Navigating the Standards Landscape Andrew Owen SEARCH.

Slides:



Advertisements
Similar presentations
Secure Single Sign-On Across Security Domains
Advertisements

Identity Network Ideals – Heterogeneity & Co-existence
NRL Security Architecture: A Web Services-Based Solution
Architecture and Infrastructure Scott Came Deputy Executive Director SEARCH MAJIC Agency Stakeholders Anchorage, Alaska December 18, 2012.
UDDI v3.0 (Universal Description, Discovery and Integration)
Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
1 Introduction to SOA. 2 The Service-Oriented Enterprise eXtensible Markup Language (XML) Web services XML-based technologies for messaging, service description,
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Troy Hutchison Service Oriented Architecture (SOA) Security.
Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.
Applied Cryptography Week 13 SAML Applied Cryptography SAML and XACML Mike McCarthy Week 13.
WebFTS as a first WLCG/HEP FIM pilot
Dharmender Singh Leverage Web Services with DRA to Automate User Provisioning.
GFIPM Web Services Implementation Status Update GFIPM Delivery Team Meeting November 2011.
GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.
A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.
SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
Global Federated Identity & Privilege Management GFIPM John Ruegg, Director LA County ISAB United States Department of Justice.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Web Service Standards, Security & Management Chris Peiris
SWITCHaai Team Introduction to Shibboleth.
Identity Management Report By Jean Carreon and Marlon Gonzales.
SAML, XACML & the Terrorism Information Sharing Environment “Interoperable Trust Networks” XML Community of Practice February 16, 2005 Martin Smith Program.
Tom Clarke VP, Research & Technology National Center for State Courts.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.
OpenPASS Open Privacy, Access and Security Services “Quis custodiet ipsos custodes?”
GRA Implementations using Open Source Technologies Mark Perbix and Yogesh Chawla SEARCH.
Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.
Random Logic l Forum.NET l Web Services Enhancements for Microsoft.NET (WSE) Forum.NET ● October 4th, 2006.
An XML based Security Assertion Markup Language
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Portal-based Access to Advanced Security Infrastructures John Watt UK e-Science All Hands Meeting September 11 th 2008.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
Federated Identity and Shibboleth Concepts Rick Summerhill Chief Technology Officer Internet2 GEC3 October 29, 2008 Slides by Nate Klingenstein
Workshop Presentation [1] Investigating Liberty Alliance and Shibboleth Integration Nishen Naidoo, Supervisor: Dr. Steve Cassidy.
Shibboleth: An Introduction
Using Enterprise Logins in Portal for ArcGIS via SAML Greg Ponto & Tom Shippee.
Access Control and Markup Languages Pages 183 – 187 in the CISSP 1.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.
Connect. Communicate. Collaborate The authN and authR infrastructure of perfSONAR MDM Ann Arbor, MI, September 2008.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Description WS Standards WS-Federation Picture Grid Security GridShib References 2.
United States Department of Justice Achieving Information Interoperability and Business Agility The Justice Reference Architecture:
Status Update on Other GFIPM Activity Threads GFIPM Delivery Team Meeting November 2011.
Decoding the Alphabet Soup: Global JIS Standards 101.
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
OGSA Attributes: Requirements, Definitions, and SAML Profile Abstract This document specifies elements and vocabulary for expressing attribute assertions.
Project Moonshot Daniel Kouřil EGI Technical Forum
Access Policy - Federation March 23, 2016
Secure Single Sign-On Across Security Domains
Shibboleth Roadmap
Federation Systems, ADFS, & Shibboleth 2.0
SAML New Features and Standardization Status
HMA Identity Management Status
Prime Service Catalog 12.0 SAML 2.0 Single Sign-On Support
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Tim Bornholtz Director of Technology Services
Shibboleth 2.0 IdP Training: Introduction
InfiNET Solutions 5/21/
Presentation transcript:

Navigating the Standards Landscape Andrew Owen SEARCH

SEARCH, The National Consortium for Justice Information and Statistics | 1 Goals Discuss Information Sharing Standards Describe the problems these standards solve Introduce proven approaches for implementing these standards

