Upload
jeremy-rosenberg
View
231
Download
2
Embed Size (px)
DESCRIPTION
A solution implemented at Simon Fraser University to use CAS proxy tickets to provide authorization to web services from thick client web applications.
Citation preview
June 2010
Securing Web ServicesSolving the Web Services Security Problem with an XML Gateway
IT Services - Jeremy Rosenberg / Steve Hillman
About Us
IT Services - Jeremy Rosenberg / Steve Hillman
About Us
• Jeremy Rosenberg Developer in IT services since 2004 Identity management strategy Java Developer
IT Services - Jeremy Rosenberg / Steve Hillman
About Us
• Jeremy Rosenberg Developer in IT services since 2004 Identity management strategy Java Developer
• Steve HillmanIT ArchitectWith IT Services since 1987Unix infrastructure
IT Services - Jeremy Rosenberg / Steve Hillman
About SFU
IT Services - Jeremy Rosenberg / Steve Hillman
About SFU
• Named after famous explorer
Simon Fraser 1776 -1862
IT Services - Jeremy Rosenberg / Steve Hillman
About SFU
• Named after famous explorer • Opened on September 9, 1965
Simon Fraser 1776 -1862
IT Services - Jeremy Rosenberg / Steve Hillman
About SFU
• Named after famous explorer • Opened on September 9, 1965• One University - Three campuses
• Burnaby• Surrey• Vancouver
Simon Fraser 1776 -1862
IT Services - Jeremy Rosenberg / Steve Hillman
About SFU
• Named after famous explorer • Opened on September 9, 1965• One University - Three campuses
• Burnaby• Surrey• Vancouver
• 32,000 students • 900 faculty• 1600 staff• 100,000 alumni Simon Fraser
1776 -1862
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions• XML Security Challenges
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions• XML Security Challenges• About the Layer 7 SecureSpan XML Gateway
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions• XML Security Challenges• About the Layer 7 SecureSpan XML Gateway• Why we chose SecureSpan
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions• XML Security Challenges• About the Layer 7 SecureSpan XML Gateway• Why we chose SecureSpan• A little about Public Keys
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions• XML Security Challenges• About the Layer 7 SecureSpan XML Gateway• Why we chose SecureSpan• A little about Public Keys• Walkthroughs
• SOAP• REST
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions• XML Security Challenges• About the Layer 7 SecureSpan XML Gateway• Why we chose SecureSpan• A little about Public Keys• Walkthroughs
• SOAP• REST
• Questions
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
•First, A Few Definitions
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:• An API to a remote procedure
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:• An API to a remote procedure• Typically accessed over HTTP
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:• An API to a remote procedure• Typically accessed over HTTP• Machine-to-machine communications
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:• An API to a remote procedure• Typically accessed over HTTP• Machine-to-machine communications • Allows data source to be loosely coupled to
applications
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:• An API to a remote procedure• Typically accessed over HTTP• Machine-to-machine communications • Allows data source to be loosely coupled to
applications• Makes systems reusable
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:• An API to a remote procedure• Typically accessed over HTTP• Machine-to-machine communications • Allows data source to be loosely coupled to
applications• Makes systems reusable• Very popular with Twitter, Facebook, Amazon, etc
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•SOAP:
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•SOAP:• XML Message passing protocol
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•SOAP:• XML Message passing protocol • Numerous ‘WS-’ standards
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•SOAP:• XML Message passing protocol • Numerous ‘WS-’ standards• Associated with “Big” Web Services
• Most vendor SOA solutions use SOAP
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•REST:
• URL-addressable objects
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•REST:
• URL-addressable objects• “http://maps.google.com/maps/api/geocode/xml?address=Memorial+University,+NL,+CA”
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•REST:
• URL-addressable objects• “http://maps.google.com/maps/api/geocode/xml?address=Memorial+University,+NL,+CA”
• Accessed and manipulated with standard HTTP GET/POST/PUT/DELETE
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•REST:
• URL-addressable objects• “http://maps.google.com/maps/api/geocode/xml?address=Memorial+University,+NL,+CA”
• Accessed and manipulated with standard HTTP GET/POST/PUT/DELETE
• Lightweight client requirements
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•REST:
• URL-addressable objects• “http://maps.google.com/maps/api/geocode/xml?address=Memorial+University,+NL,+CA”
• Accessed and manipulated with standard HTTP GET/POST/PUT/DELETE
• Lightweight client requirements• Stateless (every request is self-contained)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•REST:
• URL-addressable objects• “http://maps.google.com/maps/api/geocode/xml?address=Memorial+University,+NL,+CA”
• Accessed and manipulated with standard HTTP GET/POST/PUT/DELETE
• Lightweight client requirements• Stateless (every request is self-contained)• WS- standards are less mature
IT Services - Jeremy Rosenberg / Steve Hillman
“Put out an A.P.B. on a donut, believed sprinkled.”
