Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security for MUWS. Manageable Resource External Manageability Provider Manageability Web service Environment Manageable Resource Manageable Resource Manageable.

Published byMilo Reed Modified over 8 years ago

Similar presentations

Presentation on theme: "Security for MUWS. Manageable Resource External Manageability Provider Manageability Web service Environment Manageable Resource Manageable Resource Manageable."— Presentation transcript:

1 Security for MUWS

2 Manageable Resource External Manageability Provider Manageability Web service Environment Manageable Resource Manageable Resource Manageable Resource Manageable Resource Manageability Interface Manageability Manageable Resource Built-in Manageability Provider Manager A (Intranet) Manager B (Internet) Manager C (Extranet/VPN)

3 MUWS Security Requirements [SEC.001] The Manageability Interface MUST enable secure management, as dictated by the threats of the environment. This includes (but is not limited to) support for the functionality described in the sub-requirements, SEC.001.1-6. –[SEC.001.1] The Manageability Interface SHOULD support having the manager authenticate the manageable resource. –[SEC.001.2] The Manageability Interface SHOULD support having the manageable resource authenticate the manager. –[SEC.001.3] The Manageability Interface SHOULD support an underlying mechanism that guarantees the integrity of the messages exchanged. –[SEC 001.4] The Manageability Interface SHOULD support an underlying mechanism that guarantees the confidentiality of the messages exchanged. –[SEC 001.5] The Manageability Interface SHOULD not preclude establishing, using, and managing trust relationships. –[SEC.001.6] The Manageability Interface SHOULD support access control (such as distinguishing between the ability to view and the ability to change) for management information, operations and event notifications at appropriate granularity. Access SHOULD be controllable by role (the security mechanism being used will determine what “role” means). For example, an internal manager should have greater control than a manager being run by a partner. [SEC.002] The Manageability Interface MUST be NAT and firewall "friendly", meaning that the interface MUST NOT require additional support in NAT and firewall products, and that sufficient information MUST be provided for a firewall proxy to inspect the management messages. [SEC.003] The Manageability Interface MUST not increase security risks or enlarge security exposures. [SEC.004] The Manageability Interface MUST allow a self-contained, fallback security model, for use when the security infrastructure is not available. [SEC.005] The Manageability Interface MUST be able to be used to manage a Security Infrastructure –[SEC.005.1] The Manageability Interface MUST allow operational capabilities on security features (e.g., enable, disable). Security configuration SHOULD only be allowed via the Manageability Interface if appropriate access controls are in place.

4 Manager A (Intranet) Manager B (Internet) Manager C (Extranet/VPN) SAML, Digital Signature, Encryption, Schema Validation, Malicious Content Inspection, Time-base Access Right, Entitlement Standard Compliance LDAP Username and Password, IP Validation, Schema Validation, Entitlement, Standard Compliance X.509 Authentication, Digital Signature, Schema Validation, Malicious Content Inspection, Time-base Access Right, Entitlement, Credential Mapping, Standard Compliance HR Manageable Resources Procurement Manageable Resources IT Manageable Resources Manufacturing Manageable Resources CRM Manageable Resources

Download ppt "Security for MUWS. Manageable Resource External Manageability Provider Manageability Web service Environment Manageable Resource Manageable Resource Manageable."

Similar presentations

Technical Presentation AIAC 2010-2011 Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.

Technical Presentation AIAC Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
NRL Security Architecture: A Web Services-Based Solution

NRL Security Architecture: A Web Services-Based Solution
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
WS-Security TC Christopher Kaler Kelvin Lawrence.

WS-Security TC Christopher Kaler Kelvin Lawrence.
Web Services, SOA and Security May 11, 2009 Michael Burnett.

Web Services, SOA and Security May 11, 2009 Michael Burnett.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Information System Security Engineering and Management Risk Analysis and System Security Engineering Homework (#2, #3) Dr. William Hery

Information System Security Engineering and Management Risk Analysis and System Security Engineering Homework (#2, #3) Dr. William Hery
Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.

Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.
1 Integrating ISA Server and Exchange Server. 2 How email works.

1 Integrating ISA Server and Exchange Server. 2 How works.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
Secure Electronic Transaction (SET)

Secure Electronic Transaction (SET)
COMP 6005 An Introduction To Computing Session Four: Internetworking and the World Wide Web.

COMP 6005 An Introduction To Computing Session Four: Internetworking and the World Wide Web.

Similar presentations

Ads by Google