SEARCH, The National Consortium for Justice Information and Statistics | 2 Many ways to share information and capabilities

SEARCH, The National Consortium for Justice Information and Statistics | Poorly or un-Planned Information Sharing 3

SEARCH, The National Consortium for Justice Information and Statistics | Nicely Planned Information Sharing 4

SEARCH, The National Consortium for Justice Information and Statistics | Careful Architecture is Key 5

SEARCH, The National Consortium for Justice Information and Statistics | Global Reference Architecture (GRA) Reference architecture for doing Service Oriented Architecture (SOA) Based on the OASIS SOA Reference Model 6

SEARCH, The National Consortium for Justice Information and Statistics | GRA/SOA 7

SEARCH, The National Consortium for Justice Information and Statistics | SOA 8

SEARCH, The National Consortium for Justice Information and Statistics | GRA/SOA Principles Standard Service Contracts Loose Coupling Abstraction Reuse Autonomy Statelessness Composability 9

SEARCH, The National Consortium for Justice Information and Statistics | GRA makes SOA Easy 10

SEARCH, The National Consortium for Justice Information and Statistics | Web Services Service Interaction Profile Describes how to meet GRA requirements with Web Services:  SOAP  WSDL  WS-Addressing  WS-Reliable Messaging  WS-Trust  NIEM  GFIPM/SAML 11

SEARCH, The National Consortium for Justice Information and Statistics | GRA Service Specification Package Service-level interoperability Specific rules for packaging Self-contained 12

SEARCH, The National Consortium for Justice Information and Statistics | National Information Exchange Model (NIEM) Standard vocabulary for information exchanges System-independent Multi-domain (justice, public safety, emergency management, family services, intelligence etc.) 13

SEARCH, The National Consortium for Justice Information and Statistics | Information Exchange Package Documentation (IEPD) 14 Defines one or more specific information exchanges Message interoperability Normative and non- normative documentation Methodology for developing IEPD

SEARCH, The National Consortium for Justice Information and Statistics | GRA and NIEM 15

SEARCH, The National Consortium for Justice Information and Statistics | Add a User to the mix 16

SEARCH, The National Consortium for Justice Information and Statistics | Global Federated Identity and Privilege Management (GFIPM) Makes user identity management easier to do  Enables single sign-on  Eliminates the need for multiple logins for a single user  Keeps identity management and user authentication local 17

SEARCH, The National Consortium for Justice Information and Statistics | GFIPM Provides a standard vocabulary of identity access attributes Enables informed access and authorization decisions 18

SEARCH, The National Consortium for Justice Information and Statistics | Service Provider Protects a web resource Requests user information from identity provider Enforces access control policies Logs user activity 19

SEARCH, The National Consortium for Justice Information and Statistics | Identity Provider Snaps on to existing user credential store Authenticates users Issues users assertions to service providers 20

SEARCH, The National Consortium for Justice Information and Statistics | GFIPM 21

SEARCH, The National Consortium for Justice Information and Statistics | GFIPM and SAML Based on the OASIS standard called Security Assertion Markup Language (SAML) version 2.0  Request User Authentication (SP to IdP)  User Authentication Statement (IdP to SP)  User Assertion (IdP to SP)  SP and IdP Metadata Industry standard – you probably use this everyday 22

SEARCH, The National Consortium for Justice Information and Statistics | GFIPM and Web Services Control access when a user is behind a web service request SAML token is passed to the web service GFIPM provides specific profiles for this Still requires existence of IdP and SP 23

SEARCH, The National Consortium for Justice Information and Statistics | Trust Shared IdP and SP metadata Federation Management Function Cryptography IT Policy 24

SEARCH, The National Consortium for Justice Information and Statistics | Refresher GRA: big picture of service design and orientation NIEM: message vocabulary consistency GFIPM: user access control and identity management 25

SEARCH, The National Consortium for Justice Information and Statistics | Implementation Options Apache CXF Apache Camel Shibboleth IdP Shibboleth SP Microsoft ADFS

SEARCH, The National Consortium for Justice Information and Statistics | Next session… 27

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.