ApacheCon NA 2015 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Security [clear filter]
Wednesday, April 15

9:00am CDT

InnerSource as the Anti-Silo: How Open Source Style Has Broken Silos While Strengthening Systems at PayPal - Cedric Williams, PayPal
Systems at an enterprise level have a reputation for complexity and fragility beyond the ken of mere mortals. As systems age their tech debts fade into history, the assignment of roles and responsibilities ossify, and business deal optimizations accumulate into Lovecraftian nightmares. Customers of these systems often end up unable to get new features or integrations added due to conflicts with the owning silo's priorities or their fear of catastrophic failure.

Using the principles of Open Source development has enabled PayPal to begin moving large scale systems development from a defensive and risk averse culture to one of flexibility and collaboration. This session will look at the pressures propping up the silos, explore one of the cases where we were able to break down the silo without breaking the system, and discuss some of the surprises that we found along the way.


Cedric Williams

Cedric Williams has been an Open Source advocate for over 25 years, helping people understand and adopt software in universities and businesses that transformed their operations. He has developed software for public and private organizations, working in industrial distribution, environmental... Read More →

Wednesday April 15, 2015 9:00am - 9:50am CDT
Zilker 3

10:00am CDT

One for All, All for One: How Apache Sentry Provides Unified Authorization for Hadoop Ecosystem - Prasad Mujumdar, Cloudera
Apache Sentry is a framework that enables fine grain, role based authorization for multiple Hadoop ecosystem components. Apache Sentry is a highly modular system that support authorization for various data models like Database style schemas, search indexes etc. It comes with out of the box support for SQL query frameworks like Apache Hive and Cloudera Impala Apache Hive, as well as open source search framework Apache Solr.
This session will present an overview this authorization policy engine and its advantages over other security choices available today.


Prasad Mujumdar

Prasad is a software engineer working at Cloudera. He's associated with various projects of Apache Hadoop ecosystem. He's a committer and PMC member of Apache Flume and Apache Sentry (Incubating) and also a committer on Apache Hive. Prior to Cloudera, Prasad was a senior software... Read More →

Wednesday April 15, 2015 10:00am - 10:50am CDT
Zilker 3

11:15am CDT

RBAC Enable Your Java Web Apps Using Apache Directory and Fortress - Shawn McKinney, Symas Corporation
Fortress has recently been added as sub-project to the Apache Directory project. This session will provide an overview of the project and its roadmap.

avatar for Shawn McKinney

Shawn McKinney

Software Architect, Symas
Over twenty-five years as software developer and architect. Most of that time specializing in software security. Started an open source project called Fortress.

Wednesday April 15, 2015 11:15am - 12:05pm CDT
Zilker 3

1:15pm CDT

The Anatomy of a Secure Web Application Using Java EE, Spring Security and Apache Directory Fortress - John Field, EMC
The Java EE architecture provides the necessary enablement but most developers do not have the time or the training to take full advantage of what it has to offer. This technical session describes and demos an end-to-end application security architecture for an Apache Wicket Web app running in Tomcat. It includes practical, hands-on guidance to properly implementing authentication, authorization, and confidentiality controls using Java EE, Spring and Apache Directory Fortress. In addition to finding out where the security controls must be placed and why, attendees will be provided with code they can use to kick-start their own highly secure Java web applications using Apache products and a few tricks.

avatar for John Field

John Field

Security Architect, Pivotal
John Field has more than 20 years experience in software development, system architectures, and information security. Currently a PM for Platform Security on Pivotal Cloud Foundry, John works on all aspects of security and compliance for the PaaS cloud. Prior to this role, John worked... Read More →

Wednesday April 15, 2015 1:15pm - 2:05pm CDT
Zilker 3

2:15pm CDT

Code Signing at the ASF - Mark Thomas, Pivotal
The ASF Infrastructure Team has recently introduced a code-signing service for Apache projects. This presentation will explain what the benefits of code signing, how code signing service at the ASF works and how projects can start using it.


Mark Thomas

Consultant Software Engineer, Pivotal
Mark is currently employed by Pivotal where he spends most of his time working on Apache Tomcat. At the Apache Software Foundation, Mark is a committer and PMC member for Apache Tomcat as well as other projects. At the foundation level he is an ASF member, a member of the security... Read More →

Wednesday April 15, 2015 2:15pm - 3:05pm CDT
Zilker 3
Filter sessions
Apply filters to sessions.