Presentation is loading. Please wait.

Presentation is loading. Please wait.

April 18, 2006 Shared Services Tools and Technologies.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "April 18, 2006 Shared Services Tools and Technologies."— Presentation transcript:

1 April 18, 2006 Shared Services Tools and Technologies

2 Topics For This Session Service Oriented Architecture –Service Oriented Architecture is a collection of interconnected services. –SOA is an architecture of standards based web services using a common messaging technology model. (XML,SOAP,UDDI,WSDL etc..) Network Security (NAAS) –SAK -Secure Authentication Keys - Secure encrypted Keys that can replace passwords for machine to machine interactions –XKMS - XML Key Management System Network Software Developer Kit –A toolkit designed for integrating Network functions directly into applications

3 Topics Continued QA Services –XML Document Parsing service utilizing the.NET Reader –Extended Business Rule validation service for XML documents Style sheet Transformation Service –New service that can transform a document based on a style sheet (XSLT) into a new format

4 Session 2 (Tomorrow 1PM) Open Source - Overview / Tools / Node - An overview of open source tools and the integration of tools into a node implementation based completely on open sources code. Velocity High Performance Open Source Data Mapper - This tool supports the conversion of practically any format to any format based on a configuration file. It has out performed many other mappers by an order of magnitude based on our tests Business Process Execution Language (BPEL) in the CDX Node - This technology supports the orchestration and management of complex business processes that require multiple steps and web service calls. CDX has prototyped a BPEL flow for NEI and is working on a pilot. XML Gateway - a new security service that filters web service messages based on predefined rules such as adherence to the network WSDL and adds an additional security layer for messaging.

5 Background Service Oriented Architecture

6 Why SOA ? High Business Adaptability: More applications can use services. Increased Flexibility: Consumer applications are isolated from internal business changes. Improved Reusability: Services can be shared by many applications. Interoperable – Standard format enables consumers to interoperate with service providers. Cost Effective – Standard based components cost much less than custom-built ones. Sharing also reduces costs.

7 SOA Infrastructure Security Services (NAAS) Security Services for CDX and the Exchange Network Integrated with E Authentication services Universal Description and Discovery Interface Catalog of web services Implemented UDDI V3 Network Node Services Standards based web service protocols and XML schemas used Supports machine-to-machine data exchanges Quality Assurance server Parsing Services Extended Business Rule Validation XML Firewall A hardware appliance that validates and filters XML traffic. Application level security Orchestration is a standards driven approach to simplifying and automating business process. BPEL 1.1 is the leading standard.

8 Secure Authentication Key Advanced Security Mechanisms

9 What is Secure Authentication Key An encrypted string that contains subject identity. Jointly signed using multiple secrets. Tied directly to a particular machine.

10

11 The SAK Advantages Multifactor and multi-authentication scheme Reveal-proof: Disclosure of SAK is not a concern Strong protection of user privacy Disable dictionary attacks, brute force attacks and replay attacks

12 SAK vs. Security Token SAK is a credential while a security token is an evidence that the subject has been authenticated. A security token expires but an SAK doesn’t Both SAK and security token are encrypted. Both SAK and security token contains user identity information and they are extensible.

13 How to Use SAK SAK is good for machine to machine authentications. Users/Developers simply replace password with SAK. No other change is necessary. SAK can be obtained through the node helpdesk.

14 Conclusion SAK is a safer and stronger authentication scheme than password. Secure Authentication Key is a lightweight, miniature certificate without the PKI costs. Deployment of SAK is very simple and straight forward

15 Software Developer Kit Network Service Integration

16 Background Need to simplify access to web services Make integrating public and Exchange Network web services easier Abstracts messaging complexities to simple scripts

17 Exchange Network SDK Based on a Microsoft COM object Leverages SQLDATA Web Services Client Simple wizard driven installation Runs in.NET, C/C++ and Microsoft scripting environments. Sample scripts for Network Services

18 Security Support –Authentication Bare Key Digest Certificate HMAC –Authorization –XML Encryption Encrypt and Decrypt –XML Signature Sign and Verify Signature

19 Support for Consuming Services Download Query Notify Submit Solicit

20 Potential Uses Query the Network for Facility Data Submit Data to CDX XML Signature and Encryption Get Data from a Public Web Service

21 Encryption, Signature and Authentication Advanced Security Mechanisms

22 Topics End to End Security Requirements Document Confidentiality Document Integrity and Non-repudiation Exchange Network Key Management Services Node Client SDK Security Features Authentication using XKMS Conclusion

23 End-to-End Document Security Document Confidentiality: Protect sensitive data from the submitter all the way to the ultimate receiver. Document Integrity: Ensure document is unchanged from its originator to the target receiver. Document Non-reputation: Guarantee the faithfulness of the document origin. Strong Authentication: Assure the true identity of the document sender.

