Silicon Valley Code Camp : October 9th and 10th, 2010

Symon Chang

About Symon
Symon Chang, CISSP, CSSLP, is a Principal Member of Technical Staff at Oracle Corporation, developing Web Services solutions for WebLogic Server. He is a voting member of OASIS WS-SX TC, and has participated with various Web Services security standards committees at OASIS, W3C, and WS-I. He has ten years experience in developing Web Services security solution. Prior to Oracle, he was Sr. Security Architect, implementing WS-Security solutions at BEA, BlueTitan, TIBCO and CommerceOne. He received his MBA Degree from Golden Gate University, and M.S. Degree from San Jose State University.
{speaker.firstName} {speaker.lastName}

Speaking Sessions

  • The Five Biggest Myths about Web Services Security

    2:45 PM Sunday   Room: 8338
    Misunderstand and misuse of <i>Web Services Security</i> standards for applications will lead to over-engineering, poor-performance, bad-interoperability, and even insecure Web Services messages.</p> <p> This session will demystify the <b>Web Services Security</b> standards in doing SOA/Web Services message security. It will illustrate common mistakes and pitfalls in deploying Web Service security, such as Web Services security is too heavy to use, and keep it simple will be more secure.</p> <p> The session will also demonstrate use cases that use new technologies and standards, such as WS-SecurityPolicy, WS-Trust and WS-SecureConversation that reduce the risk and increase interoperability. The Web Services security is not just XML signature and encryption any more. </p> <p> If no interoperability, there will be no Web Service security. However, the interoperability will not be achieved automatically. This session will discuss interoperability issues and solutions when use standards Web Service Security to protect cross-platform SOA applications.</p> <p> Last but not the least, this session will talk about using <b>Web Services Security</b> technologies to protect Software as a Service (<b>SaaS</b>) in the <b>Cloud</b>. What security issues in the Cloud, and how WS-Security can help for the SaaS in the Cloud.