Presentation is loading. Please wait.

Presentation is loading. Please wait.

ClearAvenue, LLC Headquartered in Columbia, Maryland

Published byAnis Fay Matthews Modified over 6 years ago

Similar presentations

Presentation on theme: "ClearAvenue, LLC Headquartered in Columbia, Maryland"— Presentation transcript:

0 Case studies on Authentication, Authorization and Audit in SOA Environments Dr. Srini Kankanahalli

1 ClearAvenue, LLC Headquartered in Columbia, Maryland Focused on Systems Integration, Data Management, Information Security, Storage networking, Custom Software development Premier IBM Business Partner CMMi Maturity Level 3 clearAvenue, LLC is a 8(a) certified minority women owned Small Disadvantaged Business

2 Authentication, Authorization, and Audit– The Challenge
Identity and Access Management is a major challenge for all federal agencies Multitude of Applications, Legacy as well as state-of the art Systems pose additional challenges The complexity of Federal laws as well as federal contracting regulations further adds to the complexity Comprehensive End-to-End Audits across multiple systems poses a significant challenge Security is a major challenge for most organizations because of the threats. In federal agencies, it is even more complicated by the various federal mandates as well as complex federal contracts and contracting rules. Performing end-to-end audits, while a Certification and Accreditation mandate, poses significant challenges.

3 Layers of Security Perimeter Defense Control Layer Assurance Layer
Keep out unwanted with Firewalls Anti-Virus Intrusion Detection, etc. Perimeter Defense Control Layer Assurance Layer Control Layer Which users can come in? What can users see and do? Are user preferences supported? Can user privacy be protected? Security involves a multitude of technologies, products and processes. The notion of defense in depth is illustrated. Every layer has a different role and poses different challenges Assurance Layer Can I comply with regulations? Can I deliver audit reports? Am I at risk? Can I respond to security events?

4 Services (Definitions) Supporting Middleware
SOA Security Encompass All Solution Layers 5 5 5 5 consumers SCA Portlet WSRP B2B Other SOA Security Identity Authentication Authorization & Privacy Auditing Confidentiality, Integrity and Availability Compliance Administration and Policy Management Service Consumer Service Consumer 4 4 4 4 business processes business processes process choreography process choreography 3 3 3 3 Services (Definitions) services atomic and composite atomic and composite 2 2 2 2 Service components Service Provider Service Provider 1 1 1 1 ISV SAP Packaged Custom Custom OO OO While there is lot of talk around Service Oriented Architecture, implementing SOA poses multiple challenges. One of the major challenges is the propogation of identity across multiple services Outlook Packaged Application Custom Custom Application Application Application Application Application Application Application Operational systems Custom Apps Platform Supporting Middleware OS/390 Unix MQ DB2

5 Identity Management– the basis of comprehensive security
Identity management is one of the main pillars of comprehensive security.

6 User Provisioning and De-provisioning
User Provisioning across multiple enterprise systems poses significant challenges User De-provisioning is a greater challenge Role-based access and Role Management adds to the complexity Role Engineering encompasses very little “engineering” and lot of “Politics”

7 Implementing Role-based Access Control
Successfully implemented RBAC with role-based provisioning to legacy as well as state-of the art systems A Role is a set of entitlements that has a “Business Context” Roles are not “cast in stone,” but is derived through a “trial and error” process Role Re-factoring has to be kept in mind during the design and implementation of any RBAC system

8 Role-based Access to Legacy and Modernized Systems

9 Legacy systems integration -- Seibel

10 Federated Identity Management-- Challenge
In many situations, one federal agency has to communicate and access data from another agency This problem also may exist between multiple subdivisions of the same agency or organization The solution involves building and propagating trust across boundaries using industry standards Audits across agencies or subdivisions pose additional challenges

11 Organization B Organization A
SAML Organization A Federated Identity Management Across Multiple Organizations

12 Federation Entities

13 SOA Federated Identity Management
SAML TFIM SAML LDAP Internet Web Service Websphere ND

14 Multi-Factor Authentication
There are multiple federal and commercial mandates for strong and Multi-factor authentication

15 Multi-factor based Certificate based Authentication architecture using IBM Tivoli Federated Identity manager

16 Conclusions We have implemented complex security patterns in multiple federal agencies Security is Multi-faceted and hence has to be carefully architected and implemented correctly The availability of multiple point products adds to the integration complexity Authentication, Authorization, Audit and Identity Management are all intertwined and has to be planned and implemented correctly to ensure that “Attack Surface” of an organization is minimized

Download ppt "ClearAvenue, LLC Headquartered in Columbia, Maryland"

Similar presentations

Connected Health Framework

Connected Health Framework
National HIT Agenda and HIE - 2007 John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.

National HIT Agenda and HIE John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.
Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
Welcome to Middleware Joseph Amrithraj

Welcome to Middleware Joseph Amrithraj
NRL Security Architecture: A Web Services-Based Solution

NRL Security Architecture: A Web Services-Based Solution
Xavier Verhaeghe Vice President Oracle Security Solutions

Xavier Verhaeghe Vice President Oracle Security Solutions
1 ILANTUS Proprietary Jaunary 20, 2014 Enabling complete AGS features on ISIM Compliance Express – ISIM Integration.

1 ILANTUS Proprietary Jaunary 20, 2014 Enabling complete AGS features on ISIM Compliance Express – ISIM Integration.
Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.

Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.

Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Identity Management, what does it solve By Gautham Mudra.

Identity Management, what does it solve By Gautham Mudra.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Data Management Capabilities and Past Performance Dr. Srinivas Kankanahalli.

Data Management Capabilities and Past Performance Dr. Srinivas Kankanahalli.
© 2004-2014. Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.

© Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.
SOA – Development Organization Yogish Pai. 2 IT organization are structured to meet the business needs LOB-IT Aligned to a particular business unit for.

SOA – Development Organization Yogish Pai. 2 IT organization are structured to meet the business needs LOB-IT Aligned to a particular business unit for.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Similar presentations

Ads by Google