Presentation is loading. Please wait.

Presentation is loading. Please wait.

Case studies on Authentication, Authorization and Audit in SOA Environments Dr. Srini Kankanahalli.

Published byAgatha Webster Modified over 6 years ago

Similar presentations

Presentation on theme: "Case studies on Authentication, Authorization and Audit in SOA Environments Dr. Srini Kankanahalli."— Presentation transcript:

1 Case studies on Authentication, Authorization and Audit in SOA Environments
Dr. Srini Kankanahalli

2 ClearAvenue, LLC Headquartered in Columbia, Maryland
Focused on Systems Integration, Data Management, Information Security, Storage networking, Custom Software development Premier IBM Business Partner CMMi Maturity Level 3 clearAvenue, LLC is a 8(a) certified minority women owned Small Disadvantaged Business

3 Authentication, Authorization, and Audit– The Challenge
Identity and Access Management is a major challenge for all federal agencies Multitude of Applications, Legacy as well as state-of the art Systems pose additional challenges The complexity of Federal laws as well as federal contracting regulations further adds to the complexity Comprehensive End-to-End Audits across multiple systems poses a significant challenge

4 Layers of Security Perimeter Defense Perimeter Defense Control Layer
Assurance Layer Perimeter Defense Keep out unwanted with Firewalls Anti-Virus Intrusion Detection, etc. Control Layer Which users can come in? What can users see and do? Are user preferences supported? Can user privacy be protected? Assurance Layer Can I comply with regulations? Can I deliver audit reports? Am I at risk? Can I respond to security events?

5 SOA Security Encompass All Solution Layers
5 5 5 5 consumers SCA Portlet WSRP B2B Other SOA Security Identity Authentication Authorization & Privacy Auditing Confidentiality, Integrity and Availability Compliance Administration and Policy Management Service Consumer Service Consumer 4 4 4 4 business processes business processes process choreography process choreography 3 3 3 3 Services (Definitions) services atomic and composite atomic and composite 2 2 2 2 Service components Service Provider Service Provider 1 1 1 1 ISV SAP Packaged Custom Custom OO OO Outlook Packaged Application Custom Custom Application Application Application Application Application Application Application Operational systems Custom Apps Platform Supporting Middleware OS/390 Unix MQ DB2

6 Identity Management– the basis of comprehensive security

7 User Provisioning and De-provisioning
User Provisioning across multiple enterprise systems poses significant challenges User De-provisioning is a greater challenge Role-based access and Role Management adds to the complexity Role Engineering encompasses very little “engineering” and lot of “Politics”

8 Implementing Role-based Access Control
Successfully implemented RBAC with role-based provisioning to legacy as well as state-of the art systems A Role is a set of entitlements that has a “Business Context” Roles are not “cast in stone,” but is derived through a “trial and error” process Role Re-factoring has to be kept in mind during the design and implementation of any RBAC system

9 Role-based Access to Legacy and Modernized Systems

10 Legacy systems integration -- Seibel

11 Federated Identity Management-- Challenge
In many situations, one federal agency has to communicate and access data from another agency This problem also may exist between multiple subdivisions of the same agency or organization The solution involves building and propagating trust across boundaries using industry standards Audits across agencies or subdivisions pose additional challenges

12 Federated Identity Management Across Multiple Organizations
SAML Organization A Federated Identity Management Across Multiple Organizations Organization B

13 Federation Entities

14 SOA Federated Identity Management
SAML TFIM SAML LDAP Internet Web Service Websphere ND

15 Multi-Factor Authentication
There are multiple federal and commercial mandates for strong and Multi-factor authentication

16 Multi-factor based Certificate based Authentication architecture using IBM Tivoli Federated Identity manager

17 Conclusions We have implemented complex security patterns in multiple federal agencies Security is Multi-faceted and hence has to be carefully architected and implemented correctly The availability of multiple point products adds to the integration complexity Authentication, Authorization, Audit and Identity Management are all intertwined and has to be planned and implemented correctly to ensure that “Attack Surface” of an organization is minimized

Download ppt "Case studies on Authentication, Authorization and Audit in SOA Environments Dr. Srini Kankanahalli."

Similar presentations

National HIT Agenda and HIE - 2007 John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.

National HIT Agenda and HIE John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.
NRL Security Architecture: A Web Services-Based Solution

NRL Security Architecture: A Web Services-Based Solution
Xavier Verhaeghe Vice President Oracle Security Solutions

Xavier Verhaeghe Vice President Oracle Security Solutions
1 ILANTUS Proprietary Jaunary 20, 2014 Enabling complete AGS features on ISIM Compliance Express – ISIM Integration.

1 ILANTUS Proprietary Jaunary 20, 2014 Enabling complete AGS features on ISIM Compliance Express – ISIM Integration.
Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.

Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.

Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.
Identity Management, what does it solve By Gautham Mudra.

Identity Management, what does it solve By Gautham Mudra.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Data Management Capabilities and Past Performance Dr. Srinivas Kankanahalli.

Data Management Capabilities and Past Performance Dr. Srinivas Kankanahalli.
© 2004-2014. Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.

© Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.
SOA – Development Organization Yogish Pai. 2 IT organization are structured to meet the business needs LOB-IT Aligned to a particular business unit for.

SOA – Development Organization Yogish Pai. 2 IT organization are structured to meet the business needs LOB-IT Aligned to a particular business unit for.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.

© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

Similar presentations

Ads by Google