TECHNOLOGY TRANSFER PRESENTS JOHN KNEILING CREATING XML AND WEB SERVICES SOLUTIONS SECURING THE WEB SERVICES ENVIRONMENT APRIL 3-5, 2006 APRIL 6-7, 2006 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) info@technologytransfer.it www.technologytransfer.it
CREATING XML AND WEB SERVICES SOLUTIONS ABOUT THIS SEMINAR The current revolution in Service-Oriented Architecture Frameworks is being implemented by Web Services, an application development and interoperation approach based on XML. Web Services is a low-cost and rapid alternative to in-house development, integration, and ERP support. Enterprises have already begun to benefit from Web Services applications based on J2EE and.net. This seminar addresses the roles, benefits, and implementation of Web Services and XML, including Business Intelligence, Enterprise Application Integration (EAI), application design, development, and implementation, key technologies, vendors, products, standards, Best Practices, performance factors, testing, and data exchange. This is a real-world seminar illustrated with case studies illustrating solutions that are being used by the most successful companies today. WHAT YOU WILL LEARN How to create XML documents How to manage XML Meta Data How to transform XML and non-xml data How to choose XML Data Servers and other tools How to design Client-side and Server-side XML applications How to embed XML in HTML documents How to integrate applications using XML and Web Services How to choose applications for XML and Web Services implementation How to implement Web Services standards and technologies How to leverage Web Services capabilities of existing software How to develop a Web Services application How to choose Web Services integration and development tools How to integrate Web Services into your IT infrastructure WHO SHOULD ATTEND Information Professionals responsible for Business Intelligence Frameworks IT Professionals who will design or develop Web Services and XML applications Professionals who will create or maintain the Web Services infrastructure or integrate it into the Enterprise Architects who will choose and/or integrate Web Service products, tools, or on-line services
SECURING THE WEB SERVICES ENVIRONMENT ABOUT THIS SEMINAR Security is important for any distributed computing environment. For Web Services, security is even more of a challenge because of the unique characteristics of Web Services applications. In this seminar, delegates examine the various Web Services security schemes being designed and implemented by the industry and in the Business community, where security is always a top priority. This seminar explains how to implement secure Web Services and includes coverage of trust, confidentiality, cryptography, authentication, authorization, and Kerberos. You will also find details on Security Assertion Markup Language (SAML), XML Key Management Specification (XKMS), XML Encryption, Hypertext Transfer Protocol-Reliability (HTTP-R) and more. It provides delegates with up-to-the-minute information on tools, standards, vendor initiatives, and hands-on solutions to understanding and implementing secure Web Services. Practical examples are used throughout the seminar to present real-world solutions to Web security issues. WHAT YOU WILL LEARN How to develop security goals and requirements How to determine security roles and responsibilities How to manage risk How to provide cryptography, authentication, and authorization How to identify Web Services security limitations How to use public key certificates How to manage digital signatures How to specify SAML, XACML, WS-Security, and other standards How to secure eportal and ebusiness data How to secure COM+,.NET, J2EE, and CORBA infrastructures and apps How to administer Web Services security How to plan and build secure Web Services architectures WHO SHOULD ATTEND Software Architects who need to plan and design secure Web Services systems Developers who will build secure.net and EJB Web Services applications, pass and delegate credentials across applications, and control the delegation of those credentials Security planners and developers who will create Web Services security strategies and implement XML Web Services security code
CREATING XML AND WEB SERVICES SOLUTIONS OUTLINE 1. The XML Language The XML Standard XML Syntax and Semantics XML Elements and Attributes XML Document Types Aggregating Document Types with Namespaces Structuring Documents with XML Schemas 2. XML Manipulating and Programming Formatting XML with XSL Transforming XML with XSLT Client and Server Formatting and Transformation DOM and SAX Application Interfaces Formatting Text with XSL-FO Managing Graphics with SVG 3. Web Services Architecture Service Oriented Architecture (SOA) The Web Services Model Web-Level Application Distribution Application Encapsulation Just-in-time Integration Brokers, Requestors, and Providers Creating a Web Service Publishing Web Services Locating and Invoking a Web Service 4. Transporting Messages with SOAP The SOAP Protocol SOAP Messaging and Encoding SOAP Design Patterns Handling SOAP Faults Binding SOAP Messages to Attachments SOAP Implementations 5. Describing Services with WSDL WSDL Architecture and Usage Creating WSDL Binding WSDL to SOAP XML Schema Data Typing Tools for Invoking and Generating WSDL 6. Publishing and Discovering Services UDDI Architecture and Data Model Publishing to a UDDI Directory Searching a UDDI Directory The UDDI Inquiry API UDDI Implementations Extending UDDI to ebxml WSIL: a De-Centralized Alternative 7. Major Tools and Environments.NET and J2EE Compared IBM, BEA, Oracle, and other Implementations XML Schema Generation Database Management XML Document Authoring Metadata and Data Transformation Content Management 8. Storing and Retrieving XML XML and Relational DBMS Storing and Generating XML from Relational Tables XML Column and Collection Storage Methods Mapping XML to Relational with Document Access Definition (DAD) Locating XML Elements or Attributes Accessing Data with Relational and XML Queries Integrating Stored Data with Application Servers 9. A Web Services Business Intelligence Framework Data Centric Architecture Distributed-Process Architecture Master Databases Data Warehouses Data Marts Business Intelligence Software Agents 