Securing Web Services with CAS Proxy Tickets
-
Upload
jeremy-rosenberg -
Category
Technology
-
view
231 -
download
2
description
Transcript of Securing Web Services with CAS Proxy Tickets
June 2010
Securing Web ServicesSolving the Web Services Security Problem with an XML Gateway
IT Services - Jeremy Rosenberg / Steve Hillman
About Us
IT Services - Jeremy Rosenberg / Steve Hillman
About Us
• Jeremy Rosenberg Developer in IT services since 2004 Identity management strategy Java Developer
IT Services - Jeremy Rosenberg / Steve Hillman
About Us
• Jeremy Rosenberg Developer in IT services since 2004 Identity management strategy Java Developer
• Steve HillmanIT ArchitectWith IT Services since 1987Unix infrastructure
IT Services - Jeremy Rosenberg / Steve Hillman
About SFU
IT Services - Jeremy Rosenberg / Steve Hillman
About SFU
• Named after famous explorer
Simon Fraser 1776 -1862
IT Services - Jeremy Rosenberg / Steve Hillman
About SFU
• Named after famous explorer • Opened on September 9, 1965
Simon Fraser 1776 -1862
IT Services - Jeremy Rosenberg / Steve Hillman
About SFU
• Named after famous explorer • Opened on September 9, 1965• One University - Three campuses
• Burnaby• Surrey• Vancouver
Simon Fraser 1776 -1862
IT Services - Jeremy Rosenberg / Steve Hillman
About SFU
• Named after famous explorer • Opened on September 9, 1965• One University - Three campuses
• Burnaby• Surrey• Vancouver
• 32,000 students • 900 faculty• 1600 staff• 100,000 alumni Simon Fraser
1776 -1862
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions• XML Security Challenges
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions• XML Security Challenges• About the Layer 7 SecureSpan XML Gateway
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions• XML Security Challenges• About the Layer 7 SecureSpan XML Gateway• Why we chose SecureSpan
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions• XML Security Challenges• About the Layer 7 SecureSpan XML Gateway• Why we chose SecureSpan• A little about Public Keys
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions• XML Security Challenges• About the Layer 7 SecureSpan XML Gateway• Why we chose SecureSpan• A little about Public Keys• Walkthroughs
• SOAP• REST
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions• XML Security Challenges• About the Layer 7 SecureSpan XML Gateway• Why we chose SecureSpan• A little about Public Keys• Walkthroughs
• SOAP• REST
• Questions
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
•First, A Few Definitions
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:• An API to a remote procedure
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:• An API to a remote procedure• Typically accessed over HTTP
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:• An API to a remote procedure• Typically accessed over HTTP• Machine-to-machine communications
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:• An API to a remote procedure• Typically accessed over HTTP• Machine-to-machine communications • Allows data source to be loosely coupled to
applications
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:• An API to a remote procedure• Typically accessed over HTTP• Machine-to-machine communications • Allows data source to be loosely coupled to
applications• Makes systems reusable
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:• An API to a remote procedure• Typically accessed over HTTP• Machine-to-machine communications • Allows data source to be loosely coupled to
applications• Makes systems reusable• Very popular with Twitter, Facebook, Amazon, etc
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•SOAP:
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•SOAP:• XML Message passing protocol
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•SOAP:• XML Message passing protocol • Numerous ‘WS-’ standards
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•SOAP:• XML Message passing protocol • Numerous ‘WS-’ standards• Associated with “Big” Web Services
• Most vendor SOA solutions use SOAP
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•REST:
• URL-addressable objects
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•REST:
• URL-addressable objects• “http://maps.google.com/maps/api/geocode/xml?address=Memorial+University,+NL,+CA”
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•REST:
• URL-addressable objects• “http://maps.google.com/maps/api/geocode/xml?address=Memorial+University,+NL,+CA”
• Accessed and manipulated with standard HTTP GET/POST/PUT/DELETE
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•REST:
• URL-addressable objects• “http://maps.google.com/maps/api/geocode/xml?address=Memorial+University,+NL,+CA”
• Accessed and manipulated with standard HTTP GET/POST/PUT/DELETE
• Lightweight client requirements
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•REST:
• URL-addressable objects• “http://maps.google.com/maps/api/geocode/xml?address=Memorial+University,+NL,+CA”
• Accessed and manipulated with standard HTTP GET/POST/PUT/DELETE
• Lightweight client requirements• Stateless (every request is self-contained)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•REST:
• URL-addressable objects• “http://maps.google.com/maps/api/geocode/xml?address=Memorial+University,+NL,+CA”
• Accessed and manipulated with standard HTTP GET/POST/PUT/DELETE
• Lightweight client requirements• Stateless (every request is self-contained)• WS- standards are less mature
IT Services - Jeremy Rosenberg / Steve Hillman
“Put out an A.P.B. on a donut, believed sprinkled.”
