TECHNOLOGY TRANSFER PRESENTS JOHN KNEILING WEB SERVICES AND XML Tools, Technologies, and Architectures SECURITY IN THE WEB SERVICES/XML ENVIRONMENT MAY 19-21, 2008 MAY 22-23, 2008 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY) info@technologytransfer.it www.technologytransfer.it
WEB SERVICES AND XML ABOUT THIS SEMINAR Web Services and XML are the technologies of choice for mainstream applications across virtually every major industry today. The standards and specifications for this technology are defined by W3C, Oasis, and other groups, as well as the vendors themselves, who support.net, Java, and other implementations. This seminar guides delegates through these architectural approaches, and examines tools and products that support the development of Web Services and XML applications and frameworks, including XML vocabularies, design, and organization, Web Services and XML implementation of a Service-Oriented Architecture (SOA),.NET and Java application servers, object-relational-xml mapping, XML databases, and XML Middleware. The course emphasizes Best-Practices in Web Services and XML development. YOU WILL LEARN TO Apply Service-Oriented Architecture to Web Services and XML Applications Develop applications to Web Services specifications Design a Web Services Application Develop an XML schema to support Business requirements Identify organizations that support and develop XML industry standards Choose an Application Server that conforms to Web Services and XML Standards Understand the strengths and weakness of.net and Java implementations Integrate.NET and Java applications using Web Services Choose an XML DMBS product Develop an XML database Query an XML database Integrate data and applications using XML Middleware Map XML, Relational, and Object-Oriented databases Implement and understand Web Services and XML Best Practices WHO SHOULD ATTEND Information Professionals responsible for Business Intelligence Frameworks IT Professionals who will design or develop Web Services and XML applications Professionals who will create or maintain the Web Services infrastructure or integrate it into the Enterprise Architects who will choose and/or integrate Web Service products, tools, or on-line services
SECURITY IN THE WEB SERVICES/XML ENVIRONMENT ABOUT THIS SEMINAR The unique characteristics of Web Services applications pose a significant challenge to the security of Web Services and XML applications and environments. In this seminar, delegates examine the various Web Services security schemes being designed and implemented by the industry and in the Business community, where security is always a top priority. Specific tools are examined so that delegates can integrate them into new and existing environments. This seminar explains how to implement secure Web Services and includes coverage of trust, confidentiality, cryptography, authentication, authorization, and Kerberos. You will also find details on Security Assertion Markup Language (SAML), XML Key Management Specification (XKMS), XML Encryption, Hypertext Transfer Protocol-Reliability (HTTP-R) and more. It provides delegates with up-to-the-minute information on tools, standards, vendor initiatives, and hands-on solutions to understanding and implementing secure Web Services. Practical examples are used throughout the seminar to present real-world solutions to Web security issues. YOU WILL LEARN HOW TO Develop security goals and requirements Determine security roles and responsibilities Manage risk Provide cryptography, authentication, and authorization Identify Web Services security limitations Create and use public key certificates Manage digital signatures Specify SAML, XACML, WS-Security, and other standards Secure eportal and ebusiness data Secure.NET, J2EE, and other infrastructures and apps Administer Web Services security Plan and build secure Web Services architectures WHO SHOULD ATTEND Software Architects who need to plan and design secure Web Services systems Developers who will build secure.net and EJB Web Services applications, pass and delegate credentials across applications and control the delegation of those credentials Security Planners and Developers who will create Web Services security strategies and implement XML Web Services security code
WEB SERVICES AND XML OUTLINE 1. XML Technology XML Principles and Architecture DTD: Document Type Definition XSD: XML Schema Definition Language XSLT: Extensible Stylesheet Language Transformations XQuery: XML Query Language XML 2. Basic Web Services Technology Web Services and SOA (Service-Oriented Architecture) WSDL: Web Services Description Language SOAP: Simple Object Access Protocol UDDI: Universal Description, Discovery, and Integration Basic Web Services Tools and Products 3. Advanced Web Services Technology Advanced Web Services Specifications and Applications WS-Coordination and WS-Transaction BPEL4WS: Business Process Execution Language for Web Services Web Services Security Standards and Implementations Reliable Messaging and Large Payload Transport Organizing Web Services with WS-Policy Advanced Technology Tools and Products 4. Developing XML Applications Integrating and Representing XML Documents Validating XML Data Administering XML Schemas Transforming XML Documents XML Data Query Approaches and Strategies XML Development and Integration 5. Developing Web Services Applications Utility, Business, and Controller Service Models Modeling Component Classes and Web Service Interfaces Web Services-Oriented Encapsulation Integrating Mixed Granularity Service Compositions Improving Web Services Functionality Integrating SOAP Messaging Web Services Development 6. Developing and Integrating XML and Databases XML and Relational Database Differences Integrating XML and Relational Databases Mapping XML to Relational Extending SQL to XML XML Native Databases Data that Support XML 7. Application Integration Strategies Application Integration Basics Levels of Integration Types of Integration Middleware Products Selecting and Defining an Integration Path How to Select Middleware Tools and Products 8. Integrating Legacy Applications with Web Services Application Integration Service Models Web Services Integration Components One-way Web Services Integration Point-to-point Integration with Web Services Controlling Data Access with Web Services Adapting Legacy Architectures to Web Services Legacy Application Integration 9. Web Services