10. Building a Web Services Application Client Tier Connectivity APIs and Services Business Partner Connectivity Registries and Repositories Thin and Thick Client Connectivity Implementing Web Services Shared Context Business Layer Back-End Integration 11. Designing for High Availability High Availability Factors Load Balancing System and Session Fail-Over Session Clustering Horizontal and Vertical Scaling and Cloning Planning for Redundancy Data Access Isolation Handling Transient Data 12. Integrating Applications with Web Services Data, Function, UI, and Business Process Integration Integration Services Requirements Connecting Third-Party Web Services ERP Support Integrating Web Services, XML, and EAI environments 13. Web Services Return on Investment (ROI) Analyzing ROI Benefits Risks ROI Formulas ROI Case Study 14. Action Workshop Status, Goals and Action XML Standards XML Development Web Services Architecture Web Services Integration
SECURING THE WEB SERVICES ENVIRONMENT OUTLINE 1. Web Services Security Overview Information Security Goals Security Responsibilities Managing Risk Cryptography Authorization 2. Application Security Example Walk-Through Business Requirements The Example Application Security Requirements Security Features Security Limitations 3. XML and Web Services (WS) Security Facilities Public Key Encryption and Digital Signatures Public Key Certificate Format and Infrastructure XML Encryption and Signature WS-Security Functionality and Structure WS-Security Facility Example 4. Security Assertion Markup Language (SAML) SAML Concepts and Functionality SAML Assertions and Statements SAML Protocols Single Sign-on Privacy and Trust Issues SAML, XACML and WS-Security 5. Primary Principles: Requirements and Options Authenticating eportal and ebusiness Data Protection Protecting ebusiness Data Authorization Authorizing ebusiness Transactions 6. Implementing Web Services Infrastructure Security Basic Distributed Security Implementation CORBA COM+.NET J2EE 7..NET Web Services Security IP Security Facilities Creating Microsoft Technology Web Services ASP.NET Web Services Security Data Protection Access Control Audit 8. Java Web Services Security Traditional versus Web Services Java Security Data Protection Access Control Using SAML with Java Application Servers and JSR Compatibility Example JWASP and JWSDP Applications 9. Web Services Security Technology Interoperability Security Interoperability Issues Layered Security Perimeter Security Tiered Security Propagating Authentication and Authorization Maintaining Security Context Web Services Delegation Internet versus Intranet versus Extranet Example Application Walk- Through 10. Administration in the Web Services Environment Using Security Attributes Role-Based Access Control Delegation Audit, Authentication and Data Protection Administration Formulating the Security Policy Integrating Web Services Development and Security Administration 11. Planning, Designing and Building Secure Web Services Architecture Security Challenges and Evolution Security Architecture and Policy Principles Functional and Nonfunctional Requirements eportal and ebusiness Requirements Deploying Security Using a Security Policy Server Scaling and Performance Issues
" INFORMATION PARTICIPATION FEE Creating XML and Web Services Solutions 1400 Securing the Web Services Environment 1200 Special price for the delegates who attend both seminars 2450 The fee includes all seminar documentation, luncheon and coffee breaks. VENUE Residenza di Ripetta Via di Ripetta, 231 Rome (Italy) HOW TO REGISTER You must send the registration form with the receipt of the payment to: TECHNOLOGY TRANSFER S.r.l. Piazza Cavour, 3-00193 Rome (Italy) Fax +39-06-6871102 within March 20, 2006 PAYMENT Wire transfer to: Technology Transfer S.r.l. Banca Intesa S.p.A. - Agenzia 3 di Roma Iban Code: IT-34-Y-03069-05039-048890270110 GENERAL CONDITIONS If anyone registered to participate is unable to attend, a substitute may participate in their place. A full refund is given for any cancellation received more than 15 days before the seminar starts. Cancellations less than 15 days prior the event are liable for 50% of the fee. Cancellations less than one week prior to the event are liable for the full fees as invoiced. In case of cancellation of the seminar, Technology Transfer s responsibility only applies to the refund of the participation fees which have already been forwarded. SEMINAR TIMETABLE 9.30 am - 1.00 pm 2.00 pm - 5.00 pm JOHN KNEILING CREATING XML AND WEB SERVICES SOLUTIONS Rome April 3-5, 2006 Residenza di Ripetta - Via di Ripetta, 231 Registration fee: 1400 SECURING THE WEB SERVICES ENVIRONMENT Rome April 6-7, 2006 Residenza di Ripetta - Via di Ripetta, 231 Registration fee: 1200 BOTH SEMINARS Special price for the delegates who attend both seminars: 2450 If anyone registered is unable to attend, or in case of cancellation of the seminar, the general conditions mentioned before are applicable. first name... surname... job title... organisation... address... postcode... city... country... telephone... fax... e-mail... Stamp and signature Send your registration form with the receipt of the payment to: Technology Transfer S.r.l. Piazza Cavour, 3-00193 Rome (Italy) Tel. +39-06-6832227 - Fax +39-06-6871102 info@technologytransfer.it www.technologytransfer.it
SPEAKER John Kneiling is Principal Advisor at The TechPar Group. His clients at TechPar include Cognos, Ascential Software, The Federal Reserve Bank and NATO. Prior to joining TPG, Mr. Kneiling was a Director of WebEAI, where he created the XML and Web Services strategy for Bristol-Myers Squibb s Global Strategic Sourcing Group. He was formerly Vice President of Information Architecture at MetLife, a Fortune 500 Financial Services Company, where he was responsible for information flow throughout the company, its affiliates, customers, suppliers and partners, using B2B e-commerce, XML strategies and Web-Enterprise application integration. Prior to joining MetLife, he was with International Systems Group, DataBase Associates, Codd & Date, Price Waterhouse, Citibank, The Bank of New York and Con Edison. Mr. Kneiling has participated as a speaker in numerous user and professional groups, has authored a number of books and articles on computer technology.