The cloud, APIs and Internet of Things (IoT) are providing new opportunities for bringing enterprises, their customers and partners together. However, these technology developments also are bringing new challenges to protecting privacy, data, and other corporate assets. WSO2 Co-founder and CTO Paul Fremantle and WSO2 Director of Security Prabath Siriwardena will examine these issues in three sessions at the KuppingerCole European Identity & Cloud Conference (EIC) 2014.

WSO2 is a Platinum Sponsor of EIC 2014, which will run May 13-16, 2014 at the Dolce BallhausForum in Munich, Germany. At the event, WSO2 will demonstrate its integrated, 100% open solutions for identity management, governance, API management, and enterprise mobility management, which run both on-premises and in the cloud.

Additionally, WSO2 will host a half-day workshop, “Federated Identity & Access Management” on Monday, May 12, 2014, in advance of the conference at The Charles Hotel in Munich.

Keynote – Borderless Identity: Managing Identity in a Complex World

In his keynote presentation, WSO2 co-founder and CTO Paul Fremantle asserts that centralized identity management is dead, and passwords should be dead. He will examine how the identity assumptions of the first 50 years of computing are no longer meeting the needs of the 21st century.

Paul then will discuss the need to use open standards and open security models to federate identity and access control—not just across organizations but across different technologies, different standards and different models. Finally, he will introduce the concept of an “identity bus” as a reference architecture for solving these problems, enabling a strategically federated approach to identity, and creating approaches that support borderless identity.

The keynote will be held on Wednesday, May 14, 2014, from 8:50 – 9:10 a.m.

Presentation – An Ecosystem for API Security OAuth 2.0, OpenID Connect, UMA, SAML, SCIM and XACML

WSO2 Director of Security Prabath Siriwardena will discuss how enterprise APIs—both public and private—have become the preferred way of exposing business functions and need to be protected, monitored and managed. He then will examine how API security cannot be an afterthought and instead needs to be an integral part of any development project.

Prabath will next review how API security has evolved significantly in last five years, bringing exponential growth in standards, and he will discuss the need to weigh the tradeoffs of different options carefully. Finally, he will elaborate on how to build an ecosystem for API security around OAuth 2.0, OpenID Connect, Unlicensed Mobile Access (UMA), Security Assertion Markup Language (SAML), System for Cross-domain Identity Management (SCIM), and eXtensible Access Control Markup Language (XACML).

The presentation is part of a combined session in the IAM Infrastructure Trends & Concepts track, which will run 3:30 – 4:30 p.m. on Wednesday, May 14, 2014.

Panel – Security and Identity Challenges for the Internet of Everything

WSO2 Co-founder and CTO Paul Fremantle joins a panel of industry experts to explore the security challenges that the IoT brings, as well as emerging solutions. For example, standard approaches for security and identity, such as public key infrastructure (PKI), may not be appropriate or suitable for memory and CPU-constrained devices. Even when the device can handle asymmetric encryption, the key distribution may be a significant issue.

The panel session will cover identity, confidentiality, denial of service, privacy and other aspects and specifically how those are different in the IoT space. This session is aimed at professionals who understand identity and security issues and wish to understand how those concepts apply in the IoT space. It also will be relevant to IoT specialists looking to understand security issues.

Joining Paul will be KuppingerCole Managing Partner Rob Newby, serving as moderator, along with panelists: ForgeRock Vice President of Product Management John Barco, Safenet Vice President of CloudJason Hart, nexus CTO Per Hägerö, and NetIQ Senior Director of Solution Strategy Geoff Web.

The panel is part of a combined session in the Internet of Things track, which will run 5:00 – 6:00 p.m. on Thursday, May 15, 2014.

WSO2 Workshop: Federated Identity & Access Management

In advance of the conference, WSO2 will host an interactive workshop on best practices for implementing federated identity and access management.

WSO2 Director of Security Prabath Siriwardena will begin by discussing how—with data protection at the peak of scrutiny—identity and security are fundamental tools in the management of enterprise Web applications. He will review the growing challenges of identity and security management. Then Prabath will demonstrate how enterprise architects and developers can overcome these challenges and gain insight into key security standards and identity management for a service-oriented architecture (SOA).

Key topics Prabath will cover, include:

  •     Identity federation and provisioning: risks, challenges and best practices
  •     Identity federation gateway pattern
  •     Bring your own identity (BYOID)

The half-day workshop will be held 1:30 – 4:30 p.m. on May, 12, 2014, at The Charles Hotel in Munich. To learn more and register, visit

About the Presenters

Paul Fremantle is WSO2 co-founder and CTO, and he is co-chair of the OASIS Web Services Reliable eXchange Technical Committee. Recognized by InfoWorld as a Top 25 CTO, he was responsible for simultaneously leading development of the groundbreaking WSO2 Enterprise Service Bus and Apache Synapse ESB. Paul has played a pioneering role in open source development, beginning with the original Apache SOAP project and his role in leading IBM’s involvement in the Axis C/C++ project. Paul is a member of the Apache Software Foundation, and he previously served as vice president of the Apache Synapse project.

Prabath Siriwardena, WSO2 director of security, is a member of the OASIS Identity Metasystem Interoperability (IMI) Technical Committee (TC), OASIS XACML TC, and OASIS Security Services (SAML) TC. Prabath is also a member of the Apache Axis Project Management Committee (PMC). He has delivered talks at numerous international conferences.