NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Identity Management.

Slides:



Advertisements
Similar presentations
Secure Single Sign-On Across Security Domains
Advertisements

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Natural Resource Program Center Inventory & Monitoring Program IRMA and the National Resource Information Portal 2010 Resource Information Management Conference.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Program Management Portal: Overview for the Client
Multi-Mode Survey Management An Approach to Addressing its Challenges
Test Case Management and Results Tracking System October 2008 D E L I V E R I N G Q U A L I T Y (Short Version)
Getting to know IRMA ( Integration of Resource Management Applications) - Overview By: Margaret Beer, Brent Frakes, Alison Loar, Simon Kingston National.
Natural Resource Program Center Data Manager’s Conference Layout the Foundation for SOA Transformation April 3, 2008.
Active Directory: Final Solution to Enterprise System Integration
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Understanding Active Directory
A Guide to Getting Started
Enterprise Business Information Model Enterprise Data Services.
State of Indiana Business One Stop Process Storyboards To support RFP and Requirements As of September 13, 2013 Prepared by: RFP Attachment L.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Form Builder Iteration 2 User Acceptance Testing (UAT) Denise Warzel Semantic Infrastructure Operations Team Presented to caDSR Curation Team March.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
MobeSys Technologies MobeSys – helping you overcome mobile technology challenges.
Classroom User Training June 29, 2005 Presented by:
Denise Luther Senior IT Consultant Practical Technology Enablement with Enterprise Integrator.
Forms Authentication, Users, Roles, Membership Svetlin Nakov Telerik Corporation
C Copyright © 2009, Oracle. All rights reserved. Appendix C: Service-Oriented Architectures.
Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.
Chapter 9: Novell NetWare
Demystifying the Business Analysis Body of Knowledge Central Iowa IIBA Chapter December 7, 2005.
Copyright 2000 eMation SECURITY - Controlling Data Access with
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
Natural Resource Program Center NPSpecies Update Alison Loar and Michelle Flenner 4/21/2010.
Natural Resource Program Center Data Manager’s Conference Data Store and NatureBib April 3, 2008 Brent Frakes.
Developing Applications for SSO Justen Stepka Authentisoft, LLC
ArcGIS Server and Portal for ArcGIS An Introduction to Security
© 2007 by Prentice Hall 1 Introduction to databases.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
Inventory & Monitoring Program Data Management Update 2009 Data Management Conference Tucson.
XML Registries Source: Java TM API for XML Registries Specification.
SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.
CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.
ArcGIS Server for Administrators
1 Geospatial and Business Intelligence Jean-Sébastien Turcotte Executive VP San Francisco - April 2007 Streamlining web mapping applications.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
Brent Frakes Natural Resources Program Center.  History  Purpose  Scope  Audience  Functionality.
Database Management Systems (DBMS)
Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.
Internet Documentation and Integration of Metadata (IDIOM) Presented by Ahmet E. Topcu Advisor: Prof. Geoffrey C. Fox 1/14/2009.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Natural Resource Program Center What’s New Simplified Functional Scope Workbench Online Certifications Improved Searching & Reporting Real-time Integration.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
WSO2 Identity Server. Small company (called company A) had few services deployed on one app server.
Secure Single Sign-On Across Security Domains
How Can NRCS Clients Use the Conservation Client Gateway
Training for developers of X-Road interfaces
Using E-Business Suite Attachments
Data and Applications Security Developments and Directions
Module 8: Securing Network Traffic by Using IPSec and Certificates
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Template library tool and Kestrel training
ARCH-1: Application Architecture made Simple
Reportnet 3.0 Database Feasibility Study – Approach
9/8/ :03 PM © 2006 Microsoft Corporation. All rights reserved.
Contract Management Software 100% Cloud-Based ContraxAware provides you with a deep set of easy to use contract management features.
Presentation transcript:

