Pattern Driven Security Design, for Web Tier

Tech. Long Talk
Tuesday, 1 June 2010, 11:00-11:50, Arena 7

Manish Kumar Maheshwari
VeriSign Services

AJAX has become a benchmark for web applications. Users are expecting the richness and interactivity of desktop from the web. The paradigm shift towards interaction, collaboration, social-networking sites, sharing, and mash-ups, is presenting greater security challenges for the AJAX applications.
Various client side Java technologies & frameworks often baffle the architects with the problem of implementing security in a uniform manner, even as the underlying frameworks and technologies change.
This session presents an approach towards designing a web application with Security Patterns. It provides a unified approach towards architecting security in web applications that is agnostic of technologies & frameworks beneath. The implementation strategy for deploying these patterns with different frameworks is presented, as we walk through these security patterns.
These security design patterns are covered in the session, with use cases:
1. Secure Base Action
2. Intercepting Validator
3. Authentication Enforcer and Authorization Enforcer
4. Secure Pipe
5. Intercepting Web Agent
The session presents the patterns under the purview of “design pattern template” comprising:
1. Problem: Explains the security concerns addressed by the pattern. The various security attacks and threats that are dealt by this pattern.
2. Motivation: Details the stimulus that affects the security problem.
3. Solution: Describes the reason and justification for choosing the pattern. The approach is discussed briefly.
4. Structure: The collaborators in the pattern are discussed with UML class diagrams and sequence diagrams.
5. Strategies: This section discusses various strategies for implementing and deploying this pattern with various client-side technologies and frameworks. The alternative implementations are discussed.
6. Consequences: The result and trade-off of using the pattern is discussed.

The attendees will learn to architect an application with a systematic approach towards security architecture. They will be able to apply the security patterns in a uniform way, across technologies.
While security considerations are always at the top of the mind, the varying, and often contrasting client-side technologies baffle the architects and designers about implementing the security considerations.
This session presents a pattern language for security design patterns, and the implementation strategies for an array of underlying client technologies. This enables the architects to uniformly apply the general reusable solution, in different technologies and situations.

Tuesday, 1 June 2010
Wednesday, 2 June 2010
Thursday, 3 June 2010

Networking Groups

Follow Jazoon


Jazoon in a Nutshell

What happened at Jazoon'10

First Day
Second Day
Third Day

Presentation Slides

Jazoon Rookie

Platinum Sponsors

Gold Sponsor

Silver Sponsors