Charles Knouse


Cell 408-888-9061


OBJECTIVE:Software architect or principal developer in security, identity management, or web services.



         31 years of experience in software development: 17 in security software, 10 in web single sign-on and access control, 8 in federated identity management.

         Proven ability to quickly learn and apply new technology in varied environments.

         Superior technical communication skills demonstrated in customer and engineering training, conference papers, and a full-length book.

         Motivation to complete development of critical products for a startup company.




JSON, XML, SAML, XACML, Liberty ID-WSF, WS-Trust, WS-Security, WS-Federation, XML-Signature, XML-Encryption, SOAP, HTTP, LDAP, SSL

Web Servers:

Apache HTTP, Microsoft IIS, Oracle OHS, iPlanet/Sun Web Server

App Servers:

Apache Tomcat, Oracle OC4J, BEA WebLogic, IBM WebSphere


Microsoft Active Directory, Oracle OID, iPlanet/SUN Directory Server


FreeBSD, Windows XP/2003, Linux, Solaris, HP-UX, MPE/iX (HP proprietary)


Java, C++, C, Perl, Pascal




Eclipse, Microsoft Development Studio, Perforce, ClearCase




Citrix Systems (Santa Clara, CA)†††††††††


Principal Software Development Engineer


NetScaler: web application delivery appliance for performance, high availability, and security


         Working on XML, SOAP, and Web 2.0 features for the NetScaler Application Firewall.

         Adapted a JSON parser to work with XML security and search features.


Hewlett-Packard (Cupertino, CA)††††††††††


Product Architect


HP Select Federation: cross-enterprise identity federation and web services


         Represented HP on the OASIS Security Services Technical Committee and the Liberty Alliance Technical Expert Group.

         Investigated federation authorization use cases using XACML.

         Designed and began implementation of a WS-Trust Security Token Service.

         Product line discontinued by HP.


Oracle Corporation (Redwood Shores, CA)††††††


Consulting Member of Technical Staff


Oracle Access Manager (OAM): enterprise web single sign-on and access control

Oracle Identity Federation (OIF): cross-enterprise identity federation


         Developed the next generation Access Manager architecture using WS-Trust and XACML.

         Evaluated OAM integrations with Bharosa/Oracle and Covelight/Radware fraud detection products.

         Designed extensions to JAAS to provide XACML fine grain authorization

         Providing consulting to resolve OAM and OIF problems and meet customer requirements.

         Implemented the WS-Federation Passive Requester Profile (Java J2EE).

         Implemented the SAML X.509 Attribute Sharing Profile (Java J2EE, C++).


         Co-inventor on three U.S. patents

o        7,185,364: Access system interface

o        7,231,661: Authorization services with external authentication

o        7,249,369: Post data processing


Juniper Networks (Sunnyvale, CA)††††††


Staff Engineer


NetScreen SA Series SSL VPN appliances: IVE (Instant Virtual Extranet)


         Implemented Host Checker endpoint compliance agent for Mac and Linux (Java, Perl).

         Fixed bugs and made enhancements (OCSP) to IVE X.509 certificate processing (C++).

         Implemented SAML 1.1 Consumer functionality for the IVE.


Oblix, Inc. (Cupertino, CA; acquired by Oracle 03/2005)†††††††††††




Principal Software Engineer


Oblix SHAREid: cross-enterprise identity federation

Oblix COREid: enterprise identity management, web single sign-on and access control


         Principal designer and implementer for

o        SHAREid implementation of the SAML 1.0/1.1 federation protocol (Java J2EE)

o        COREid web server plug-ins for iPlanet/SUN ONE and Microsoft IIS web servers (C++)

o        COREid Access Service and Management APIs (Java, C++, C, C# .NET)

o        COREid basic, form, and SSL client certificate authentication methods (C++)

o        COREid authorization plug-in for the Microsoft Authorization Manager (C++ COM)

         Oblix voting member of the OASIS standards organization

o        Member, OASIS Security Services Technical Committee (SAML) 2001-2005.

o        Member, OASIS Web Services Security Technical Committee (WS-Security) 2002-2004.

o        Editor, SAML Implementation Guidelines

         Participated in federation interoperability demonstrations at 2004 Microsoft TechEd Conference, 2004 RSA Conference, and 2002 Burton Group Conferences.


Hewlett-Packard (Cupertino, CA)††††††††††



Security Solutions Architect††††


HP Praesidium DomainGuard: web access management


         Developed web authentication interfaces for the Netscape Enterprise Server.

         Extended the DomainGuard ACL model to use authorization rules.

         Contributed to The Open Groupís Authorization API standard.


Software Design Engineer


HP Praesidium Authorization Server: DCE authorization service


         Designed and implemented client APIs and server security functions.

         Wrote a book, Practical DCE Programming, published by Prentice-Hall.

         Presented a paper on the Authorization Server to The Open Group.


Software Design Engineer


OSF Distributed Computing Environment (DCE): secure cross-platform client/server middleware


         Ported DCE Remote Procedure Call and Cell Directory Service to MPE/iX

         Participated in multi-vendor DCE interoperability testing sponsored by OSF.

         Presented papers on DCE to the HP Interex Userís Group.




Technical Contributor


Network Services/iX: networking software for the HP 3000


         Investigated performance issues, multiprocessor support and X.25 on the ISO OSI stack.


Project Manager


Network Services/3000: networking software for the HP 3000


         Managed five to seven engineers maintaining the released NS/3000 product.

         Planned enhancements and coordinated product releases.


Software Design Engineer


Network Services/3000 and Distributed Systems/3000: networking software


         Designed and implemented the server infrastructure and process management for NS/3000

         Maintained released versions of Distributed Systems/3000.



M.S., Computer Science, University of Iowa, Iowa City, IA


B.A., Mathematics and Physics, Coe College, Cedar Rapids, IA



(March 18, 2009)