OASIS: Integrating Standards for Web Services, Business Processes - PowerPoint PPT Presentation

About This Presentation
Title:

OASIS: Integrating Standards for Web Services, Business Processes

Description:

Developing guides, business rationales & scenarios, use cases ... consultants, and business partners ... Guides, White Papers: Information Security Strategy ... – PowerPoint PPT presentation

Number of Views:38
Avg rating:3.0/5.0
Slides: 9
Provided by: patrick5
Category:

less

Transcript and Presenter's Notes

Title: OASIS: Integrating Standards for Web Services, Business Processes


1
www.oasis-open.org
Jim Hietala Vice President, Security
44 Montgomery Street Suite 960 San Francisco,
CA 94104 USA Tel 1 303 495 3123 Cell 1 303 995
5387 j.hietala_at_opengroup.org www.opengroup.org
2
Security Forum Vision Mission
  • The Open Group Boundaryless Information Flow,
    achieved through global interoperability in a
    secure, reliable and timely manner
  • The Open Group Security Forum To facilitate the
    rapid development of secure architectures
    supporting boundaryless information flow through
  • Development of industry standards, either
    independently or through co-operation (adopt,
    adapt, publish)
  • Developing guides, business rationales
    scenarios, use cases
  • Developing reference and common system
    architectures, and support services
  • The Open Group also manages and supports the
    Jericho Forum

3
IT Changes Affecting Security
  • Web 2.0 coming to most enterprises, like it or
    not
  • Consumerization of IT with mobile devices
  • Shift in user patterns an increasing of user
    logins are now contractors, consultants, and
    business partners
  • Perimeter security model proving ineffective at
    securing this evolving environment

4
Web Security Study
  • 7 of sites compromised automatically
  • 7.7 of sites had a high severity detectable
    through scanning
  • 9 of 10 sites have at least one serious
    vulnerability
  • Average of 7 vulnerabilities/site

Web Application Security Consortium, 2007, and
White Hat Security, analysis of 600 sites
5
Security Standards Needs Exist at Multiple Levels
  • Security function interoperability- SAML, XACML,
    etc.
  • Implementation levelISO27002, PCI DSS, etc.
  • Architecture need for new standard security
    architecture describing information-centric vs.
    perimeter-centric security

6
The Open Group Security Forum Key
Accomplishments
Guides, White Papers Security, Privacy, DRM,
Identity Management, PKI, IdM Architectures,
Security Design Patterns, Electronic Chattel
Paper, Trust models, Common Core Identifiers
Guides, White Papers Information Security
Strategy
Standards CDSA- Authentication API AZN-API-
Authorization API UAS
12/2007 Integration of Network Applications
Consortium
Standards XDAS- Distributed Audit Service APKI-
Architecture for Public Key Encryption XSSO-
Single Sign-On CDSA
Standards DCE- Distributed Computing
Environment XBSS- Baseline Security
Services XDSF- Distributed Security Framework GSS
API- Generic Security Services
7
The Open Group Future Security Activities
www.oasis-open.org
  • Continued support of Jericho Forum activities
  • Ongoing standards work in these areas
  • Risk management taxonomy
  • Secure Mobile Architectures
  • Trust models
  • XML platform compliance reporting
  • Standard security architectures
  • Initiating Security Practitioners Conferences
  • Workshop approach to develop understanding and
    requirements around key emerging security issues
    such as Cloud Computing and Virtualization

8
Thank You!
Write a Comment
User Comments (0)
About PowerShow.com