Dr. Lorenzo D. Martino
Purdue University, USA
Title of talk: Web Services security: Standards, Challenges, and Research
Summary of talk: Web Services promise to be the technology that makes it possible the development and large-scale deployment of service-oriented enterprises demanded by the global outsourcing of business functions. Agile adaptation to changing business needs, interoperability, and security are the key issues that must be addressed to fulfill this promise. Due to the distributed nature of Web Services, achieving Web Services security requires adopting, composing, and interoperating different security mechanisms operating at multiple architectural layers.
The talk will present the current Web Services security standards, their status, relative maturity and adoption, their relations with emerging technological solutions such as XML firewalls, Web application firewalls, Virtual Machine environments and biometrics, the technical and organizational challenges they raise, the role of legal and contractual aspects. The talk will also discuss relevant research issues in Web service security.
The talk will first present the core consolidated Web Services security standards that provide for the security of XML payloads and SOAP messages; then it will discuss the standards addressing the specification of security policies for the different aspects of Web Services, such as message security and access control, to standards for Identity Federation. The talk will be concluded by a short overview of open research issues.
Biography: Lorenzo D. Martino is Visiting Assistant Professor at the Computer and Information Technology department of Purdue University. He leads research in the area of Web services and service oriented architecture with focus on security techniques and security standards. His recent research interests in such area include security services for healthcare applications and for personal healthcare records, multi-domain role-based access control for pervasive environments, and flexible negotiation-based access control for Web services. He is also a member of the Purdue Cyber Center, where he leads research on the use of massive data management for digital library and virtual museum applications. He is a co-author of a forthcoming book on security for Web services and service oriented architecture and teaches graduate courses on security for Web service technology.
Before joining Purdue, he was senior researcher at the Department of Computer Science of the University of Milano (Italy). At the University of Milano he coordinated a research team working in European Community funded projects, including the TrustCom research project (http://www.eu-trustcom.com/) which investigated Trust Negotiation techniques and Security Policies for Virtual Organizations. He has more than 20 years of experience in computer and information technology in various technical and managerial roles. His industrial experience includes software product development at computer technology manufacturers, and the development, integration and service management of critical solutions in large corporate financial environments.