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Identity Management

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Authentication (Prove who you are) Authentication techniques –Prompt for username / password –Relay network domain credentials –Digital Certificates –Smart Cards Username / passwords the most common in our apps right now –Every application stores user information, including passwords –Every application is authenticating users only within the context of a single application –Security Risk: Passwords stored in variety of locations Individual applications may not have the resources to keep up with DOI password policies Resolution – Security Token Services (STS) –Centralize user information in STSs Only the STS knows the passwords, and/or other user information DOI security policies are addressed in one place –STS exchange user credentials for an industry standard digitally signed token Token is then passed around to apps and services Applications/Services only have to know how to interpret the token

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Security Token Service Validate User Credentials –Domain accounts / Windows NTLM DOI’s Active Directory For users on the DOI network –Usernames / Passwords ADAM / AD LDS a light weight implementation of Active Directory For users not on the DOI network –Other credential types Digital Certificates Authenticating partner applications / services running automated processes Transform User Credentials –Make claims about a user –Wrap the claims within a digitally signed SAML Token

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Security Token Process Apps and Services will never see usernames and passwords, just SAML tokens

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Authorization (What are you allowed to do) Role based authorization –Users are placed in groups (roles) and permissions are applied to the group –Access to a resource is done by comparing the users role to roles defined for the resource –Advantages: Permission management on small number of groups instead of many users –Limitations: Permissions are applied to resources at a very broad level. Granular rules will require more and more groups Roles only have meaning within individual applications Resource based authorization (Access Control Lists) –Permissions are defined on the resource itself Specify what operation / group / user can access a resource –Advantages: Authorization rules are up held independent of what service is requesting it –Limitations Every resource would have to implement attributes that identify what it is In the case of system files, often requires some form of impersonation to get through operating system process rules

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Claims based authorization –Claims are properties that describe the capabilities of an entity Type – allow services consuming claims to know what the claim is in reference to Right –describes the capability the entity has over a resource Resource - something to which a claim is made over –Essentially does role based authorization and more Roles are based on identity. Identity one of many claims that can be made about a user –Advantages: Separates authorization rules from the mechanisms used for authentication Authorization policies, based on claims, can be created down to a very granular level Very good at controlling access across platforms and applications

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Challenges Solved and Still to Solve Authentication from multiple sources –Currently can do multiple types of STS Transparent logins for domain users Form based username / passwords against ADAM / AD LDS Digital Certificates Will be developing a flexible and reusable API for authorization –Determine general claim types that are needed across our services –Identify service specific claim types that will be needed –Make it all work for client applications other then web browser Excel Access Etc.

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Unit IRMA Infrastructure Services

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Problems to Solve Multiple copies of unit, park, etc. databases being used (every app had a different one!) Inconsistent park codes and names used No common maintenance practices

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Version Centralized data source Initial IRMA coding standards, service structure Very atomic methods (not user-friendly, but they work)

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Example Reference Service – Search Page Pick List = data + web controls:

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Short-term Vision Full integration with IRMA practices Standardized park codes More efficient fetch methods More sophisticated web controls

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Longer-term Vision Customizable web controls Accessible service for networks and parks Search and report page in NRInfo Portal Subunits: –Management districts, ranger districts, etc. Maintenance functions

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Taxonomy IRMA Infrastructure Services

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Problems to be Solved Multiple applications need to manage information about taxa We need a common currency for discussing taxa We would like to use other taxonomic datasets besides ITIS, such as USDA Plants

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Version 1.0 Four primary parts –Names –Categories –Sources –Classifications Searching by Name and by Code Taxon Profile pages Integration with Species

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Search by Name

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Search by Code

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Search Results

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Taxon Profile

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Short-term Vision Include authorities Integrate USDA Plants list Downloadable taxonomy lists Saved searches and layouts Transform a taxa list using Crosswalks Links to external Classification Sources More search options

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Long-term Vision Adding and editing Taxa Roll-up to Ranks Authentication Change History Management Commenting Other types of taxonomies

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Benefits One-stop shopping for Taxonomy NPS Taxon Code serves as common currency New Classification Sources can be loaded, adding new sets of names