!•Web Services Security Challenges
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web Services can communicate over many transport protocols
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web Services can communicate over many transport protocols• Commonly accessed over web protocols like HTTP
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web Services can communicate over many transport protocols• Commonly accessed over web protocols like HTTP• Easy for Web services to bypass traditional firewalls
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web Services can communicate over many transport protocols• Commonly accessed over web protocols like HTTP• Easy for Web services to bypass traditional firewalls
XMLHTTP
XML
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break• Creates new XML threats and
vulnerabilities. E.g:
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break• Creates new XML threats and
vulnerabilities. E.g:• XML parameter tampering
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break• Creates new XML threats and
vulnerabilities. E.g:• XML parameter tampering• XDoS Attacks
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break• Creates new XML threats and
vulnerabilities. E.g:• XML parameter tampering• XDoS Attacks• Message Replay
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break• Creates new XML threats and
vulnerabilities. E.g:• XML parameter tampering• XDoS Attacks• Message Replay• Oversized/overdeep XML nodes
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break• Creates new XML threats and
vulnerabilities. E.g:• XML parameter tampering• XDoS Attacks• Message Replay• Oversized/overdeep XML nodes• Code injection
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Transactions are principally machine-to-machine
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Transactions are principally machine-to-machine • New thinking around machine-to-machine credentialing
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Transactions are principally machine-to-machine • New thinking around machine-to-machine credentialing • Login pages won’t work
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Services and clients must agree on security parameters• crypto preferences• standards support
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Services and clients must agree on security parameters• crypto preferences• standards support
• Need for new kinds of policy coordination
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Services and clients must agree on security parameters• crypto preferences• standards support
• Need for new kinds of policy coordination• Incompatibilities have unforeseen consequences
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web services enable multi-hop composite applications
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web services enable multi-hop composite applications• Example: Student on boarding process
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web services enable multi-hop composite applications• Example: Student on boarding process• Message level security and audit that can span multi-
hop SOA transactions end-to-end
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
Web services expose business functionality through open APIs, requiring new application-aware security measures.
IT Services - Jeremy Rosenberg / Steve Hillman
SecureSpan XML Gateway
IT Services - Jeremy Rosenberg / Steve Hillman
SecureSpan XML Gateway
• Enter the XML Gateway
IT Services - Jeremy Rosenberg / Steve Hillman
SecureSpan XML Gateway
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway - What it does
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway - What it does
• Parses all Inbound and outbound XML messages
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway - What it does
• Parses all Inbound and outbound XML messages• Inspection and modification of XML messages
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway - What it does
• Parses all Inbound and outbound XML messages• Inspection and modification of XML messages
• Replace “Username” value in inbound XML message with value extracted from client certificate• Prevent spoofing
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway - What it does
• Parses all Inbound and outbound XML messages• Inspection and modification of XML messages
• Replace “Username” value in inbound XML message with value extracted from client certificate• Prevent spoofing
• Blank-out Student Number value in outbound XML messages • Prevent accidental leakage of confidential info
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway
• Thwart attacks
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway
• Thwart attacks• Prevent malicious and inadvertent XML attacks
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway
• Thwart attacks• Prevent malicious and inadvertent XML attacks• Prevent other not-so-obvious application-level
attacks - e.g. SQL injection. • Are you sure every one of your developers
sanitizes their inputs?
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:• Do rate-control/throttling/queueing to enforce SLAs
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:• Do rate-control/throttling/queueing to enforce SLAs• Standardized logging of all access
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:• Do rate-control/throttling/queueing to enforce SLAs• Standardized logging of all access• Auditing
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:• Do rate-control/throttling/queueing to enforce SLAs• Standardized logging of all access• Auditing • Centrally enforced policies
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:• Do rate-control/throttling/queueing to enforce SLAs• Standardized logging of all access• Auditing • Centrally enforced policies • Reusable rich set of authentication mechanisms
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:• Do rate-control/throttling/queueing to enforce SLAs• Standardized logging of all access• Auditing • Centrally enforced policies • Reusable rich set of authentication mechanisms • Managed by the Infrastructure team on behalf of all
Web Services development groups
IT Services - Jeremy Rosenberg / Steve Hillman
Why We Chose Layer7
IT Services - Jeremy Rosenberg / Steve Hillman
Why We Chose Layer7
• Industry leader in this space
IT Services - Jeremy Rosenberg / Steve Hillman
Why We Chose Layer7
• Industry leader in this space• Very responsive
IT Services - Jeremy Rosenberg / Steve Hillman
Why We Chose Layer7
• Industry leader in this space• Very responsive• Available as either hard or soft appliance
IT Services - Jeremy Rosenberg / Steve Hillman
Why We Chose Layer7
• Industry leader in this space• Very responsive• Available as either hard or soft appliance • Extensible using Java. We have Java experts.