!•Web Services Security Challenges
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web Services can communicate over many transport protocols
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web Services can communicate over many transport protocols• Commonly accessed over web protocols like HTTP
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web Services can communicate over many transport protocols• Commonly accessed over web protocols like HTTP• Easy for Web services to bypass traditional firewalls
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web Services can communicate over many transport protocols• Commonly accessed over web protocols like HTTP• Easy for Web services to bypass traditional firewalls
XMLHTTP
XML
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break• Creates new XML threats and
vulnerabilities. E.g:
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break• Creates new XML threats and
vulnerabilities. E.g:• XML parameter tampering
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break• Creates new XML threats and
vulnerabilities. E.g:• XML parameter tampering• XDoS Attacks
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break• Creates new XML threats and
vulnerabilities. E.g:• XML parameter tampering• XDoS Attacks• Message Replay
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break• Creates new XML threats and
vulnerabilities. E.g:• XML parameter tampering• XDoS Attacks• Message Replay• Oversized/overdeep XML nodes
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break• Creates new XML threats and
vulnerabilities. E.g:• XML parameter tampering• XDoS Attacks• Message Replay• Oversized/overdeep XML nodes• Code injection
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Transactions are principally machine-to-machine
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Transactions are principally machine-to-machine • New thinking around machine-to-machine credentialing
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Transactions are principally machine-to-machine • New thinking around machine-to-machine credentialing • Login pages won’t work
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Services and clients must agree on security parameters• crypto preferences• standards support
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Services and clients must agree on security parameters• crypto preferences• standards support
• Need for new kinds of policy coordination
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Services and clients must agree on security parameters• crypto preferences• standards support
• Need for new kinds of policy coordination• Incompatibilities have unforeseen consequences
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web services enable multi-hop composite applications
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web services enable multi-hop composite applications• Example: Student on boarding process
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web services enable multi-hop composite applications• Example: Student on boarding process• Message level security and audit that can span multi-
hop SOA transactions end-to-end
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
Web services expose business functionality through open APIs, requiring new application-aware security measures.
IT Services - Jeremy Rosenberg / Steve Hillman
SecureSpan XML Gateway
IT Services - Jeremy Rosenberg / Steve Hillman
SecureSpan XML Gateway
• Enter the XML Gateway
IT Services - Jeremy Rosenberg / Steve Hillman
SecureSpan XML Gateway
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway - What it does
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway - What it does
• Parses all Inbound and outbound XML messages
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway - What it does
• Parses all Inbound and outbound XML messages• Inspection and modification of XML messages
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway - What it does
• Parses all Inbound and outbound XML messages• Inspection and modification of XML messages
• Replace “Username” value in inbound XML message with value extracted from client certificate• Prevent spoofing
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway - What it does
• Parses all Inbound and outbound XML messages• Inspection and modification of XML messages
• Replace “Username” value in inbound XML message with value extracted from client certificate• Prevent spoofing
• Blank-out Student Number value in outbound XML messages • Prevent accidental leakage of confidential info
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway
• Thwart attacks
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway
• Thwart attacks• Prevent malicious and inadvertent XML attacks
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway
• Thwart attacks• Prevent malicious and inadvertent XML attacks• Prevent other not-so-obvious application-level
attacks - e.g. SQL injection. • Are you sure every one of your developers
sanitizes their inputs?
