ClearAvenue, LLC Headquartered in Columbia, Maryland

Slides:

Advertisements

Similar presentations

Connected Health Framework

Advertisements

National HIT Agenda and HIE John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Welcome to Middleware Joseph Amrithraj

NRL Security Architecture: A Web Services-Based Solution

Xavier Verhaeghe Vice President Oracle Security Solutions

1 ILANTUS Proprietary Jaunary 20, 2014 Enabling complete AGS features on ISIM Compliance Express – ISIM Integration.

Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Identity Management, what does it solve By Gautham Mudra.

Stephen S. Yau CSE , Fall Security Strategies.

Data Management Capabilities and Past Performance Dr. Srinivas Kankanahalli.

© Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.

SOA – Development Organization Yogish Pai. 2 IT organization are structured to meet the business needs LOB-IT Aligned to a particular business unit for.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

SecureAware Building an Information Security Management System.

SEC835 Database and Web application security Information Security Architecture.

Unify and Simplify: Security Management

Computer Science and Engineering 1 Service-Oriented Architecture Security 2.

HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.

Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

Navigating IT Solutions.Delivering Results. Bay State Proprietary l CAPABILITY BRIEFING FOR MITRE 12TH SERVICE ORIENTED ARCHITECTURE.

Network Perimeter Defense Josef Pojsl, Martin Macháček, Trusted Network Solutions, Inc.

Identity Assurance Emory University Security Conference March 26, 2008.

Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007.

19 October 2004Enterprise Architecture in WSRP Portal 1 Foreword: Building Enterprise Architecture Through WSRP in Sample EPA Regional Portal FEA Goals:

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Overview of Network Security. Network Security2 New Challenges 1.Security does not focus on a “product” only; it is a process and focuses on the whole.

Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.

Clouding with Microsoft Azure

Dr. Ir. Yeffry Handoko Putra

Data Management Capabilities and Past Performance

CS457 Introduction to Information Security Systems

Identity and Access Management

IST421: Advanced Systems and Enterprise Integration

Case studies on Authentication, Authorization and Audit in SOA Environments Dr. Srini Kankanahalli.

Grid Computing Security Mechanisms: the state-of-the-art

CIM Modeling for E&U - (Short Version)

Data and Applications Security Developments and Directions

Federated IdM Across Heterogeneous Clouding Environment

Introduction to the Federal Defense Acquisition Regulation

Threat Management Gateway

Virtualization & Security real solutions

Secure & Unified Identity

Company Overview & Strategy

Identity Infrastructure Fundamentals and Key Capabilities

Core Platform The base of EmpFinesse™ Suite.

Identity & Access Management

Collaboration Oriented Architecture COA Position Paper An Overview

Introduction to SOA Part II: SOA in the enterprise

IT Management Services Infrastructure Services

OU BATTLECARD: Oracle Identity Management Training

Cloud Computing for Wireless Networks

Presentation transcript:

Case studies on Authentication, Authorization and Audit in SOA Environments Dr. Srini Kankanahalli

ClearAvenue, LLC Headquartered in Columbia, Maryland Focused on Systems Integration, Data Management, Information Security, Storage networking, Custom Software development Premier IBM Business Partner CMMi Maturity Level 3 clearAvenue, LLC is a 8(a) certified minority women owned Small Disadvantaged Business

Authentication, Authorization, and Audit– The Challenge Identity and Access Management is a major challenge for all federal agencies Multitude of Applications, Legacy as well as state-of the art Systems pose additional challenges The complexity of Federal laws as well as federal contracting regulations further adds to the complexity Comprehensive End-to-End Audits across multiple systems poses a significant challenge Security is a major challenge for most organizations because of the threats. In federal agencies, it is even more complicated by the various federal mandates as well as complex federal contracts and contracting rules. Performing end-to-end audits, while a Certification and Accreditation mandate, poses significant challenges.

Layers of Security Perimeter Defense Control Layer Assurance Layer Keep out unwanted with Firewalls Anti-Virus Intrusion Detection, etc. Perimeter Defense Control Layer Assurance Layer Control Layer Which users can come in? What can users see and do? Are user preferences supported? Can user privacy be protected? Security involves a multitude of technologies, products and processes. The notion of defense in depth is illustrated. Every layer has a different role and poses different challenges Assurance Layer Can I comply with regulations? Can I deliver audit reports? Am I at risk? Can I respond to security events?

Services (Definitions) Supporting Middleware SOA Security Encompass All Solution Layers 5 5 5 5 consumers SCA Portlet WSRP B2B Other SOA Security Identity Authentication Authorization & Privacy Auditing Confidentiality, Integrity and Availability Compliance Administration and Policy Management Service Consumer Service Consumer 4 4 4 4 business processes business processes process choreography process choreography 3 3 3 3 Services (Definitions) services atomic and composite atomic and composite 2 2 2 2 Service components Service Provider Service Provider 1 1 1 1 ISV SAP Packaged Custom Custom OO OO While there is lot of talk around Service Oriented Architecture, implementing SOA poses multiple challenges. One of the major challenges is the propogation of identity across multiple services Outlook Packaged Application Custom Custom Application Application Application Application Application Application Application Operational systems Custom Apps Platform Supporting Middleware OS/390 Unix MQ DB2

Identity Management– the basis of comprehensive security Identity management is one of the main pillars of comprehensive security.

User Provisioning and De-provisioning User Provisioning across multiple enterprise systems poses significant challenges User De-provisioning is a greater challenge Role-based access and Role Management adds to the complexity Role Engineering encompasses very little “engineering” and lot of “Politics”

Implementing Role-based Access Control Successfully implemented RBAC with role-based provisioning to legacy as well as state-of the art systems A Role is a set of entitlements that has a “Business Context” Roles are not “cast in stone,” but is derived through a “trial and error” process Role Re-factoring has to be kept in mind during the design and implementation of any RBAC system

Role-based Access to Legacy and Modernized Systems

Legacy systems integration -- Seibel

Federated Identity Management-- Challenge In many situations, one federal agency has to communicate and access data from another agency This problem also may exist between multiple subdivisions of the same agency or organization The solution involves building and propagating trust across boundaries using industry standards Audits across agencies or subdivisions pose additional challenges

Organization B Organization A SAML Organization A Federated Identity Management Across Multiple Organizations

Federation Entities

SOA Federated Identity Management SAML TFIM SAML LDAP Internet Web Service Websphere ND

Multi-Factor Authentication There are multiple federal and commercial mandates for strong and Multi-factor authentication

Multi-factor based Certificate based Authentication architecture using IBM Tivoli Federated Identity manager

Conclusions We have implemented complex security patterns in multiple federal agencies Security is Multi-faceted and hence has to be carefully architected and implemented correctly The availability of multiple point products adds to the integration complexity Authentication, Authorization, Audit and Identity Management are all intertwined and has to be planned and implemented correctly to ensure that “Attack Surface” of an organization is minimized