© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number 09-017 Norman F. Brickman, Roger.

Slides:



Advertisements
Similar presentations
 Jan Alexander Program Manager Microsoft Corporation BB43.
Advertisements

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.
Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft
Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
.NET Framework V3.0 Mike Taulty Developer & Platform Group Microsoft Ltd
Adoption Time Single paradigm, mature tools, stable design patterns and frameworks Software developer’s comfort zone Competing paradigms, no tools,
WS-Security TC Christopher Kaler Kelvin Lawrence.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…
Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010.
Prashanth Kumar Muthoju
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
An Introduction to Information Card Barry Dorrans Charteris plc
David Chappell Chappell & Associates
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Web Service Standards, Security & Management Chris Peiris
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
Enterprise Identity Steve Plank – Microsoft Ivor Bright – Charteris Dave Nesbitt – Oxford Computer Group.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Windows Azure Dave Glover Developer Evangelist Microsoft Australia Tel:
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
ArcGIS Server and Portal for ArcGIS An Introduction to Security
Configuring Directory Certificate Services Lesson 13.
Secure Systems Research Group - FAU Using patterns to compare web services standards E. Fernandez and N. Delessy.
WS-Trust Joseph Calandrino Vincent Noël Department of Computer Science University of Virginia February 9, 2004.
17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.
Random Logic l Forum.NET l Web Services Enhancements for Microsoft.NET (WSE) Forum.NET ● October 4th, 2006.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
WS-Trust “From each,according to his ability;to each, according to his need. “ Karl marx Ahmet Emre Naza Selçuk Durna
January 19, 2005 Andrew Nash Chief Technology Officer, Reactivity xmlCoP Interoperable Trust Networks.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
Semantic Web Technologies Research Topics and Projects discussion Brief Readings Discussion Research Presentations.
© 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Security & Identity : From present to future Matt Flaherty, IBM Mary Ruddy, Meristic.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
Infrastructure Service Approach to Handling Security in Service-Oriented Architecture Business Applications Doina Iepuras.
PAPI: Simple and Ubiquitous Access to Internet Information Services JISC/CNI Conference - Edinburgh, 27 June 2002.
Creating and Managing Digital Certificates Chapter Eleven.
Web Services Security Patterns Alex Mackman CM Group Ltd
Security Assertion Markup Language (SAML) Interoperability Demonstration.
Interfederation RL “Bob” Morgan University of Washington and Internet2 Internet2 Member Meeting Chicago, Illinois December 2006.
Linus Joyeux Valerie Alonso Managing consultantLead consultant blue-infinity (Switzerland) Active Directory Federation Services v2.
Andrew J. Hewatt, Gayatri Swamynathan and Michael T. Wen Department of Computer Science, UC-Santa Barbara A Case Study of the WS-Security Framework.
Claims-based security with Windows Identity Foundation.
In Vivo Imaging Middleware — Phase 6 Ashish Sharma, Tony Pan, Y. Nadir Saghar.
August 3, 2004WSRP Technical Committee WSRP v2 leveraging WS-Security 1. Motivation 2. WS-Securtiy Roadmap and Status 3. WSRP Use Cases 4. Strawman/Issues.
Copyright © 2007 Microsoft Corporation. All Rights Reserved. Claims-based Identity Beyond Identity Silos 1st European Identity Conference 2007 Don Schmidt.
ESRIN, 15 July 2009 Slide 1 Web Service Security support in the SSE Toolbox HMA-T Phase 2 FP 14 December 2009 S. Gianfranceschi, Intecs.
Introduction to Windows Azure AppFabric
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Windows Azure AppFabric
InfiNET Solutions 5/21/
Presentation transcript:

© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number Norman F. Brickman, Roger Westman, SOA and Browsers Is A Common Infrastructure Emerging?

© 2009 The MITRE Corporation. All rights Reserved. SOA and Browsers Is A Common Infrastructure Emerging? Norman F. Brickman, Roger Westman, April 28, 2009 MITRE Public Release Statement Case Number

© 2009 The MITRE Corporation. All rights Reserved. 3 Agenda: ■Purpose of presentation ■Transactions – SOA versus Web browser –Both can be based on SOAP + WS-Star ■Federation Needs – SOA versus Web browser –Both can be based on SOAP + WS-Trust + WS-Policy ■Information Cards –Browser strategic technology based on SOAP + WS-Star –Introduction & Live Demo ■SOA Service Chaining –Introduction & Live Demo ■Summary

© 2009 The MITRE Corporation. All rights Reserved. 4 Purpose of Presentation ■Discuss an emerging common protocol -- for both SOA & Web browser –SOAP, WS-Trust, WS-Policy, WS-Security, WS-MEX, others ■Review the common environments –SOA / SOAP –Browser – Information Cards ■Demonstrate both –Information Cards –SOA SOAP Service Chaining with WS-Trust / STS ■Potential impact & benefits

