Speaker

Arne Koschel
IONA

Dr. Arne Koschel works as the international Technical Product Manager for IONA's Orbix Application Server Platform, which includes CORBA, J2EE, Mainframe integration and Web Services. Before this he got his PhD in computer science and worked as independent Enterprise Consultant and Software Architect. His background includes several years of experience in consulting, development, enterprise information systems architecture, research and project management. He published numerous articles and in books, is a regular speaker at international conferences and teaches tutorials and university lectures.

Presentation: "Security & Secure Interoperability in J2EE Application Servers"

Wednesday 13:00 - 13:45, Public Room
Wednesday 14:15 - 15:00, Public Room

Application security becomes an increasingly important topic especially for the next generation of enterprise wide Java 2 Enterprise Edition (J2EE) applications. As J2EE applications grow from Java Server Pages (JSP's), Servlets and basic Enterprise Java Beans (EJB) more and more J2EE applications will include the whole spectrum of J2EE features.

This will include of course JSPs, Servlets, and EJBs, but also as well need secure (and may even secure, 2-PC-transactional) interoperability amongst J2EE Application Servers and backend systems. Such systems are may integrated by means of CORBA, JCA, JMS etc. Especially larger companies use such features within their enterprise wide application systems including mainframes with e.g. Cobol/PL/I based IMS/CICS transactions.

While in J2EE 1.2 security issues were covered only in it's basics, which leaded to several proprietary security solutions, in J2EE 1.3 a fully standards based solution becomes reality by including JAAS and TLS/SSL. This talk will introduce these features, as well as take a look at some existing solutions in different application servers such as BES or WAS. It also will show some general examples for secure application architectures, e.g., one used in a large insurance company. Moreover the technical architecture and design of the security infrastructure for a J2EE application server and an enterprise security framework are presented using the IONA Orbix Application Server and the IONA Security Service as examples.

Pre-requisites
General J2EE knowledge

Intended Audience
Developers, Development Managers

Level
intermediate - advanced

Security & Secure Interoperability in J2EE Application Servers - (slides)

Please notice that the slides are password protected. You should have received an e-mail containing the required username and password.

Tutorial: "Introduction to CORBA, J2EE & Web Services concepts"
Friday 09:00 - 12:00

Tutorial: "Common J2EE Architectural Alternatives"
Thursday 13:00 - 16:00
J2EE serves as a reference architecture for enterprise applications. For each part of a multi-tier enterprise system, J2EE provides an implementation technology. However, it is not always easy to determine which technology to use, and how. For example, useful applications have been built using only Servlets and JDBC - no EJBs in between, whereas large-scale enterprise applications might use several J2EE elements, like JSPs/Servlets, different EJB types, back-end integration e.g. by means of CORBA and JMS-based messaging all together. This session explores different architectural alternatives when working with J2EE, outlines their strenghts and weaknesses, and gives enterprise application examples where they have been successfully applied.