i will do three talks and the post-conference at DevWeek 2005 in Lodon. Other speakers include tim ewald, ingo rammer, jeff richter, jeff prosise, simon horell and dino esposito…
Designing Application Managed Authorization
Authorization is a task, which every programmer has to face sooner or later. While authentication is handled in most situations by the operating system, authorization concepts have to be designed on a per application basis. The .NET Framework provides various authorization mechanisms to control the functionality of applications so that they behave as intended and cannot be misused either accidentally or deliberately. These include role based access checks using windows or non-windows accounts, Microsoft Authorization Manager, COM+ role based security and code access security authorization. This session provides guidelines for designing and coding application-managed authorization for single or multi-tier applications that are based on .NET. It focuses on common authorization tasks and scenarios, and it provides information that helps you choose the best approaches and techniques.
New Security Features in .NET 2.0
.NET 2.0 provides provides a vast amount of important additions and updates to security. New Features include SSL Server Support, Kerberos/SSPI Support for Remoting and Sockets, ClickOnce, managed Access to the Windows Certificate Store and the PKCS (Public-Key Cryptography) Standards, Starting Processes in a new logon session, support for the Data Protection API and access to Windows ACLs. This talk shows you what to expect from these new APIs and how the solve the shortcomings of 1.1. You will see these features of the next generation of the .Net Framework will meet real-world requirements.
Building Managed Apps with WMI and .NET
WMI is a technology to manage nearly every aspect of your Windows landscape. This talk shows you how WMI works, how you can access the WMI repository from .net, subscribe to management events and instrument your own applications. Attendees will see the WMI Explorer for Visual Studio .NET and some real world management and security issues.
and the post-conference:
Building Secure Distributed Applications
In this all day workshop you will learn how to secure every single tier of your distributed applications. Including how to do authentication, authorization, how to flow identities between your layers and how to separate the business logic from your authorization logic. You will see how to avoid common programming mistakes like sql injection, cross site scripting and canonicalization errors and how to implement partially-trusted applications and servers to live the least privilege life-style.