Proposed SACM Architecture

Slides:

Advertisements

Similar presentations

Unlicensed Mobile Access (UMA) Dasun Weerasinghe School of Engineering and Mathematical Sciences City University London.

Advertisements

SACM Terminology Nancy Cam-Winget, David Waltermire, March.

Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.

Automated XML Content Data Exchange and Management draft-waltermire-content-repository-00

Authorization architecture sketches draft-selander-core-access-control-02 draft-gerdes-core-dcaf-authorize-02 draft-seitz-ace-design-considerations-00.

PostalOne! / FAST Data Exchange - Vision 02/15/05.

PS Security By Deviprasad. Agenda Components of PS Security Security Model User Profiles Roles Permission List. Dynamic Roles Static Roles Building Roles/Rules.

SACM Requirements Nancy Cam-Winget March 2014.

Terminology and Use Cases Status Report David Harrington IETF 88 – Nov Security Automation and Continuous Monitoring WG.

SACM Scope Discussion IETF-92 Meeting March 23, 2015 Dave Waltermire Adam Montville.

Create Content Capture Content Review Content Edit Content Version Content Version Content Translate Content Translate Content Format Content Transform.

NSDL & Access Management David Millman Columbia University Jan ‘02.

Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:

Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:

® IBM Software Group ©IBM Corporation IBM Information Server Architecture Overview.

5th TF-EMC2 Meeeting. Zagreb How AA-RR Says “Hello, SAML” José Manuel Macías Diego R. Lopez.

WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.

RepNet/RSP “Supporting and Engancing your Repository” Workshop BSC - London 21 th January, 2013 Pablo de Castro

Proposed SACM Architecture Ad-hoc SACM Arch team July 2014.

Continuous Assessment Protocols for SACM draft-hanna-sacm-assessment-protocols-00.txt November 5, 20121IETF 85 - SACM Meeting.

1 Session Recording Protocol Requirements and Charter IETF 76, Hiroshima Andy Hutton and Leon Portman on behalf of the team Draft authors: Kenneth Rehor,

SAML & OAuth V2 Nov 19/09. Goals Explore (useful) combinations of SAML & Oauth Builds on 2008 proposal from Ping ID for combining SAML SSO & Oauth authz.

1 OASIS BDX TC - March BDX Technical Committee Addressing Mechanism or BDX Technical Committee Addressing Mechanism or "how do I find where to send.

EGI Applications Database

Firewall Issues Research Group GGF-15 Oct Boston, Ma Leon Gommans - University of Amsterdam Inder Monga - Nortel Networks.

VIRTUALIZATION & CLOUD COMPUTING

Capabilities Matrix Access and Authentication

Proposed SFD Text for ai Link Setup Procedure

An Overview of Data-PASS Shared Catalog

The OpenAIRE infrastructure

DI4R, 30th September 2016, Krakow

Discussions on FILS Authentication

System Directory for Document Sharing (SDDS)

CRC exercises Not happy with the way the document for testbed architecture is progressing More a collection of contributions from the mware groups rather.

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

TGai Guideline for Submissions to TGai Template Slides

Introduction to Cisco Identity Services Engine (ISE)

Jazz/DM Architecture with respect to the conceptual framework

draft-fitzgeraldmckay-sacm-endpointcompliance-00

Agenda item 2.3 Report of OPAG ISS Matteo dell’Acqua

Fast Authentication in TGai

Solutions for federated services management EGI

Firewalls and GMPLS Networks: A token based approach

Security & .NET 12/1/2018.

Doug Bellows – Inteliquent 10/4/2018

Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li University of Pittsburgh, Pittsburgh, PA Hui Ling.

EOSC Overall Architecture Donatella Castelli CNR-ISTI

ACS Architecture

Probe Request and Response in TGai

Initial Risk Assessment (Day 2):

PREPARED BY: RIDDHI PATEL (09CE085)

AAI Architectures – current and future

Issues Mechanisms to discover and validate CAP feeds

ACS Architecture.

CIPSEC architecture CIPSEC workshop Frankfurt 16/10/2018

Month Year doc.: IEEE yy/xxxxr0

Metadata The metadata contains

AAA: A Survey and a Policy- Based Architecture and Framework

Fast Authentication in TGai

Access Control Mechanism for FILS

a middleware implementation

UPortal Meets Campus-wide Login at UBC Paul Zablosky ITServices The University of British Columbia Slide 1.

Engine Part ID Part 1.

Engine Part ID Part 2.

Engine Part ID Part 2.

Month Year doc.: IEEE yy/xxxxr0 May 2012

Month Year doc.: IEEE yy/xxxxr0

Fast passive scan for FILS

Henk Birkholz Jarret Lu Nancy Cam-Winget

Presentation transcript:

Proposed SACM Architecture Ad-hoc SACM Arch team May 2014

Proposed SACM Architecture Architecture defines the components or “actors” that communicate or interface with each other The interfaces define the means by which Posture Information (e.g. data model) is sent or received The means by which a provider or requestor can provide its metadata and address security access controls is defined through a “control plane”

SACM Architecture - Conceptual Posture Assessment Information Requestor Posture Assessment Information Requestor Posture Assessment Information Requestor Control Plane Data Plane Broker/Proxy/Repository: authZ, directory, metadata/capability Posture Assessment Information Requestor Posture Assessment Information Requestor Posture Assessment Information Provider A Component is a Posture Assessment Requestor (R) or a Posture Assessment Provider (P) The data plane is where Posture Assessment Requestors (Rs) and Posture Assessment Providers (Ps) exchange information An “Actor” can be a R or a P or both A control plane is introduced to allow for Actors to establish the security mechanisms (e.g. authentication, authorization, key management and secure communication link) An individual actor (such as a posture assessment validator) may act as both an information requestor and an information provider. Different types of information providers may offer different types / levels of information (e.g. metadata or data profile)

Conceptual architecture based on Use Cases Posture Assessment (Info) Requestor Posture Assessment (Info) Requestor Posture Assessment (Info) Requestor Admin Sensor Other Driven thru a single Information Model /Taxonomy Posture Assessment Information Provider Posture Assessment Information Provider Posture Assessment Information Provider Posture Collector Posture Validator Posture Aggregator Application

SACM Architecture - Example [R] = Posture Assessment Information Requestor Endpoint Assessment [P] [P]=Posture Assessment Information Provider CMDB [RP] Analysis [RP] Response [RP] Other [P] Other [R] Vulnerability Scanner [RP] Repository Physical Security [RP] Broker Proxy Control Plane Dashboard [R] SIM / SEM [RP] AAA [RP] Sensor [P] Analytics Engine [R] Posture Aggregator [RP] Posture Collector [P] Posture Validator [RP] IDS [P]

Q & A