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Reference Service Update Data Manager’s Conference April, 2009

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Overview Problem Current Status Short-Term Plans Long-Term Vision Benefits of Service

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting What is the Problem? Fundamental need to manage citations/metadata –Documents –Datasets –Photos –Other Citations/Metadata in different systems Hard to associate/group references Applications do not adequately serve the needs of the natural resources program

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Reference Service 1.0 Active, non-sensitive, and non-proprietary citations from NatureBib and Data Store Limited subset of the Reference attributes Basic searching and read-only viewing No user-name or password required to search Download attachments Creating/Editing still done through NatureBib and Data Store

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Search Simple search (search logic behind the scenes) Must be easy to use

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Search Results

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Detailed View

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Short-Term Plans 1.x Iterations –Functionality of NatureBib and DataStore –Begin to clarify definitions –Introduce Reference Owner and Unit Steward roles –Begin Reference Relationships Split into related references (e.g., book chapter is part of book) Begin to Combine duplicates Show related references as one in Portal –Create Reference from XML record –Integrate with other services –Turn off NatureBib and Data Store –Begin following Long-Term Road Map for adding functionality

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Long-Term Road Map Stakeholder Interviews Project Scope Version Timeline

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Stakeholder Interviews Fall of 2008 Gather user needs 100+ people interviewed 25+ meetings

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Road Map - Project Scope Out for review - March 2009 Integrates user needs Proposes long-term functionality Very general and… dry Minimize risks –Get everyone on the same page –Identify logical flaws Survey to Get Feedback/Comments

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Survey Results Chapter TitleAverageStDev Reference Collections Change History Management Notification Search/Query References Introduction System Level User Groups and Role Management Reference-Reference Relationships Import/Export References Reference-Taxonomy Relationships Holdings Reference Unit Relationships Reference Management User Comments and Discussion Threads Appendix Accessing the Reference Service via SOAP Messages2.01.1

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Road Map – Version Timeline Prioritize functionality in Project Scope Can begin once Project Scope is completed Very important beyond 2.0

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Further Development and Refinement Progressive elaboration Regular user feedback

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Benefits Leverages functionality of other services –Taxonomy –Units –Authentication –File Can be leveraged by other services –Species –Project –Data Clearinghouses

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting NPSpecies Update Presented by: Alison Loar

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting New NPSpecies is Useful Because Shared infrastructure –Units, Taxonomy, Authentication, etc Reusable controls New user friendly user interface on the NRInfo Portal Ability to access service fetch operations to “build your own”

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Current Status NPSpecies on NRInfo Portal Certified Species Lists –For data that have been certified –ability to download lists Live Demo…

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Upcoming Release NPSpecies –Released next month –Species lists with more views –Park-Species Profile –Simple stats –List of Units (where one species is found) –Live Demo…

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Roadmap Release Plan Short Term NPSpecies 2.2 Integrate NPSpecies with New Match List Application NPSpecies 2.3 Integrate NPSpecies with New Evidence Applications (Vouchers, Observations, References) NPSpecies 3.0 Add/Edit/Delete Turn off NPSpecies 1.0

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Roadmap Release Plan Long Term NPSpecies 3.1 –Ability to have multiple species lists for one category & one unit in NPSpecies –Tools to Compare and Merge data NPSpecies 3.2 –QA toolbox with QA Filters –Automated workflow

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting IRMA Summary: What this Means for You Data Manager’s Conference April, 2009

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Accessing Information Web Portal –Consistent Interface –Brings multiple services together SOAP Messages

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting SOAP Messages Simple Object Access Protocol Get information without a web interface Text messages Industry Standard (e.g., Travelocity) Supported by other Languages and Applications MS Products Python

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Example SOAP Message Birds of ROMO NPS

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Example Messages FetchReferenceList CreateReference FetchReferenceHolding DeleteReference

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Application to Networks Custom applications Integrate multiple services for higher level functionality Automatic update of web pages

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.