IT Services - Jeremy Rosenberg / Steve Hillman
Why We Chose Layer7
• Industry leader in this space• Very responsive• Available as either hard or soft appliance • Extensible using Java. We have Java experts.• Supports every standard known to Man
IT Services - Jeremy Rosenberg / Steve Hillman
Standards
IT Services - Jeremy Rosenberg / Steve Hillman
Standards
XML 1.0SOAP 1.2RESTAJAXXPath 1.0XSLT 1.0WSDL 1.1XML SchemaLDAP 3.0SAML 1.1/2.0PKCS #10X.509 v3 CertificatesFIPS 140-2Kerberos
W3C XML Signature 1.0W3C XML Encryption 1.0SSL/TLS 3.0/1.1SNMPSMTPPOP3IMAP4HTTP/HTTPSJMS 1.0MQ SeriesTibco EMSFTPWS-Security 1.1WS-Trust 1.0
WS-FederationWS-AddressingWSSecureConversationWS-MetadataExchangeWS-PolicyWS-SecurityPolicyWS-PolicyAttachmentWS-SecureExchangeWSILWS-IWS-I BSPUDDI 3.0XACML 2.0MTOM
IT Services - Jeremy Rosenberg / Steve Hillman
The Gateway Changes Everything
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
Definitely Not a Public Key Infrastructure (DNPKI)
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
Definitely Not a Public Key Infrastructure (DNPKI)• Named out of frustration with the phrase:
• “Cool we have PKI now”
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
Definitely Not a Public Key Infrastructure (DNPKI)• Named out of frustration with the phrase:
• “Cool we have PKI now”• Needed a way to manage X.509 certificates for:
• https client certificate authentication• WS-Security Signature Authentication
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
Definitely Not a Public Key Infrastructure (DNPKI)• Named out of frustration with the phrase:
• “Cool we have PKI now”• Needed a way to manage X.509 certificates for:
• https client certificate authentication• WS-Security Signature Authentication
• Store and push RSA public keys into LDAP
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
Definitely Not a Public Key Infrastructure (DNPKI)• Named out of frustration with the phrase:
• “Cool we have PKI now”• Needed a way to manage X.509 certificates for:
• https client certificate authentication• WS-Security Signature Authentication
• Store and push RSA public keys into LDAP• Ability to de-provision certificate access
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
Definitely Not a Public Key Infrastructure (DNPKI)• Named out of frustration with the phrase:
• “Cool we have PKI now”• Needed a way to manage X.509 certificates for:
• https client certificate authentication• WS-Security Signature Authentication
• Store and push RSA public keys into LDAP• Ability to de-provision certificate access • Leveraged existing IdM architecture
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
.../courses?user=me
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
.../courses?user=me
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
.../courses?user=notme
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
.../courses?user=notme
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
IT Services - Jeremy Rosenberg / Steve Hillman
Lessons Learned
IT Services - Jeremy Rosenberg / Steve Hillman
Lessons Learned
• Security is an enabler
IT Services - Jeremy Rosenberg / Steve Hillman
Lessons Learned
• Security is an enabler• Stick to standards where possible
IT Services - Jeremy Rosenberg / Steve Hillman
Lessons Learned
• Security is an enabler• Stick to standards where possible• A good vendor is huge
IT Services - Jeremy Rosenberg / Steve Hillman
Lessons Learned
• Security is an enabler• Stick to standards where possible• A good vendor is huge• Start small
• Control the service and consumer
IT Services - Jeremy Rosenberg / Steve Hillman
Lessons Learned
• Security is an enabler• Stick to standards where possible• A good vendor is huge• Start small
• Control the service and consumer• Security can be fun!
IT Services - Jeremy Rosenberg / Steve Hillman
THANK YOU
Thank You !
[email protected][email protected]
!