Web Security Patterns - Page 10 of 11 - a practitioner's notes on security best practices, pitfalls, sʞɔɐɥ and fixes

Biometrics enabled Single Sign-On (SSO) using SAML

Ramesh November 25, 2006 No Comments

Last week, I was at Biometric Consortium Conference 2006 to present “Biometric Single Sign-On using SAML: Architecture and Design Strategies” and demonstrate one of my favorite topic of interest – Stronger authentication solution that combines “Web Access Management/SSO/Federation” using “Biometrics”. I used my previous JAAS Module integration work between Sun Java System Access Manager 6.x (SunONE Identity Server) and BioBex (Advance Biometric Controls) and then extended it to configure SAML Browser Artifact Profile, that enables SAML based SSO between an IdP (Sun Access Manager) and a J2EE application.

For those curious, here is the link to my presentation….”Biometric Single Sign-On using SAML: Architecture and Design Strategies“.

Enjoy !

Java Security at BU

Ramesh October 17, 2006 No Comments

This week, I had the opportunity to deliver a two-hour indepth session on Java Security Architecture at Boston University. I tried my best to drill-down to the nitty-gitty details of security in Java runtime environment – offcourse, I picked most of the content from my book. It was a long session with a 15-min break..I am glad that I did’nt put any one to sleep :-).

Thanks to Judy Marley (Asst. Dean) and Kristen Furman for extending this opportunity to meet their students pursuing MS Information Security at BU.

Here is my presentation: Demystifying Java Platform Security Architecture

Enjoy.

Apache's Homeland Security – Interesting Pic :-)

Ramesh August 26, 2006 No Comments

Looks like a real pic…not sure it is from Year 1884 ! To my surprise, this pic came through one of my Google search ! I did’nt post to offend our DHS folks 🙂

Security Patterns @Information Security Conf. NY

Ramesh July 2, 2006 No Comments

After long time, last week Chris and I joined together at Newyork for presenting a session on “Security By Default” at “Information Security Conference – 2006”. The overall attendance in the conference was’nt great…. but we did have some participation in our session. Chris and I did’nt forget to have fun especially the good food and drinks at couple of upscale restaurants at NY city. Here is our presentation for your reading pleasure – Security By Default – Patterns-driven Security Design.

Let God bless this Church :-)

Ramesh June 18, 2006 No Comments

Patterns-driven Security Design @ New England JUG

Ramesh June 11, 2006 No Comments

Couple of days ago, I presented “Patterns-driven Security Design” at an event hosted by “New England Java User Group” at Sun Burlington campus.The participants were outstanding, I had quite a lot of good questions…. and by the time I left the building it was 10:00 PM.

It was quite inspiring event as this is first time I presented the complete set of security patterns to a lively audience – who interacted as I flipped thru’ my slides.

I put the slides up here for your on-demand viewing pleasure… Enjoy.

SOA Mythology or Technology…

Ramesh June 6, 2006 No Comments

I had my own share of opportunities to present the SOA architecture for our customers. My friends outside Sun always curious to know – “Is SOA real ? Is it production-ready from a single vendor ? What about those standards ?”. Also, I heard few other interesting phrases about SOA as “Same old architecture”, “SOAP-oriented architecture”…!

Here is my shot on SOA, a presentation which I compiled from several sources. You may download it for your reading pleasure – Service-Oriented Architecture – Overview

I am a CISSP now.

Ramesh March 24, 2006 No Comments

CISSP

Couple of months ago, I went to present “Core Security Patterns” at an SI partner… I was pushed to answer a question, whether obtaining CISSP certifications worths it or not. It was embarrassing to me as I did’nt care to take this exam although my co-author passed this exam a while ago. I rushed to register for this exam with a gut feeling that I will pass this exam. Weeks passed, I forgot that I registered for the exam…. Just two weeks before one of my friend alerted me not to take wild chances as it is not straight forward exam and cautioned me about the evil distracters.

As I don’t want to loose my $500 – I put my head down for a week on ISC2’s official CISSP study guide and glimpsed through the 10 domains. Last week I took the CISSP exam, when I looked at the questions I was a bit nervous to see the multiple-choices are quite devilishly tricky. The results showed up this morning…it turned out, I managed to pass the exam.

Don’t follow my path or advise or even choose to do a last minute walththrough of ISC2 study guide…I would suggest to put a bit more hard work with undivided attention on the study guide and sample questions.

Meet us at JavaRanch

Ramesh January 9, 2006 No Comments

This week, Chris and I will be participating in JavaRanch online discussion forum to share our Core Security Patterns work and answer questions from the JavaRanch developer community particularly those with SECURITY focus. The discussion will start Tuesday, January 10th 2006 and end on Friday January 13th 2006.

As a surprise, We’ll be selecting four random posters in this forum to win a free copy of Core Security Patterns book provided by Prentice Hall PTR.

Review from IEEE Computer Society

Ramesh December 13, 2005 No Comments

Just received a note from one of our editors, highlighting the December 2005 issue of IEEE Computer Society Journal review of “Core Security Patterns” – I would suggest you should see it for your eyes. Here it is: http://csdl2.computer.org/comp/mags/co/2005/12/rz084.pdf