9:00 - 10:00 | ACCESS CONTROL SESSION

Extensible Access Control Markup Language (XACML) Update
Speaker: Hal Lockhart, Principal Engineering Technologist, BEA Systems
This presentation will provide an overview of the XACML 2.0 Standard including its features and standardization history. It will also discuss current work in progress at OASIS on XACML 3.0.

The Need of SDO Collobaration as an Enabler of SOA in NGN
Speaker: Abbie Barbir, Senior Advisor, Web Services, Nortel's Strategic Standards Group
The talk will provide a brief overview of current activities in ITU-T SG 17 as a lead group on the study of security. The importance of SAO as a deriving factor in converged networks will be discussed. The use of SAML and other technologies in the development of Identity Management solutions for NGN networks will be illustrated. The need of colloboration among various SDOs in the Web Services space will also be addressed.

11:00 - 12:30 | THE USE OF SAML IN GOVERNMENT: A CASE STUDY PANEL

The Identity and Authorization Management in e-Government System: Requirements and Implemention Methods
Speaker: Chuan Liu, Vice Chief Architect, TongTech Co., Ltd.
The primary purpose for an e-government application service platform on both the city and district levels is to provide the necessary facilities to support data sharing and exchange, application services, and presentation tools. In this presentation, the speaker will introduce the security and implemention needs of identity authentication and authorization within e-government. It will address how an e-government application service platform needs to be able to support a two-level structure on both the city and district levels respectively, and based on SOA. This service platform would have to integrate and provide users and applications with unified authentication and Single Signon (SSO) services.

The Role of SAML for Identity Management in the Danish Public Sector
Speaker: Søren Peter Nielsen, Chief Consultant/IT Architect, Danish National IT and Telecom Agency
This session will present the reasons why the Danish public sector chose SAML 2.0 as the preferred standard for federation. The session will also provide a status on the current implementation of federation within the Danish public sector, including the challenges of having competing standards and specifications in this federation space.

GUIDE Project for a Consistent Approach to Identity Management Across the EU and Its Use of SAML and Liberty Alliance
Speaker: Keiron Salt, Solution Architect, British Telecommunications
This talk will address the GUIDE project to provide a consistent approach to identity management across the EU. The speaker will describes how profiles of the SAML 2.0 and Liberty Alliance standards have been proposed to meet the requirements of this GUIDE.

The Requirements for Federation within the UK Government
Speaker: John Hughes, Identity and Passport Service, UK Government
Throughout one's life there are many interactions between an individual and the government, such as the registration of birth, obtaining a passport, and submitting a tax return. Identification of individuals is a fundamental part of everyday life for commerce and government. In today's multi-faceted electronic society government must endeavour to improve their levels of public service, and in particular provision of a seam-less e-service system. To enable joined-up government the UK government is implementing their "Transformational Government" strategy. The two key strands of this strategy are Identity Management and use of shared services/delivery. Federation has a significant role in enabling disparate identity information to be appropriately joined together, as well as providing traditional Single Sign-On functionality, which standards like SAML provides. This presentation will cover everything from the outline of the current Identity Management environment within the UK, to what the future will look like.

13:30 - 15:00 | SOA AND SECURITY SESSION

XML, Web Services and SOA: Data Protection and Privacy Opportunities and Challenges in the Government Sector
Speaker: Rich Salz, Senior Security Architect, IBM
This session will provide a guide for attendees to understand how to identify and address security-related issues involving the construction, deployment, and maintenance of SOA frameworks. Attendees will learn how standards-based efforts including WS-Trust, WS-Security, and Security Assertion Markup Language (SAML) are being used for end-to-end message security, federated authentication and authorization to help fortify SOA defenses without wholesale forklift upgrades of existing IT infrastructure.

SOA Federated Identity Management: What Do You Really Need?
Speaker: Andrew Townley, Managing Director, Archistry Limited
There are many options for applying federated identity management to a loosely-coupled SOA environment. This presentation will discuss some of the considerations and implications in choosing a federated identity model within your SOA infrastructure and how they affect the authentication and authorizaion of message delivery.

Web Services Reliable Messaging and Security
Speaker: Paul Fremantle, VP/Tech, WSO2
This session will cover how the Web Services Reliable Messaging (WSRM) specification enables reliable services, and explore how to secure reliable exchanges. The speaker will cover how WSRM composes with security models including SSL/TLS and WS-SecureConversation.

15:30 - 16:30 | SECURITY IN WEB SERVICES SESSION

Semantic Web Services: Role of Security, Authorization, Privacy and Trust in Semantic Web
Speaker: Nima Dokoohaki, Master Student of Software Engineering of Distributed Systems, Royal Institute of Technology (KTH)
The speaker will present the audience with concepts, technologies and standards that will be involved in grounding the concepts behind Semantic Web Services (SWS). The most important deliverable will be to define a possible connection between three sides: the OASIS Security works and standards, SWS, and e-government, business and citizens (through real-world scenarios). Key points of the presentation will include: envisioning SWS; the role of SWS and its usage in practice; pointing out the security issue in the context of SWS; defining a model of adopting; and reviewing grounded SWS case studies and how security can be injected in to these scenarios.

Case Study: The British Columbia Attorney General implementation of Web Services Security
Speaker: Toufic Boubez, CTO, Layer 7 Technologies
This talk will present the case study of the British Columbia Attorney General implementation of a Web services based integrated justice information system, along with the issues involved in a real-world deployment of Web services security, identity and access control.

16:30 - 17:30 | CLOSING PANEL - OPEN SOURCE AND SECURITY STANDARDS

Panelists during this closing session will discuss the issues wrapped around the use of open vs. closed source / traditional software and provide their views on how both approaches address important evaluation criteria such as security, quality, support, and TCO in public sector projects.

Moderator: Nigel Stanley, Practice Leader - IT Security, Bloor Research

Panelists: Simon Phipps, Chief Open Source Officer at Sun Microsystems, John Wailing, Director of Technical Policy, Cabinet Office, UK Government, Mike Morris, Head of Solution Architecture and Standards, Capgemini UK, John Gøtze, XML Standards Specialist and Technical Writer, and Paul Fremantle, VP/Tech, WSO2

17:30 | PROGRAMME ENDS