NASA SensorWeb AIP-5 Kick-off User Authentication & Licensing Pat Cappelaere Vightel Stu Frye SGT Dan Mandl GSFC Karen Moe GSFC 1.

Slides:

Advertisements

Similar presentations

The How of OAuth OAuth Hackathon – Six Apart

Advertisements

22 May 2008IVOA Trieste: Grid & Web Services1 Alternate security mechanisms Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY.

1 SensorWebs and Security Experiences Dan Mandl Presented at WGISS Meeting in Toulouse, France May 11, 2009.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Contrail and Federated Identity Management

High Performance Computing Course Notes Grid Computing.

Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug scotthel.me.

Access Control Methodologies

Lecture 23 Internet Authentication Applications

1 Authentication and Authorization in Web Systems Zhenhua Guo Jun

WSO2 Identity Server Road Map

Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.

Workflow OpenID Scenario Users get OpenID from provider Andy is given access to service, and then to workflow server. Andy installs workflow Workflow gets.

Will Darby April  What is Federated Security  Example Implementations  Security Assertion Markup Language (SAML) Overview  Alternative.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Identity and Access Management

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

UMA Could I Manage My Own Data. Please?. Agenda Business Trends & Technical Solutions Distributed Business (Decentralisation) Mobility & Automation Delegation.

Distributed Web Security for Science Gateways Jim Basney In collaboration with: Rion Dooley Jeff Gaynor

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Office 365 Platform Flexible Tools Each Office 365 Workload API required different Authentication.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

The Internet Identity Layer OpenID Connect Update for HIT Standards Committee’s Privacy and Security Workgroup Wednesday, March 12th from 10:00-2:45 PM.

Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.

Copyright ©2012 Ping Identity Corporation. All rights reserved.1.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Enforcement mechanisms for distributed authorization across domains in UMA – aka “UMA trust” Eve Maler | 22 Aug 2012 draft.

The Grid System Design Liu Xiangrui Beijing Institute of Technology.

CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.

10/25/20151 Single Sign-On Web Service Supervisors: Viktor Kulikov Alexander Sherman Liana Lipstov Pavel Bilenko.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

Semantic Web Technologies Research Topics and Projects discussion Brief Readings Discussion Research Presentations.

Security, Accounting, and Assurance Mahdi N. Bojnordi 2004

Access Management 2.0: UMA for the #UMAam20 for questions 20 March 2014 tinyurl.com/umawg for slides, recording, and more 1.

Access resources in a federation partner organization.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

b2access.eudat.eu B2ACCESS The simple and secure authorisation and authentication platform of EUDAT This work is licensed under the Creative.

University of Murcia Gabriel López.  Network authentication in eduroam and SSO token distribution ◦ RADIUS hierarchy ◦ Token based on SAML  Network.

The Exchange Network Node Mentoring Workshop User Management on the Exchange Network Joe Carioti February 28, 2005.

WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.

Secure Mobile Development with NetIQ Access Manager

Prabath Siriwardena, Director of Security, WSO2 Twitter

Use Outlook Task API to access tasks stored on user’s mailbox. These REST API’s are  Simple to use.  Supports CRUD.  JSON structured.  OAuth 2.0.

New v2.0 Auth model to authenticate and authorize to Outlook.com APIs and the Microsoft Graph  Same OAuth2 protocols work for both consumer and commercial.

The FederID project The First Identity Management and Federation Free Software.

WSO2 Identity Server. Small company (called company A) had few services deployed on one app server.

11 | Managing User Info Jeremy Foster Michael Palermo

Application Authentication using Azure AD

Access Policy - Federation March 23, 2016

CALIPSOplus JRA2 Kickoff: Task 6 – Authentication + Identity

GEOSS Federated Single Sign-On

Authentication and Upper-Layer Messaging

Identity Federations - Overview

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

OpenID Connect Working Group

AIP-7 Demo Capture Stu Frye and Pat Cappelaere

Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.

AD RMS Templates Active Directory Rights Management Services (AD RMS)

Microsoft Ignite NZ October 2016 SKYCITY, Auckland.

Computer Network Information Center, Chinese Academy of Sciences

Presentation transcript:

NASA SensorWeb AIP-5 Kick-off User Authentication & Licensing Pat Cappelaere Vightel Stu Frye SGT Dan Mandl GSFC Karen Moe GSFC 1

Why Interest in Authentication? Satellite Tasking Request Accountability Distributed User Access Control & Permissions Management (User Attribute Exchange or AX) Single Sign-on Across Many Services Limited Digital Rights & Data Access Web Services Protection 2

Experience Distributed Identity Service using OpenID – Support for Multiple Organizations OpenID / OAuth Hybrid Protocol for Delegation of User Authority to Workflows Two-Factor Authentication using Symantec Validation and ID Protection Service 3

Present Issues More Adoption of OpenID with Other Disaster Organizations SOAP WS* security incompatibility Integration of Digital Rights Management – Radarsat2 Raw/Processed Data example – In progress (one-click license acceptance) Full NASA Acceptance – [Implemented outside NASA on JOYENT leased servers as prototype] 4

Achievements Two Factor Authentication Single Sign-on User Attribute Exchange Distributed ID Management Across Organizations Delegation of User Authority to Workflows REST API – Simple to implement Fairly low cost ~$1500/year Hoping to complete Digital Rights Management 5

Hopes Secure Disaster Data Delivery Network – OpenID/Oauth – BitTorrent (aka GeoTorrents) Acceptable Digital Rights Management 6