Enterprise Integration Enterprise Integration Architecture Service Models and Components Web Services Enterprise Integration Architecture Streamlining Integration Endpoint Interfaces Optimizing Endpoint Services Integrating Legacy Architectures Integrating Web Services Security Choosing Frameworks, Tools, and Products 10. XML Best Practices Planning XML Projects XML Knowledge Management Standardizing XML Applications Designing XML Applications Testing XML Applications XML Testing and Management 11. Web Services Best Practices Planning Web Services Projects Standardizing Web Services Designing Web Services Environments Managing Web Services Projects Implementing Web Services Testing Web Services Applications XML Testing and Management 12. Building a Service-Oriented Enterprise (SOE) SOE Activities, Services, and Processes SOE Business Modeling SOE Technology Architecture Supporting SOE with Web Services and XML Applying the XWIF Layered Scope Model (LSM) Product and Tools Support for the XWIF LSM
SECURITY IN THE WEB SERVICES/XML ENVIRONMENT OUTLINE 1. Web Services Security Overview Information Security Goals Security Responsibilities Managing Risk Cryptography Authorization 2. Application Security Example Walk-Through Business Requirements The Example Application Security Requirements Security Features Security Limitations 3. XML and Web Services (WS) Security Facilities Public Key Encryption and Digital Signatures Public Key Certificate Format and Infrastructure XML Encryption and Signature WS-Security Functionality and Structure WS-Security Facility Example 4. Security Assertion Markup Language (SAML) SAML Concepts and Functionality SAML Assertions and Statements SAML Protocols Single Sign-on Privacy and Trust Issues SAML, XACML, and WS-Security 5. Primary Principles: Requirements and Options Authenticating eportal and ebusiness Data Protection Protecting ebusiness Data Authorization Authorizing ebusiness Transactions 6. Implementing Web Services Infrastructure Security Basic Distributed Security Implementation Legacy CORBA and COM.NET J2EE 7..NET Web Services Security IP Security Facilities Creating Microsoft Technology Web Services ASP.NET Web Services Security Data Protection Access Control Audit 8. Java Web Services Security Traditional versus Web Services Java Security Data Protection Access Control Using SAML with Java Application Servers and JSR Compatibility Example JWASP and JWSDP Applications 9. Web Services Security Technology Interoperability Security Interoperability Issues Layered Security Perimeter Security Tiered Security Propagating Authentication and Authorization Maintaining Security Context Web Services Delegation Internet versus Intranet versus Extranet Example Application Walk- Through 10. Administration in the Web Services Environment Using Security Attributes Role-Based Access Control Delegation Audit, Authentication, and Data Protection Administration Formulating the Security Policy Integrating Web Services Development and Security Administration 11. Planning, Designing, and Building Secure Web Services Architecture Security Challenges and Evolution Security Architecture and Policy Principles Functional and Nonfunctional Requirements eportal and ebusiness Requirements Deploying Security Using a Security Policy Server Scaling and Performance Issues
INFORMATION PARTICIPATION FEE Web Sevices and XML: Tools, Technologies, and Architectures 1500 Securing in the Web Services/XML Environment 1200 Special price for the delegates who attend both seminars 2500 The fee includes all seminar documentation, luncheon and coffee breaks. VENUE Visconti Palace Hotel Via Federico Cesi, 37 Rome (Italy) SEMINAR TIMETABLE 9.30 am - 1.00 pm 2.00 pm - 5.00 pm HOW TO REGISTER You must send the registration form with the receipt of the payment to: TECHNOLOGY TRANSFER S.r.l. Piazza Cavour, 3-00193 Rome (Italy) Fax +39-06-6871102 within May 5, 2008 PAYMENT Wire transfer to: Technology Transfer S.r.l. Banca Intesa Sanpaolo S.p.A. Agenzia 4815 di Roma Iban Code: IT 34 Y 03069 05039 048890270110 GENERAL CONDITIONS If anyone registered to participate is unable to attend, a substitute may participate in their place. A full refund is given for any cancellation received more than 15 days before the seminar starts. Cancellations less than 15 days prior the event are liable for 50% of the fee. Cancellations less than one week prior to the event are liable for the full fees as invoiced. In case of cancellation of the seminar, Technology Transfer s responsibility only applies to the refund of the participation fees which have already been forwarded. JOHN KNEILING WEB SEVICES AND XML: TOOLS, TECHNOLOGIES, AND ARCHITECTURES Rome May 19-21, 2008 Visconti Palace Hotel - Via Federico Cesi, 37 Registration fee: 1500 SECURING IN THE WEB SERVICES/XML ENVIRONMENT Rome May 22-23, 2008 Visconti Palace Hotel - Via Federico Cesi, 37 Registration fee: 1200 first name... surname... job title... organisation... address... postcode... city... Stamp and signature BOTH SEMINARS Special price for the delegates who attend both seminars: 2500 If anyone registered is unable to attend, or in case of cancellation of the seminar, the general conditions mentioned before are applicable. country... telephone... fax... e-mail... Send your registration form with the receipt of the payment to: Technology Transfer S.r.l. Piazza Cavour, 3-00193 Rome (Italy) Tel. +39-06-6832227 - Fax +39-06-6871102 info@technologytransfer.it www.technologytransfer.it
SPEAKER John Kneiling is Principal Advisor at The TechPar Group. His clients at TechPar include Cognos, Ascential Software, The Federal Reserve Bank and NATO. Prior to joining TPG, Mr. Kneiling was a Director of WebEAI, where he created the XML and Web Services strategy for Bristol-Myers Squibb s Global Strategic Sourcing Group. He was formerly Vice President of Information Architecture at MetLife, a Fortune 500 Financial Services Company, where he was responsible for information flow throughout the company, its affiliates, customers, suppliers and partners, using B2B e-commerce, XML strategies and Web-Enterprise application integration. Prior to joining MetLife, he was with International Systems Group, DataBase Associates, Codd & Date, Price Waterhouse, Citibank, The Bank of New York and Con Edison. Mr. Kneiling has participated as a speaker in numerous user and professional groups, has authored a number of books and articles on computer technology.