When: July 27, 2010 12:30-2:30pm, Room Aqua 302, Hilton Bayfront Hotel Where: Burton Catalyst San Diego Title: Authorization Standards Workshop Abstract: As authorization generally follows authentication in a given online transaction, standardization of authorization has generally followed that of web authentication standards like SAML, WS- Federation, and OpenID. This workshop will explore developments & trends in authorization standards, including OAuth (a community initiative now being standardized within the IETF), User-Managed Access (evolving within the Kantara Initiative) and XACML (an OASIS standard). We’ll also look at some authorization use cases that may imply new requirements of these protocols. Through a combination of presentations, panels and demonstrations – we’ll explore how these existing & emerging authorization standards fit into the enterprise & social web infrastructure. Agenda: Welcome, Intro & Overview Paul Madsen – 5 mins Preso 1 - XACML 3.0 Update It’s been more than 5 years since eXtensible Access Control Markup Language (XACML) version 2 was standardized at OASIS. In the meantime XACML has grown in popularity as a standard and the number of production XACML implementations continues to grow steadily. XACML 3.0, currently in the final stages of ratification, contains significant enhancements that will enable it to keep pace with growing enterprise demands. In this session, Gerry Gebel will describe the enhancements to version 3.0, including the SAML 2.0, Delegation and Multiple Decision Request profiles. Gerry will also provide use case samples of how new features of XACML 3.0 can be implemented. Gerry Gebel, Axiomatics – 25 mins Preso 2/use case - OAuth As today’s businesses increasingly shift their processes into the cloud, a simplified set of design patterns and standards are required to harmonize the speed and compelling economics of the cloud with companies’ existing Identity management systems and processes. Topics will include the evolution of OAuth2, and it’s applicability to enterprise use-cases for cloud authorization and API federation. Chuck Mortimer, Product Management Director, Identity & Security, Salesforce.com – 25 mins Break 5 mins Preso 3/use case - IASWG overview and review of authorization use cases Description of IASWG purpose and goals, review authorization use cases received by IASWG thus far, review Concordia AuthZ Survey results. John Tolbert, Boeing & Gavin Illingworth, BMO – 25 mins Preso 4/use case - Federation Authorization and the Cloud – Why A Pragmatic Approach is Important Harding will discuss what organizations are doing today in the context of federation and authorization. Further he will examine what are the next pragmatic steps organizations should consider such that they can successfully implement a federated authorization model for cloud computing. Patrick Harding, PingID – 25 mins Closing comments 10 mins Please RSVP to Dervla O’Reilly, dervla[at]kantarainitiative[dot]org Event details: http://www.catalyst.burtongroup.com/NA10/ConferenceElements.html Burton Catalyst agenda: https://burtongroup.wingateweb.com/na2010/scheduler/weekAtGlance.do ________________________ Dervla O’Reilly Program Manager Kantara Initiative +1 415 731 4487 business +1 415 948 3650 mobile +1 509 757 4487 fax dervla[at]kantarainitiative[dot]org http://www.kantarainitiative.org