Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exchange Network Open Call November 17, 2011. Today’s Agenda Background on Exchange Network data access policy and data publishing New default Network.

Published byOphelia Robbins Modified over 9 years ago

Similar presentations

Presentation on theme: "Exchange Network Open Call November 17, 2011. Today’s Agenda Background on Exchange Network data access policy and data publishing New default Network."— Presentation transcript:

1 Exchange Network Open Call November 17, 2011

2 Today’s Agenda Background on Exchange Network data access policy and data publishing New default Network security settings for Query and Solicit web services – Impact to existing data flows Special security considerations for the Exchange Network Browser Actions for Node Administrators – Securing sensitive data – Steps for OpenNode2 users and EN Node users Reminder on Node interoperability issues

3 Data Publishing Basics Today, most Network data flows are powered by the Submit web service and are not publishing-oriented – Data owner initiates the exchange of data Some data flows use Query and Solicit web services to enable data publishing – Data are made available through a Node so that others with permission can access it on demand Only Nodes can support Query and Solicit web services Node Clients are not affected

4 EN Data Access Policy Ease of data access and exchange is a fundamental principle of the Exchange Network. Whenever possible, data owners must: – Make data accessible to partners to the maximum degree appropriate – Set node privilege defaults so EN partners can query/solicit data – Register nodes and web services to make them discoverable and accessible to trusted partners, and – Ensure that all data access and exchange relationships are governed by agreements that meet partners’ legal and programmatic obligations http://www.exchangenetwork.net/about/network-management/network- policy-framework/

5 New Default Security Settings For Nodes that Authorize data flow access using the Network Authentication and Authorization Service (NAAS), Query and Solicit services are open by default to any valid NAAS account with an authenticated security token. Any existing NAAS policies that restrict access will remain in effect and supersede these new default behaviors

6 Exchange Network Browser Web-based tool that allows users to discover and access data published by Exchange Network Nodes and registered in ENDS Pre-release version available today at http://www.enbrowser.net http://www.enbrowser.net Allows users to log-in with valid NAAS credentials to access secure data flows Will also offers Guest access to unsecured data flows for public users without their own NAAS credentials

7 Special Considerations for EN Browser Guest Account EN Browser uses hard-coded NAAS credentials to enable public access – User name: enbrowser@exchangenetwork.netenbrowser@exchangenetwork.net If you answer YES to all 3 questions below you should ensure that your flow is set up to deny access to the EN Browser guest account 1.Do you have Query or Solicit services on your Node? 2.Are those services registered in ENDS? 3.Is the data inappropriate for public access? Guest access goes live on December 12, 2011

8 EN Node: Security Model All queries and solicit services will be open to the enbrowser@exch angenetwork.net Guest Account by default. enbrowser@exch angenetwork.net All queries and solicit services will be open to the enbrowser@exch angenetwork.net Guest Account by default. enbrowser@exch angenetwork.net Policies defined by the Node Admin will supersede the default NAAS query and solicit security policies.

9 EN Node: Protecting Services Step 1: Node Admin selects “Yes” for “Require explicit NAAS rights to execute this operation” The service will be totally locked down

10 EN Node: Protecting Services Step 2: Node Admin can grant or deny access to a specific service on the User Management screen Check to grant privileges

11 EN Node: Protecting Services Once a service is secured, the enbrowser@exchangenetwork.net Guest Account will not be able to access the service unless explicitly granted rights to do soenbrowser@exchangenetwork.net enbrowser@exchange network.netenbrowser@exchange network.net has no right to the Service enbrowser@exchange network.netenbrowser@exchange network.net has no right to the Service

12 OpenNode2: Security Model OpenNode2 uses NAAS for Authentication but not Authorization NAAS Policies are not used by OpenNode2 – Flow access permissions are stored in the OpenNode2 database OpenNode2 flows are either protected or unprotected. Users are either allowed access to all flow services or denied access to all flow services

13 OpenNode2: Unprotected Flows OpenNode2 flows are not protected by default. Any valid NAAS user may access the services of an unprotected flow, including anonymous EN Browser users (guests).

14 OpenNode2: Protecting Flows.NET OpenNode2: In the Security Manager, assign access rights of “Endpoint User” to grant access to a given flow to a user.

15 OpenNode2: Protecting Flows Java OpenNode2: In the Security Manager, assign access rights by checking the “Flow Access” box next to the flow name.

16 Reminder: Node Interoperability The specification for Exchange Network Nodes was updated in June to address problems that were preventing some Nodes from communicating Information on affected products and the fixes is available at: http://www.exchangenetwork.net/node- interoperability-faqs http://www.exchangenetwork.net/node- interoperability-faqs January 31, 2012 is the target date for reinstalling affected Node software

17 Questions? Kurt Rakouskas 301.531.5186 kurt@exchangenetwork.net

Download ppt "Exchange Network Open Call November 17, 2011. Today’s Agenda Background on Exchange Network data access policy and data publishing New default Network."

Similar presentations

MFA for Business Banking – Security Questions with 2nd Request Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing.

MFA for Business Banking – Security Questions with 2nd Request Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing.
5/30/2012. Provides a method for finding services/data on the Exchange Network – discover data. Supports User Friendly Tools Can automatically collect.

5/30/2012. Provides a method for finding services/data on the Exchange Network – discover data. Supports User Friendly Tools Can automatically collect.
Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Understand Database Security Concepts

Understand Database Security Concepts
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
User Management DigiTool Version 3.0. User Management 2 User Architecture PatronsStaff Users DepositorsApprovers Meditor User Management Management Module.

User Management DigiTool Version 3.0. User Management 2 User Architecture PatronsStaff Users DepositorsApprovers Meditor User Management Management Module.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
DigiTool User Architecture and Overview DigiTool Version 3.0.

DigiTool User Architecture and Overview DigiTool Version 3.0.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.

Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.
Lesson 18: Configuring Application Restriction Policies

Lesson 18: Configuring Application Restriction Policies
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

Similar presentations

Ads by Google