Charles Knouse

 

Cell 408-888-9061

charles_knouse@yahoo.com

 

OBJECTIVE:Software architect or principal developer in security, identity management, or web services.

 

STRENGTHS

         31 years of experience in software development: 17 in security software, 10 in web single sign-on and access control, 8 in federated identity management.

         Proven ability to quickly learn and apply new technology in varied environments.

         Superior technical communication skills demonstrated in customer and engineering training, conference papers, and a full-length book.

         Motivation to complete development of critical products for a startup company.

 

EXPERTISE

Standards:

JSON, XML, SAML, XACML, Liberty ID-WSF, WS-Trust, WS-Security, WS-Federation, XML-Signature, XML-Encryption, SOAP, HTTP, LDAP, SSL

Web Servers:

Apache HTTP, Microsoft IIS, Oracle OHS, iPlanet/Sun Web Server

App Servers:

Apache Tomcat, Oracle OC4J, BEA WebLogic, IBM WebSphere

Directories:

Microsoft Active Directory, Oracle OID, iPlanet/SUN Directory Server

Platforms:

FreeBSD, Windows XP/2003, Linux, Solaris, HP-UX, MPE/iX (HP proprietary)

Languages:

Java, C++, C, Perl, Pascal

Frameworks:

J2EE, .NET, COM

Tools:

Eclipse, Microsoft Development Studio, Perforce, ClearCase

 

EXPERIENCE

 

Citrix Systems (Santa Clara, CA)†††††††††

03/2008-present

Principal Software Development Engineer

 

NetScaler: web application delivery appliance for performance, high availability, and security

 

         Working on XML, SOAP, and Web 2.0 features for the NetScaler Application Firewall.

         Adapted a JSON parser to work with XML security and search features.

 

Hewlett-Packard (Cupertino, CA)††††††††††

09/2007-03/2008

Product Architect

 

HP Select Federation: cross-enterprise identity federation and web services

 

         Represented HP on the OASIS Security Services Technical Committee and the Liberty Alliance Technical Expert Group.

         Investigated federation authorization use cases using XACML.

         Designed and began implementation of a WS-Trust Security Token Service.

         Product line discontinued by HP.

 

Oracle Corporation (Redwood Shores, CA)††††††

07/2005-09/2007

Consulting Member of Technical Staff

 

Oracle Access Manager (OAM): enterprise web single sign-on and access control

Oracle Identity Federation (OIF): cross-enterprise identity federation

 

         Developed the next generation Access Manager architecture using WS-Trust and XACML.

         Evaluated OAM integrations with Bharosa/Oracle and Covelight/Radware fraud detection products.

         Designed extensions to JAAS to provide XACML fine grain authorization

         Providing consulting to resolve OAM and OIF problems and meet customer requirements.

         Implemented the WS-Federation Passive Requester Profile (Java J2EE).

         Implemented the SAML X.509 Attribute Sharing Profile (Java J2EE, C++).

 

         Co-inventor on three U.S. patents

o        7,185,364: Access system interface

o        7,231,661: Authorization services with external authentication

o        7,249,369: Post data processing

 

Juniper Networks (Sunnyvale, CA)††††††

12/2004-07/2005

Staff Engineer

 

NetScreen SA Series SSL VPN appliances: IVE (Instant Virtual Extranet)

 

         Implemented Host Checker endpoint compliance agent for Mac and Linux (Java, Perl).

         Fixed bugs and made enhancements (OCSP) to IVE X.509 certificate processing (C++).

         Implemented SAML 1.1 Consumer functionality for the IVE.

 

Oblix, Inc. (Cupertino, CA; acquired by Oracle 03/2005)†††††††††††

01/2000-12/2004

Architect

01/2004-12/2004

Principal Software Engineer

01/2000-01/2004

Oblix SHAREid: cross-enterprise identity federation

Oblix COREid: enterprise identity management, web single sign-on and access control

††††††††††††††††††††††††††††††††††††††††††††††††††

         Principal designer and implementer for

o        SHAREid implementation of the SAML 1.0/1.1 federation protocol (Java J2EE)

o        COREid web server plug-ins for iPlanet/SUN ONE and Microsoft IIS web servers (C++)

o        COREid Access Service and Management APIs (Java, C++, C, C# .NET)

o        COREid basic, form, and SSL client certificate authentication methods (C++)

o        COREid authorization plug-in for the Microsoft Authorization Manager (C++ COM)

         Oblix voting member of the OASIS standards organization

o        Member, OASIS Security Services Technical Committee (SAML) 2001-2005.

o        Member, OASIS Web Services Security Technical Committee (WS-Security) 2002-2004.

o        Editor, SAML Implementation Guidelines

         Participated in federation interoperability demonstrations at 2004 Microsoft TechEd Conference, 2004 RSA Conference, and 2002 Burton Group Conferences.

 

Hewlett-Packard (Cupertino, CA)††††††††††

06/1978-12/1999

 

Security Solutions Architect††††

06/1998-12/1999

HP Praesidium DomainGuard: web access management

 

         Developed web authentication interfaces for the Netscape Enterprise Server.

         Extended the DomainGuard ACL model to use authorization rules.

         Contributed to The Open Groupís Authorization API standard.

 

Software Design Engineer

08/1993-06/1998

HP Praesidium Authorization Server: DCE authorization service

†††††††††††††††††††††††††††††††††††††

         Designed and implemented client APIs and server security functions.

         Wrote a book, Practical DCE Programming, published by Prentice-Hall.

         Presented a paper on the Authorization Server to The Open Group.

 

Software Design Engineer

02/1991-08/1993

OSF Distributed Computing Environment (DCE): secure cross-platform client/server middleware

 

         Ported DCE Remote Procedure Call and Cell Directory Service to MPE/iX

         Participated in multi-vendor DCE interoperability testing sponsored by OSF.

         Presented papers on DCE to the HP Interex Userís Group.

 

 

 

Technical Contributor

06/1988-02/1991

Network Services/iX: networking software for the HP 3000

 

         Investigated performance issues, multiprocessor support and X.25 on the ISO OSI stack.

 

Project Manager

01/1986-06/1988

Network Services/3000: networking software for the HP 3000

 

         Managed five to seven engineers maintaining the released NS/3000 product.

         Planned enhancements and coordinated product releases.

 

Software Design Engineer

06/1978-01/1986

Network Services/3000 and Distributed Systems/3000: networking software

 

         Designed and implemented the server infrastructure and process management for NS/3000

         Maintained released versions of Distributed Systems/3000.

 

EDUCATION

M.S., Computer Science, University of Iowa, Iowa City, IA

09/1976-05/1978

B.A., Mathematics and Physics, Coe College, Cedar Rapids, IA

09/1972-05/1976

 

(March 18, 2009)