It‘s been a while since I last blogged about my JavaOne session. Slides are more or less finished, only the last touch is missing. First time for me with a totally Zen based presentation, I‘m looking forward to that! And I‘m working hard on a cool demo.
There is absolutely no Camel security knowledge required to attend my session! That‘s the stuff you will be learning. I recommend some (basic) Camel knowledge, I won‘t go into detail about that. You don‘t need any expert Camel knowledge, the basics are enough. And there are a two more JavaOne sessions on Camel, in case you want to fresh up your knowledge. Hopefully they will take place before my session.
As JavaOne 2012 is coming closer, it's time for some more information on my session CON3418 – Confident Data Transfers with Apache Camel Security.
As you might have already guessed, it's all about Apache Camel security. So, what exactly is so special about Camel security? Well, it is of course possible to secure any Camel communication with SSL/TLS, like any other http communication or web service calls for example. Not really special and associated with some disadvantages too. And that's where Camel security comes to the rescue. In fact, Camel security consists of more than one part, payload and route security are the important ones in this case. Payload security takes care of encrypting or signing the message content (a.k.a. payload). This can be classic cryptography (classic does not stand for the real classic cryptography like Caesar encryption) with the Crypto data format or XML based cryptography (XML Encryption) with the XMLSecurity data format. And of course digital signatures of the message content. In the other part of the session I will talk about route security. Route security protects the routes itself, taking care of who (user or user group) can call a route or particular route section. This is done with the Camel components for Apache Shiro or Spring Security.
A lot to talk about. And a lot of ideas and recommendations for securing your Apache Camel routes in your integration projects. Hope to see you in my session! And for the Camel fans: There is a second session on Apache Camel: CON2430 – Next Generation: Systems Integration in the Cloud Era with Apache Camel
As I'm making progress in creating the slides/ demos for my session, I will provide some previews here in my blog the next couple of weeks. Make sure to come back regularly…
July 5th 2012 is coming closer, and with that the Java Forum Stuttgart as well as my (German) session Sichere Software vom Java-Entwickler. This session will give you some ideas and recommendations for all of the problems and risks mentioned in the current OWASP Top 10. Since 10 is quite a number for 45 minutes, I'll mention some of them (5 to be exactly) rather as a quick overview and focus on the other 5. I'm not telling which 5 belong to which category yet, you'll have to attend my session to figure that out…
What you will get from the session are tips and tricks on how to avoid some of the top 10 risks in your applications. That's something every Java developer should know and use in his day to day programming. Hope to see you there!
Fantastic news today (with a little delay due to various reasons): My session on Confident Data Transfers with Apache Camel Security at JavaOne 2012 was accepted! So hurry up, sign up for it! It‘ll be all about securing Camel routes with XML-Security or normal cryptography and how to use Apache Shiro or Spring Security components to protect route access. All those topics are of course closely related to my latest article on Apache Camel Security – Payload Security in the German JAVAaktuell magazine 03/2012 as well as the follow up article Apache Camel Security – Route Security in 04/2012 (available in September).
This will be my first visit to JavaOne, hope to see you there!