Marc Chanliau has been in the software industry for more than 20 years and is currently a director of product management at Oracle where he is responsible for Identity Management solutions and innovations. Mark is heavily involved in security and XML standards groups including serving as the first chair person of the OASIS Security Services Technical Committee (SSTC), which culminated in the adoption of SAML as an official OASIS standard, participating on the WS-Security Technical Committee, helping to define the Liberty Alliance 2.0 specifications, and participating in the Java Specification Request (JSR) committee.
One of the challenges IT organizations face is how to propagate identities in
complex business processes that are commonly found in Service Oriented
Architectures (SOAs). Identities, which are passed from one service
invocation to the next in a business process, give the process a user
context. Identities can be used to determine access rights to SOA services
and for audit and compliance purposes.
For example, consider a procurement business process for an application
that's used by a number of purchasing agents. Each agent has a different
purchasing privilege. Say a senior agent can purchase up to $50,000 in a
transaction, while a junior agent can buy only $25,000. If the business
process that enables the purchase is composed of a number of SOA services,
each service ... (more)
Web services are past the initial marketing hype. Early Web services were
part of experimental one-off projects within a single enterprise department.
Now, larger Web services deployments are moving outside of the enterprise
firewall to better leverage existing business partnerships and value chains.
Larger Web services projects come with a price, however. They are more
complicated to imp... (more)
Last month (WSJ, Vol. 4, issue 2), we looked at how Web services should not
depend on specific security environments and rules but should be managed as
part of all of an enterprise's corporate data assets such as Web
applications, ERP systems, and in-house applications.
We recommended that Web services security be integrated with the overall
enterprise security infrastructure at the very ... (more)
This article focuses on the value of Web services security. It is important
to understand what Web services are and their challenges, particularly
related to security. Traditionally, companies have relied on conventional,
transport-level security but this approach has its limitations. The market
now offers complementary XML-based solutions designed to secure documents
used in Web service... (more)
Marc Chanliau has been in the software industry for more than 20 years and is currently a director of product management at Oracle where he is responsible for Identity Management solutions and innovations. Mark is heavily involved in security and XML standards groups including serving as the first chair person of the OASIS Security Services Technical Committee (SSTC), which culminated in the adoption of SAML as an official OASIS standard, participating on the WS-Security Technical Committee, helping to define the Liberty Alliance 2.0 specifications, and participating in the Java Specification Request (JSR) committee.
Keith Bergelt
Gaurav Mantri
Aditya Banerjee
John Karamitsos
Kaj van de Loo
Bob Little
Alois Reitbauer
Chris Schin
Richard Gordon
Anil Parambath
