKI IT Services - Jeremy Rosenberg / Steve Hillman
  121. 121. SOAP Security - Best Practices IT Services - Jeremy Rosenberg / Steve Hillman
  122. 122. SOAP Security - Best Practices IT Services - Jeremy Rosenberg / Steve Hillman
  123. 123. SOAP Security - Best Practices IT Services - Jeremy Rosenberg / Steve Hillman
  124. 124. SOAP Security - Best Practices IT Services - Jeremy Rosenberg / Steve Hillman
  125. 125. SOAP Security - Best Practices IT Services - Jeremy Rosenberg / Steve Hillman
  126. 126. SOAP Security - Best Practices IT Services - Jeremy Rosenberg / Steve Hillman
  127. 127. SOAP Security - Best Practices IT Services - Jeremy Rosenberg / Steve Hillman
  128. 128. SOAP Security - Best Practices IT Services - Jeremy Rosenberg / Steve Hillman
  129. 129. SOAP Security - Best Practices IT Services - Jeremy Rosenberg / Steve Hillman
  130. 130. SOAP Security - Best Practices IT Services - Jeremy Rosenberg / Steve Hillman
  131. 131. SOAP Security - Best Practices IT Services - Jeremy Rosenberg / Steve Hillman
  132. 132. SOAP Security - Best Practices IT Services - Jeremy Rosenberg / Steve Hillman
  133. 133. SOAP Security - Best Practices IT Services - Jeremy Rosenberg / Steve Hillman
  134. 134. Gateway SOAP Assertions IT Services - Jeremy Rosenberg / Steve Hillman
  135. 135. Gateway SOAP Assertions IT Services - Jeremy Rosenberg / Steve Hillman
  136. 136. Gateway SOAP Assertions IT Services - Jeremy Rosenberg / Steve Hillman
  137. 137. Gateway SOAP Assertions IT Services - Jeremy Rosenberg / Steve Hillman
  138. 138. Gateway SOAP Assertions IT Services - Jeremy Rosenberg / Steve Hillman
  139. 139. Gateway SOAP Assertions IT Services - Jeremy Rosenberg / Steve Hillman
  140. 140. Gateway SOAP Assertions IT Services - Jeremy Rosenberg / Steve Hillman
  141. 141. The Zimbra Conundrum IT Services - Jeremy Rosenberg / Steve Hillman
  142. 142. The Zimbra Conundrum IT Services - Jeremy Rosenberg / Steve Hillman
  143. 143. The Zimbra Conundrum IT Services - Jeremy Rosenberg / Steve Hillman
  144. 144. .../courses?user=me The Zimbra Conundrum IT Services - Jeremy Rosenberg / Steve Hillman
  145. 145. .../courses?user=me The Zimbra Conundrum IT Services - Jeremy Rosenberg / Steve Hillman
  146. 146. .../courses?user=notme The Zimbra Conundrum IT Services - Jeremy Rosenberg / Steve Hillman
  147. 147. .../courses?user=notme The Zimbra Conundrum IT Services - Jeremy Rosenberg / Steve Hillman
  148. 148. REST Security that Never Rests IT Services - Jeremy Rosenberg / Steve Hillman
  149. 149. REST Security that Never Rests IT Services - Jeremy Rosenberg / Steve Hillman
  150. 150. REST Security that Never Rests IT Services - Jeremy Rosenberg / Steve Hillman
  151. 151. REST Security that Never Rests IT Services - Jeremy Rosenberg / Steve Hillman
  152. 152. REST Security that Never Rests IT Services - Jeremy Rosenberg / Steve Hillman
  153. 153. REST Security that Never Rests IT Services - Jeremy Rosenberg / Steve Hillman
  154. 154. REST Security that Never Rests IT Services - Jeremy Rosenberg / Steve Hillman
  155. 155. REST Security that Never Rests IT Services - Jeremy Rosenberg / Steve Hillman
  156. 156. REST Security that Never Rests IT Services - Jeremy Rosenberg / Steve Hillman
  157. 157. Gateway REST Assertions IT Services - Jeremy Rosenberg / Steve Hillman
  158. 158. Gateway REST Assertions IT Services - Jeremy Rosenberg / Steve Hillman
  159. 159. Gateway REST Assertions IT Services - Jeremy Rosenberg / Steve Hillman
  160. 160. Gateway REST Assertions IT Services - Jeremy Rosenberg / Steve Hillman
  161. 161. Gateway REST Assertions IT Services - Jeremy Rosenberg / Steve Hillman
  162. 162. Gateway REST Assertions IT Services - Jeremy Rosenberg / Steve Hillman
  163. 163. Gateway REST Assertions IT Services - Jeremy Rosenberg / Steve Hillman
  164. 164. Lessons Learned IT Services - Jeremy Rosenberg / Steve Hillman
  165. 165. • Security is an enabler Lessons Learned IT Services - Jeremy Rosenberg / Steve Hillman
  166. 166. • Security is an enabler • Stick to standards where possible Lessons Learned IT Services - Jeremy Rosenberg / Steve Hillman
  167. 167. • Security is an enabler • Stick to standards where possible • A good vendor is huge Lessons Learned IT Services - Jeremy Rosenberg / Steve Hillman
  168. 168. • Security is an enabler • Stick to standards where possible • A good vendor is huge • Start small • Control the service and consumer Lessons Learned IT Services - Jeremy Rosenberg / Steve Hillman
  169. 169. • Security is an enabler • Stick to standards where possible • A good vendor is huge • Start small • Control the service and consumer • Security can be fun! Lessons Learned IT Services - Jeremy Rosenberg / Steve Hillman
  170. 170. Thank You ! rosenberg@sfu.ca! hillman@sfu.ca ! THANK YOU IT Services - Jeremy Rosenberg / Steve Hillman

×