© 2009 The MITRE Corporation. All rights Reserved. 5 Introduction – SOA Transactions ■M achine to machine communications. –SOA consumer to SOA service producer ■Two primary modes –REST ■Simple to use, easier to learn. ■Smaller learning curve ■Capitalizes on the Web HTTP infrastructure –SOAP + WS-Trust + WS-Policy + other WS-Star ■Designed to handle distributed computing environments ■Built-in error handling (faults) ■Has established underlying standards (WS-Star) for security, policy, reliable messaging, security tokens, etc. ■Has integrated standards combining policy extraction and security token handling with the actual transaction

© 2009 The MITRE Corporation. All rights Reserved. 6 SOA Sequence of Operations

© 2009 The MITRE Corporation. All rights Reserved. 7 Introduction – Browser Transactions ■Well established, HTTP foundation ■Information Cards –New, standards-based, integrates several protocols –HTML + SOAP + WS-Trust + WS-Policy + other WS-Star ■Integrated 4-step transaction protocol ■Higgins Project and Cardspace and others ■Emerging technology. Not yet universally accepted. ■Promising security paradigms ■Targeted for secure integration of identity and attribute information ­Strategic approach for Cloud Computing

© 2009 The MITRE Corporation. All rights Reserved. Transaction Protocol Pattern – Browser with Information Cards Identity Provider (IP-STS) Relying Party (RP) Client (User’s Laptop) Client attempts to Access a resource 1 User 4 User selects an IdP 5 Request security token (WS-Trust) 6 Return security token based on RP-STS’s requirements STS Usage - Web Browser - Information Cards - Operation with RP-STS Original chart obtained from Steve Woodward, Microsoft, and modified 2 Retrieves access policy information 7 User approves release of token Blue = Human actions Identity Selector pops up. (Choose an Identity Provider which satisfies requirements) 3 Form + Token released to RP 8

© 2009 The MITRE Corporation. All rights Reserved. 9 Federation ■Increasingly required –No need to pre-register your system users ■Based on passing of security tokens ■SOA SOAP standards-based approach –WS-Trust -- Security Token Service (STS) for security tokens ■Browser –Information Cards ■Same federation approach as SOA SOAP –Several other protocols to choose from!

© 2009 The MITRE Corporation. All rights Reserved. Federation Technologies -- Web Browser

© 2009 The MITRE Corporation. All rights Reserved. 11 Live Demonstration -- Information Cards ■Information Card presence in Windows XP –CardSpace ■Obtain a managed Information Card –Uses attributes from the MITRE employee Active Directory –Authentication based on Login/Password ■Configurable to CAC card, software cert, security token, etc ■Access Control –Use the Information Card for authentication and authorization –Use ABAC to control access to targets

© 2009 The MITRE Corporation. All rights Reserved. 12 Live Demonstration – SOA Service Chaining ■MITRE Service Chaining Investigation –Collaboration / joint sponsorship of several agencies –Initial investigation topics: identity handling, security tokens, WS-Security, SAML, SOAP, STS interoperability, encryption and digital signature, best practices, general issues –Demonstration shows transaction communications for: ■SOAP, WS-Trust, SAML security token, User access to portal

© 2009 The MITRE Corporation. All rights Reserved. 13 Live Demonstration – SOA Service Chaining ■Demonstration of one step in a chain –User access to portal –Portal obtains security token(s) from STS –SOAP-based transaction to target service

© 2009 The MITRE Corporation. All rights Reserved. 14 Commercial Marketplace Summary ■SOA and SOAP and WS-Security –Participation by all major vendors ■WS-Trust –Issuance of security tokens –IBM, Oracle, Microsoft, Ping Identity, Layer 7, etc ■WS-SecurityPolicy –Established standard –Integrated with Information Card operations ■SOA usage is now getting established ■SAML for security token assertions –All vendors participate –Interoperability is “fairly well” established

© 2009 The MITRE Corporation. All rights Reserved. 15 Potential Payoff ■Promising Security –Three levels ■Network, message, security token –True end-to-end security –WS-Security framework for security tokens –SAML compatible –Better ABAC (Attribute Based Access Control) ■Access requirements are integrated with the protocol ■One common infrastructure –Administration –Cost advantages ■Authentication and authorization characteristics compatible with Cloud Computing requirements

© 2009 The MITRE Corporation. All rights Reserved. 16 Summary ■SOA and Web Browser (with Information Cards) –Very similar protocols ■Potential security, costs, administration, and other improvements ■New, standards-based, integrated operational protocol –1) Metadata retrieval –2) Security token retrieval –3) Submit transaction ■Information Cards –Off-the-shelf today –Business case is not yet market proven –Strategic capabilities for Cloud Computing ■STS –Here today

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.