Silicon Valley Code Camp : October 3rd and 4th, 2009
Marc Chanliau has been in the software engineering industry for over thirty years in various capacities, from developer to development manager to product manager. Marc has been an Oracle employee for 5 years in Redwood Shores, California, first as the director of product management for Oracle Fusion Middleware platform security, and more recently as the lead technical "evangelist" for Oracle's identity management offering. Marc's fields of expertise include cryptography, the Java security model, and XML security standards (Marc is one of the early co-author of the Security Assertion Markup Language -- SAML, and participated in the definition of several other XML security protocols). Marc is a frequent speaker at worldwide high tech conferences including JavaOne, RSA Conference, Oracle Open World, Burton Catalyst, Gartner Security Summit. Marc received his Master's degree in computational linguistics from the University of Paris VI (now Pierre and Marie Curie University).
Java EE security has limitations (static within a deployed application, not granular, and Java EE roles are not hierarchical). Java Authentication and Authorization Service (JAAS) mitigates many of the Java security model drawbacks, but it doesn’t support security services such as single sign-on, audit, role mapping, etc. This presentation describes a standards-based security services framework that builds on JAAS and other Java standards, allowing Java programmers to weave security in their applications declaratively, independently from business logic.