Privacy and Security Track
Facebook Twitter LinkedIn

Privacy and Security Track

Combined Session
Thursday, May 12, 2022 12:00—13:00
Location: A03-04

Signing in the Rain: HTTP Message Signatures and Web Security

HTTP is an amazingly powerful protocol, and it's the lifeblood of the internet today. On the surface, it seems to be a simple protocol: send a request to a server and get back a response, and everything's structured in useful ways. HTTPS adds the TLS protocol to secure the connections between endpoints, protecting the messages with encryption and keeping them away from attacker's eyes. But what if you want to be sure the sender is the right sender, and what you see is what they sent? What if you've got a more complex deployment, with proxies and gateways in between your endpoints that mess with the contents of the message? What if you need assurances on the response as well as the request, and to tie them together? People have been trying to sign HTTP messages in various ways for a long time, but only recently has the HTTP Working Group picked up the problem. Come hear about the HTTP Message Signatures work from the draft specification's authors and see how it works, how to apply it, and talk about how it could change how we use the web.

Justin Richer
Justin Richer
Bespoke Engineering, LLC
Justin Richer is a security architect, software engineer, standards editor, and systems designer with over two decades of industry experience. He is the lead author of OAuth2 In Action and...

Privacy Enhancing Mobile Credentials

The Kantara Initiative is developing a standard and requirements so that organizations can demonstrate to their stakeholders that their commitments to privacy and data protection go beyond transactional and technical trust. At the end of the day people trust, or don't trust, organizations - not the technologies that the organizations use. This session will provide you with an up-to-date report on the development of these standards and requirements and also provide you with an opportunity to provide input into their development.

John Wunderlich
John Wunderlich
John Wunderlich & Associates
John Wunderlich is a data protection professional and expert witness who has worked and consulted about privacy, data protection, and security for over 20 years in multiple jurisdictions. He has...

The SolarWinds Hack and the Executive Order on Cybersecurity Happened - It Is Time to Prepare

Again and again, I am asked how one can start with the topic of security in an agile project environment. What are the essential first steps, and what should you focus on at the beginning? Of course, this raises the question of suitable methodologies and tools. At the same time, the strategic orientation of the company must be included in this security strategy. We have also learned in the recent past that attacks like the “Solarwinds Hack” are becoming more and more sophisticated and that the attackers now focus on the entire value chain. What tools are there, and where should they be used? How can I start tomorrow to prepare myself for the future against the challenges of cyber attacks? And that’s exactly what you will get an answer to here.

Sven Ruppert
Sven Ruppert
Sven Ruppert has been coding Java since 1996 in industrial projects, is working as Developer Advocate for JFrog and Groundbreaker Ambassador (former Oracle Developer Champion). He is regularly...


On-Demand Access
Re-live EIC 2022
Watch 200 sessions on-demand
Download all available presentations
Subscribe for updates
Please provide your email address