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:• Do rate-control/throttling/queueing to enforce SLAs
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:• Do rate-control/throttling/queueing to enforce SLAs• Standardized logging of all access
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:• Do rate-control/throttling/queueing to enforce SLAs• Standardized logging of all access• Auditing
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:• Do rate-control/throttling/queueing to enforce SLAs• Standardized logging of all access• Auditing • Centrally enforced policies
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:• Do rate-control/throttling/queueing to enforce SLAs• Standardized logging of all access• Auditing • Centrally enforced policies • Reusable rich set of authentication mechanisms
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:• Do rate-control/throttling/queueing to enforce SLAs• Standardized logging of all access• Auditing • Centrally enforced policies • Reusable rich set of authentication mechanisms • Managed by the Infrastructure team on behalf of all
Web Services development groups
IT Services - Jeremy Rosenberg / Steve Hillman
Why We Chose Layer7
IT Services - Jeremy Rosenberg / Steve Hillman
Why We Chose Layer7
• Industry leader in this space
IT Services - Jeremy Rosenberg / Steve Hillman
Why We Chose Layer7
• Industry leader in this space• Very responsive
IT Services - Jeremy Rosenberg / Steve Hillman
Why We Chose Layer7
• Industry leader in this space• Very responsive• Available as either hard or soft appliance
IT Services - Jeremy Rosenberg / Steve Hillman
Why We Chose Layer7
• Industry leader in this space• Very responsive• Available as either hard or soft appliance • Extensible using Java. We have Java experts.
IT Services - Jeremy Rosenberg / Steve Hillman
Why We Chose Layer7
• Industry leader in this space• Very responsive• Available as either hard or soft appliance • Extensible using Java. We have Java experts.• Supports every standard known to Man
IT Services - Jeremy Rosenberg / Steve Hillman
Standards
IT Services - Jeremy Rosenberg / Steve Hillman
Standards
XML 1.0SOAP 1.2RESTAJAXXPath 1.0XSLT 1.0WSDL 1.1XML SchemaLDAP 3.0SAML 1.1/2.0PKCS #10X.509 v3 CertificatesFIPS 140-2Kerberos
W3C XML Signature 1.0W3C XML Encryption 1.0SSL/TLS 3.0/1.1SNMPSMTPPOP3IMAP4HTTP/HTTPSJMS 1.0MQ SeriesTibco EMSFTPWS-Security 1.1WS-Trust 1.0
WS-FederationWS-AddressingWSSecureConversationWS-MetadataExchangeWS-PolicyWS-SecurityPolicyWS-PolicyAttachmentWS-SecureExchangeWSILWS-IWS-I BSPUDDI 3.0XACML 2.0MTOM
IT Services - Jeremy Rosenberg / Steve Hillman
The Gateway Changes Everything
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
Definitely Not a Public Key Infrastructure (DNPKI)
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
Definitely Not a Public Key Infrastructure (DNPKI)• Named out of frustration with the phrase:
• “Cool we have PKI now”
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
Definitely Not a Public Key Infrastructure (DNPKI)• Named out of frustration with the phrase:
• “Cool we have PKI now”• Needed a way to manage X.509 certificates for:
• https client certificate authentication• WS-Security Signature Authentication
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
Definitely Not a Public Key Infrastructure (DNPKI)• Named out of frustration with the phrase:
• “Cool we have PKI now”• Needed a way to manage X.509 certificates for:
• https client certificate authentication• WS-Security Signature Authentication
• Store and push RSA public keys into LDAP
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
Definitely Not a Public Key Infrastructure (DNPKI)• Named out of frustration with the phrase:
• “Cool we have PKI now”• Needed a way to manage X.509 certificates for:
• https client certificate authentication• WS-Security Signature Authentication
• Store and push RSA public keys into LDAP• Ability to de-provision certificate access
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
Definitely Not a Public Key Infrastructure (DNPKI)• Named out of frustration with the phrase:
• “Cool we have PKI now”• Needed a way to manage X.509 certificates for:
• https client certificate authentication• WS-Security Signature Authentication
• Store and push RSA public keys into LDAP• Ability to de-provision certificate access • Leveraged existing IdM architecture
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
.../courses?user=me
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
.../courses?user=me
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
.../courses?user=notme
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
.../courses?user=notme
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Lessons Learned
IT Services - Jeremy Rosenberg / Steve Hillman
Lessons Learned
• Security is an enabler
IT Services - Jeremy Rosenberg / Steve Hillman
Lessons Learned
• Security is an enabler• Stick to standards where possible
IT Services - Jeremy Rosenberg / Steve Hillman
Lessons Learned
• Security is an enabler• Stick to standards where possible• A good vendor is huge
IT Services - Jeremy Rosenberg / Steve Hillman
Lessons Learned
• Security is an enabler• Stick to standards where possible• A good vendor is huge• Start small
• Control the service and consumer
IT Services - Jeremy Rosenberg / Steve Hillman
Lessons Learned
• Security is an enabler• Stick to standards where possible• A good vendor is huge• Start small
• Control the service and consumer• Security can be fun!
IT Services - Jeremy Rosenberg / Steve Hillman
THANK YOU
Thank You !
[email protected][email protected]
!