I generally recommend to clients that DataPower RBM (Role-Based Management) be configured to perform authentication and authorization of DataPower administrators[…]
Read moreCategory: Security
DataPower Appliances & HSMs
I’ve been in a couple of shops that have used the HSM module option of DataPower for FIPS 140-2 v2[…]
Read moreJBoss World 2012 Session…
I will be presenting at JBoss World 2012 in Boston the last week of June. I’ll be presenting with Anil[…]
Read moreSymmetric Keys—Addendum
A couple of weeks ago I wrote a brief post about how to generate symmetric keys that can be used[…]
Read moreSSL Handshake—The Visual
This is an old picture that I made for a 2010 JBoss World security presentation. It came in handy not[…]
Read moreSOA Security Reading Material
At nearly every client site, I’m asked to put together a recommended reading list on a variety of subjects. Web[…]
Read moreWhat is an XML Gateway?
An XML Gateway is an externally-facing DMZ tier of a web services platform. Generally, this DMZ tier will be facing[…]
Read moreSecure Identity Propagation using WS-Trust, WS-Security, and SAML2
I gave the following presentation at IBM Impact in April, 2011. This session will explore hypothetical requirements for a secure[…]
Read moreHTTP Client – Form-Based Authentication
This article continues the discussion started in the Servlet Authentication article. Here we discuss Form-Based authentication; another common form of[…]
Read moreServlet Container Authentication
There are three required authentication mechanisms supported by a compliant Servlet Container: HTTP Basic Authentication, Form-based Authentication, and CLIENT_CERT authentication. This article describes Servlet Container authentication.
Read more