Josh Bregman

I'm in the process of getting the Boston chapter of the Cloud Security Alliance started. I'm just waiting for the "paperwork" to go through, but I'm really excited about what I'm hearing from customers about the cloud. Coming from Oracle, you get a bit of the "Larry Hates the Cloud" mindset, but in my limited time here at Vordel, I can see the deep interest from customers. Mark O'Neill has published a few articles recently on a few topics within cloud security (SSO to Google Mail and Security Checklist for Cloud Security) but there is single "Cloud Security" solution. Probably the only term less well defined than "Cloud" is "Security". CSA is starting a whole new focus are on "Security as a Service" - again we could have/and will continue to have a debate over what is a "Service". Unlike SOA, IT people are being asked by the business "What are we doing about the clo... (more)

How to Use XML Gateway with Asynchronous Web Service Using WS-Addressing

In general synchronous web-services are simpler and more common than asynchronous web services. I like them, because for 99% of cases, the security can be done at the transport level using 2-way SSL. Asynchronous web-services introduce additional security challenges - mainly that messages are likely to be in memory or on disk where the transport is not there to keep the contents of the message secure. The purpose of this post is not to explore the security challenges of using asynchronous web-services, but another complexity - proper handling of web-services callbacks through an ... (more)

Minutes from the Boston Chapter of the CSA's First Board Meeting

After many scheduling challenges, we had our first CSA Boston Chapter Board Meeting. The "Board" consists of me (Vordel), Prateek Mishra (Oracle),Matthew Gardiner (CA), and Kevin Fox (Cisco). A really good session for planning out the year. Here's the basic thinking: - Divide the CSA guidance into 4 units and have 1 meeting focused around each unit - The events will be about 2 hours - 1 hour on high-level information contained in the CSA guidance and 1 hour on a lower level details of someone who is actually living/implementing the scenario - We'll rotate the location among CA, Or... (more)

How to Integrate Web SSO with REST web-services using Oracle Access Manager

Nothing inspires me to blog like being stuck in an airport. I'm stuck in DC on a return from my first Vordel customer trip. We saw customers in San Diego, Los Angeles, Bay Area, and Seattle. Some of them there were very interested in the integration between Oracle Access Manager and Vordel . Once again, Mark O'Neill, CTO of Vordel to the rescue. The video demonstrates a few on the interesting scenarios combining a Web Access Management product with an XML gateway Authentication - By simply selecting Oracle Access Manager as a repository, usernames and passwords are authenticated ag... (more)

How to retrieve an OAuth token from a WS-Trust based Security Token Service (STS)

I'm finally back home after 4 straights days in airports. During the week I delivered a really interesting use case that I wanted to share. This was in support of a demo where the customer wanted to understand how OAuth works with the XML Gateway. Given the natures of POCs, I had already built much of the demo around the customer's other requirement - retrieving a SAML assertion via a WS-Trust based STS. I had to come up with a way to add the OAuth functionality to the existing scenario. I think the approach that I came up with is novel and so I wanted to share it on the blog. If... (more)