Case studies on Authentication, Authorization and Audit in SOA Environments Dr. Srini Kankanahalli.

Slides:

Advertisements

Similar presentations

National HIT Agenda and HIE John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.

Advertisements

NRL Security Architecture: A Web Services-Based Solution

Xavier Verhaeghe Vice President Oracle Security Solutions

1 ILANTUS Proprietary Jaunary 20, 2014 Enabling complete AGS features on ISIM Compliance Express – ISIM Integration.

Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.

Identity Management, what does it solve By Gautham Mudra.

Stephen S. Yau CSE , Fall Security Strategies.

Data Management Capabilities and Past Performance Dr. Srinivas Kankanahalli.

© Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.

SOA – Development Organization Yogish Pai. 2 IT organization are structured to meet the business needs LOB-IT Aligned to a particular business unit for.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

SecureAware Building an Information Security Management System.

SEC835 Database and Web application security Information Security Architecture.

IBM Software Group - IBM Systems Group © 2006 IBM Corporation IBM Software Group | IBM Systems Grouppage 1 Team Collaboration Software Selling Strategy.

Unify and Simplify: Security Management

Computer Science and Engineering 1 Service-Oriented Architecture Security 2.

HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.

Looking beyond the obvious!! HOW SECURE IS BANKS’ CORE DATA? Prashant Pande Head Professional Services IDBI Intech Ltd.

FEDERATIONS Clair Goldsmith, Ph.D., Associate Vice Chancellor and CIO September 27,

Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.

1 MIIS IAM Nationwide Journey - MIIS & IAM. 2 Agenda 1.Introduction Original objectives Definition of terms 2.MIIS 3.IAM Introduction Definition Approach.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

© 2005 IBM Corporation IBM Business-Centric SOA Event SOA on your terms and our expertise Operational Efficiency Achieved through People and SOA Martin.

Identity Assurance Emory University Security Conference March 26, 2008.

Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007.

19 October 2004Enterprise Architecture in WSRP Portal 1 Foreword: Building Enterprise Architecture Through WSRP in Sample EPA Regional Portal FEA Goals:

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Overview of Network Security. Network Security2 New Challenges 1.Security does not focus on a “product” only; it is a process and focuses on the whole.

Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Illinois Health Network The 14th Global Grid Forum Chicago, Illinois June 27, 2005.

Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.

Clouding with Microsoft Azure

Dr. Ir. Yeffry Handoko Putra

Data Management Capabilities and Past Performance

CS457 Introduction to Information Security Systems

Identity and Access Management

IST421: Advanced Systems and Enterprise Integration

ClearAvenue, LLC Headquartered in Columbia, Maryland

Grid Computing Security Mechanisms: the state-of-the-art

CIM Modeling for E&U - (Short Version)

Data and Applications Security Developments and Directions

Federated IdM Across Heterogeneous Clouding Environment

Virtualization & Security real solutions

Secure & Unified Identity

Company Overview & Strategy

Introduction to z/OS Security Lesson 4: There’s more to it than RACF

Identity & Access Management

Collaboration Oriented Architecture COA Position Paper An Overview

Web Information Systems Engineering (WISE)

Introduction to SOA Part II: SOA in the enterprise

OU BATTLECARD: Oracle Identity Management Training

Cloud Computing for Wireless Networks

Presentation transcript:

Case studies on Authentication, Authorization and Audit in SOA Environments Dr. Srini Kankanahalli

ClearAvenue, LLC Headquartered in Columbia, Maryland Focused on Systems Integration, Data Management, Information Security, Storage networking, Custom Software development Premier IBM Business Partner CMMi Maturity Level 3 clearAvenue, LLC is a 8(a) certified minority women owned Small Disadvantaged Business

Authentication, Authorization, and Audit– The Challenge Identity and Access Management is a major challenge for all federal agencies Multitude of Applications, Legacy as well as state-of the art Systems pose additional challenges The complexity of Federal laws as well as federal contracting regulations further adds to the complexity Comprehensive End-to-End Audits across multiple systems poses a significant challenge

Layers of Security Perimeter Defense Perimeter Defense Control Layer Assurance Layer Perimeter Defense Keep out unwanted with Firewalls Anti-Virus Intrusion Detection, etc. Control Layer Which users can come in? What can users see and do? Are user preferences supported? Can user privacy be protected? Assurance Layer Can I comply with regulations? Can I deliver audit reports? Am I at risk? Can I respond to security events?

SOA Security Encompass All Solution Layers 5 5 5 5 consumers SCA Portlet WSRP B2B Other SOA Security Identity Authentication Authorization & Privacy Auditing Confidentiality, Integrity and Availability Compliance Administration and Policy Management Service Consumer Service Consumer 4 4 4 4 business processes business processes process choreography process choreography 3 3 3 3 Services (Definitions) services atomic and composite atomic and composite 2 2 2 2 Service components Service Provider Service Provider 1 1 1 1 ISV SAP Packaged Custom Custom OO OO Outlook Packaged Application Custom Custom Application Application Application Application Application Application Application Operational systems Custom Apps Platform Supporting Middleware OS/390 Unix MQ DB2

Identity Management– the basis of comprehensive security

User Provisioning and De-provisioning User Provisioning across multiple enterprise systems poses significant challenges User De-provisioning is a greater challenge Role-based access and Role Management adds to the complexity Role Engineering encompasses very little “engineering” and lot of “Politics”

Implementing Role-based Access Control Successfully implemented RBAC with role-based provisioning to legacy as well as state-of the art systems A Role is a set of entitlements that has a “Business Context” Roles are not “cast in stone,” but is derived through a “trial and error” process Role Re-factoring has to be kept in mind during the design and implementation of any RBAC system

Role-based Access to Legacy and Modernized Systems

Legacy systems integration -- Seibel

Federated Identity Management-- Challenge In many situations, one federal agency has to communicate and access data from another agency This problem also may exist between multiple subdivisions of the same agency or organization The solution involves building and propagating trust across boundaries using industry standards Audits across agencies or subdivisions pose additional challenges

Federated Identity Management Across Multiple Organizations SAML Organization A Federated Identity Management Across Multiple Organizations Organization B

Federation Entities

SOA Federated Identity Management SAML TFIM SAML LDAP Internet Web Service Websphere ND

Multi-Factor Authentication There are multiple federal and commercial mandates for strong and Multi-factor authentication

Multi-factor based Certificate based Authentication architecture using IBM Tivoli Federated Identity manager

Conclusions We have implemented complex security patterns in multiple federal agencies Security is Multi-faceted and hence has to be carefully architected and implemented correctly The availability of multiple point products adds to the integration complexity Authentication, Authorization, Audit and Identity Management are all intertwined and has to be planned and implemented correctly to ensure that “Attack Surface” of an organization is minimized