Charles Knouse

Cell 408-888-9061

OBJECTIVE: Software architect or principal developer in security, identity management, or web services.
STRENGTHS
  • 31 years of experience in software development: 17 in security software, 10 in web single sign-on and access control, 8 in federated identity management.
  • Proven ability to quickly learn and apply new technology in varied environments.
  • Superior technical communication skills demonstrated in customer and engineering training, conference papers, and a full-length book.
  • Motivation to complete development of critical products for a startup company.
EXPERTISE
Standards: / JSON, XML, SAML, XACML, Liberty ID-WSF, WS-Trust, WS-Security, WS-Federation, XML-Signature, XML-Encryption, SOAP, HTTP, LDAP, SSL
Web Servers: / Apache HTTP, Microsoft IIS, Oracle OHS, iPlanet/Sun Web Server
App Servers: / Apache Tomcat, Oracle OC4J, BEA WebLogic, IBM WebSphere
Directories: / Microsoft Active Directory, Oracle OID, iPlanet/SUN Directory Server
Platforms: / FreeBSD, Windows XP/2003, Linux, Solaris, HP-UX, MPE/iX (HP proprietary)
Languages: / Java, C++, C, Perl, Pascal
Frameworks: / J2EE, .NET, COM
Tools: / Eclipse, Microsoft Development Studio, Perforce, ClearCase

EXPERIENCE

Citrix Systems (Santa Clara, CA) / 03/2008-present
Principal Software Development Engineer

NetScaler: web application delivery appliance for performance, high availability, and security

  • Working on XML, SOAP, and Web 2.0 features for the NetScaler Application Firewall.
  • Adapted a JSON parser to work with XML security and search features.

Hewlett-Packard (Cupertino, CA) / 09/2007-03/2008
Product Architect

HP Select Federation: cross-enterprise identity federation and web services

  • Represented HP on the OASISSecurity Services Technical Committee and the Liberty Alliance Technical Expert Group.
  • Investigated federation authorization use cases using XACML.
  • Designed and began implementation of a WS-Trust Security Token Service.
  • Product line discontinued by HP.

Oracle Corporation (Redwood Shores, CA) / 07/2005-09/2007
Consulting Member of Technical Staff

Oracle Access Manager (OAM): enterprise web single sign-on and access control

Oracle Identity Federation (OIF): cross-enterprise identity federation

  • Developed the next generation Access Manager architecture using WS-Trust and XACML.
  • Evaluated OAM integrations with Bharosa/Oracle and Covelight/Radware fraud detection products.
  • Designed extensions to JAAS to provide XACML fine grain authorization
  • Providing consulting to resolve OAM and OIF problems and meet customer requirements.
  • Implemented the WS-Federation Passive RequesterProfile (Java J2EE).
  • Implemented the SAML X.509 Attribute Sharing Profile (Java J2EE, C++).
  • Co-inventor on three U.S. patents
  • 7,185,364: Access system interface
  • 7,231,661: Authorization services with external authentication
  • 7,249,369: Post data processing

Juniper Networks (Sunnyvale, CA) / 12/2004-07/2005
Staff Engineer

NetScreen SA Series SSL VPN appliances: IVE (Instant Virtual Extranet)

  • Implemented Host Checker endpoint compliance agent for Mac and Linux (Java, Perl).
  • Fixed bugs and made enhancements (OCSP) to IVE X.509 certificate processing (C++).
  • Implemented SAML 1.1 Consumer functionality for the IVE.

Oblix, Inc. (Cupertino, CA; acquired by Oracle 03/2005) / 01/2000-12/2004
Architect / 01/2004-12/2004
Principal Software Engineer / 01/2000-01/2004

Oblix SHAREid: cross-enterprise identity federation

Oblix COREid: enterprise identity management, web single sign-on and access control

  • Principal designer and implementer for
  • SHAREid implementation of the SAML 1.0/1.1 federation protocol (Java J2EE)
  • COREid web server plug-ins for iPlanet/SUN ONE and Microsoft IIS web servers (C++)
  • COREid Access Service and Management APIs (Java, C++, C, C# .NET)
  • COREid basic, form, and SSL client certificate authentication methods (C++)
  • COREid authorization plug-in for the Microsoft Authorization Manager (C++ COM)
  • Oblix voting member of the OASIS standards organization
  • Member, OASIS Security Services Technical Committee (SAML) 2001-2005.
  • Member, OASIS WebServices Security Technical Committee (WS-Security) 2002-2004.
  • Editor, SAML Implementation Guidelines
  • Participated in federation interoperability demonstrations at 2004 Microsoft TechEd Conference, 2004 RSA Conference, and 2002 Burton Group Conferences.

Hewlett-Packard (Cupertino, CA) / 06/1978-12/1999
Security Solutions Architect / 06/1998-12/1999

HP Praesidium DomainGuard: web access management

  • Developed web authentication interfaces for the Netscape Enterprise Server.
  • Extended the DomainGuard ACL model to use authorization rules.
  • Contributed to The Open Group’s Authorization API standard.

Software Design Engineer / 08/1993-06/1998

HP Praesidium AuthorizationServer: DCE authorization service

  • Designed and implemented client APIs and server security functions.
  • Wrote a book, Practical DCE Programming, published by Prentice-Hall.
  • Presented a paper on the Authorization Server to The Open Group.

Software Design Engineer / 02/1991-08/1993

OSF Distributed Computing Environment (DCE): secure cross-platform client/server middleware

  • Ported DCE Remote Procedure Call and Cell Directory Service to MPE/iX
  • Participated in multi-vendor DCE interoperability testing sponsored by OSF.
  • Presented papers on DCE to the HP Interex User’s Group.

Technical Contributor / 06/1988-02/1991

Network Services/iX: networking software for the HP 3000

  • Investigated performance issues, multiprocessor support and X.25 on the ISO OSI stack.

Project Manager / 01/1986-06/1988

Network Services/3000: networking software for the HP 3000

  • Managed five to seven engineers maintaining the released NS/3000 product.
  • Planned enhancements and coordinated product releases.

Software Design Engineer / 06/1978-01/1986

Network Services/3000 and Distributed Systems/3000: networking software

  • Designed and implemented the server infrastructure and process management for NS/3000
  • Maintained released versions of Distributed Systems/3000.
EDUCATION
M.S., Computer Science, Universityof Iowa, Iowa City, IA / 09/1976-05/1978
B.A., Mathematics and Physics, CoeCollege, Cedar Rapids, IA / 09/1972-05/1976

(March 18, 2009)