Authorisation Workshop: Concepts and Implementation with Omar Bashir
“It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.”
Stephane Nappo, Global Head of Information Security, SocGen .
On 28th July we’re running our first ever LJC Workshop! We wanted to chat to a few of the speakers ahead of the big day. We’re starting off with Omar Bashir, speaker at the Authorisation: Concepts & Implementation session to find out what to expect…
1. Who do you think should come along?
The workshop is aimed at intermediate and skilled Java developers who are interested in learning about information security in general and authorisation in particular.
The workshop will start with an introduction to authorisation, and will explain the difference between authorisation and authentication, which is often misunderstood. Apache Shiro, an open source Java security framework will then be introduced with a focus on its authorisation features. This will be followed by a hands-on coding exercise involving the use of Shiro to secure a simple console application. Introduction to an extension of Shiro’s domain model will be presented, which can facilitate application domain level authorisation abstractions like application licensing, compound entitlements, timed/period permissions etc.
2. What do you think are the three most interesting questions that this workshop will answer?
a) How to define authorisation and access control policies for information systems.
b) How to rapidly develop a flexible authorisation mechanism and integrate it with an application.
c) How to model and implement application domain level authorisation abstractions using an authorisation framework.
3. Why do you think this workshop is important for people?
With access to most of our physical and virtual assets possible digitally, the need for information security has never been greater. This is abundantly evident with the high-profile data breaches in prominent technology companies. Governments have had to step in to enforce regulations on companies collecting data to ensure security and privacy of personal and financial data.
Most prominent of these regulations is the EU’s GDPR (General Data Protection Regulation) which reaffirms that an individual’s personal data is their property. Companies collecting that data, albeit with individuals’ consent, are the custodians of that data with obligations to securely maintain it. Violation of this regulation has unprecedented penalties with fines up to 20 million Euros or 4% of annual global turnover, whichever is the highest.
Security, therefore, is no longer an afterthought in systems development. Nor is it a dark art practiced by mysterious employees in the cyber security departments of a company. It is now a key functional requirement in most products and services and is required to be engineered alongside other features.
Hence, it is important for application developers to increase their knowledge and skills in information security principles, technologies and practices. Key objective of this workshop is to introduce one of the dimensions of information security, authorisation, to the participants.
4. Any advice for junior developers entering the industry?
While developing skills and knowledge in new technologies, also develop and practice the ability to deliver sophisticated solutions with simplicity. Problems plaguing the technology industry stem from undue complexity, resulting from the desire to use unnecessary patterns and frameworks; leading to frequent rework and huge support burden in several companies. Focus on your users, on optimising their processes and removing bottlenecks using efficient, effective and economical technology.
If you’d like to come along, the session is on Saturday 28th July, 9.30 – 3.30 @ IBM, SE1 9PZ and you can register here.