Hartford

Sponsors
We would like to thank [Ounce Labs], [Forrester Research], [Cigital], [Whitehat Security], [Oracle] and [Microsoft] for their generous support and helping make application security visible...

Upcoming Events
Agenda: Wednesday, June 11th 2008

FOOD & NETWORKING: 5:30 - 5:45 PM

OPENING REMARKS: 5:45 - 6:00 PM James McGovern, Chapter Lead

CARDSPACE AND USER CENTRIC IDENTITY: 6:00 - 6:45 PM Chris Winn, Security Evangelist, Microsoft

IDENTITY GOVERNANCE FRAMEWORK: 6:45 - 7:30 PM Prateek Mishra, Product Manager, Oracle

Q&A and Raffles: 7:30 - 7:45 PM We will be raffling a Microsoft Zune Player, Apparel and Gift certficates to local restaurants

Topics for June
CardSpace and User Centric Identity The CardSpace system is a new feature of Windows (XP, Vista and W2K3) that allows users to control their digital identity via the simple and familiar metaphor of a set of cards. When a user wants to access a web site or web service, rather than provide their username and password, they select a virtual card from a special, security-hardened UI - much like you would select a physical card from your wallet or handbag to identify yourself. This Information Card represents the digital identity of the user and enables services to receive all the data they need to authenticate and authorize the user.

Information about the user is provided in a secure and consistent way by Identity Providers such as the users employer, their bank, their government or indeed by the user themselves. The user can determine exactly what information is disclosed and to whom, while the identity provider asserts the validity of that information.

By using standard, interoperable web service protocols - e.g. WS-Security, WS-Trust - and ubiquitous web protocols - e.g. HTTP POST - the CardSpace system is able to provide users with a simple, consistent and secure sign-on experience while developers can add support for Information Cards to their web sites and services very easily, regardless of the platform and tools they choose to use.

Identity Governance Framework Identity governance is an issue of particular importance in today’s society of identity theft and increasing understanding of the importance of privacy. This presentation will outline use cases for defining a framework to help enterprises easily determine and control how identity related information, including Personally Identifiable Information (PII), access entitlements, attributes, etc. are used, stored, and propagated between their systems.

The Identity Governance Framework (IGF) will enable organizations to define enterprise level policies to securely and confidently share sensitive personal information between applications that need such data, without having to compromise on business agility or efficiency. Furthermore, it will ease the burden of documentation and auditing of these controls, allowing organizations to be able to quickly answer questions on how personal information such as social security numbers and credit card data is being used, by whom, at what time, and for what purpose.

The Identity Governance Framework is designed to allow: (1) application developers to build applications that access identity-related data from a wide range of sources, (2) administrators and deployers to define, enforce, and audit policies concerning the use of identity-related data. As proposed, IGF will have four components: (a) identity attribute service, a service that supports access to many different identity sources and enforces administrative policy (b) CARML: declarative syntax using which clients may specify their attribute requirements, (c) AAPML: declarative syntax which enables providers of identity-related data to express policy on the usage of information, (d) multi-language API (Java, .NET, Perl) for reading and writing identity-related attributes.

Past Events
Agenda: Wednesday, April 30th 2008

OPENING REMARKS: 5:30 - 6:00 PM Alexander Daniels, CO-Chapter Lead

THE IDIOTS GUIDE TO DEVELOPING BAD ENTERPRISE APPLICATIONS AND WORST LOGGING PRACTICES:6:00 - 7:00 PM Anton Chuvakin, Chief Logging Evangelist, LogLogic

KEEPING SECRETS: APPLICATION SECURITY IS A BUSINESS IMPERATIVE: 7:00 - 8:00 PM Jack Danahy, CTO and Founder, Ounce Labs

Agenda: Thursday, February 28th 2008

OPENING REMARKS: 5:30 - 6:00 PM James McGovern, Chapter Lead

HOW WEB 2.0 HAS CHANGED THE LANDSCAPE OF APPLICATION SECURITY: 6:00 - 7:00 PM Chenxi Wang, Principal Analyst at Forrester Research

EXPLOITING ONLINE GAMES: 7:00 - 8:00 PM Gary McGraw, CTO of Cigital

Locations
All meetings are held at The Hartford, One Hartford Plaza, Hartford CT 06115 in our Tower Building. Free parking is available in our Tower Ramp Garage.