24 What is XKMS A World Wide Web Consortium (W3C) standard, XKMS 2.0, is finalized A central key depository with Web service interface to PKI Vendor-neutral PKI solution for public key and certificate management Foundation for secure Web services (XML signature, XML encryption, XKMS) XKMS will be the PKI solution to the Exchange Network, and the key element to a strong security model.

25 XKMS Internal Architecture

26 XML Signature using XKMS A document is signed using the Private Key and key information (KeyName, KeyValue) The receiver locates / validates the Public Key used for the signature from an XKMS server The receiver verifies the signature using the valid key

27 XML Signature using XKMS

28 Document Signing Using Node Client SDK Node Client SDK has XML Signature capabilities built in. Support all major features defined in the W3C specification Signing document is straight forward with a few line of coding. Can be integrated into Network Nodes or application in Windows platform.

29 XML Encryption Using XKMS The receiver registers the public key in XKMS. The sender locates the receiver’s Public Key from an XKMS server The sender encrypts a document using the receiver’s Public Key The receiver decrypts the document using the Private Key

30 XML Encryption Using XKMS

31 Document Encryption Using Node Client SDK Node Client SDK has XML Encryption capabilities built in. Support all encryption algorithm defined in the W3C specification Encrypting document is straight forward with a few lines of coding (Well, actually only two lines here). Can be integrated into Network Nodes or application in Windows platform.

32 Authentication using XKMS A user registers Public Key in XKMS The user creates an Authenticate message and signs the message using the Private Key Security service locates / validates the user’s Public Key from XKMS Security service verifies the signature. The user is authenticated if the signature is valid – the holder of the Private Key

33 Example Interaction with XKMS

34 Quality Assurance and Transformation Services

35 QA tools are available that can be used to validate data against a standard parser and business rules Quality Assurance Services –XML Schema Validation Pre-submission validation Post-submission validation –Rule Validation More then XML schema can do Schematron Lookup tables from endpoint datastore Quality Assurance Services

36 XLST Transformation Service A utility service that can be invoked by all network users. Perform data transformation using specified style- sheet. Use DIME attachment as payload. Document can be in either ZIP or XML format. Run in synchronous mode (small payload) or asynchronous mode (large payload) Service will be available on the QA server.

37 Document Transformation Service Definition: User authentication is required. Style Sheet can be local or remote. xmlDocument should be a DIME attachment docFormat is either ZIP or XML.

38 Conclusions SOA is real. EPA and state partners have built the world largest web service network based on SOA. SOA changes the way we approach software development.

Download ppt "April 18, 2006 Shared Services Tools and Technologies."

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Web Service Ahmed Gamal Ahmed Nile University Bioinformatics Group

Web Service Ahmed Gamal Ahmed Nile University Bioinformatics Group
Demystifying the Protocol and Specification v1.1 Prepared for the Node Mentoring Meeting by: Rob Willis, Ross & Associates February.

Demystifying the Protocol and Specification v1.1 Prepared for the Node Mentoring Meeting by: Rob Willis, Ross & Associates February.
Chapters 14 & 15 Internet Databases. E-Commerce  Bringing new products, services, or ideas to market, supporting and enhancing business operations 

Chapters 14 & 15 Internet Databases. E-Commerce  Bringing new products, services, or ideas to market, supporting and enhancing business operations 
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
A Successful RHIO Implementation

A Successful RHIO Implementation
SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.

SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
1 Introduction to XML. XML eXtensible implies that users define tag content Markup implies it is a coded document Language implies it is a metalanguage.

1 Introduction to XML. XML eXtensible implies that users define tag content Markup implies it is a coded document Language implies it is a metalanguage.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.

Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.
Core Web Service Security Patterns

Core Web Service Security Patterns
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Network Shared Services. Shared Services –Network Authentication and Authorization Services –Exchange Network Discovery Service –Universal Description.

Network Shared Services. Shared Services –Network Authentication and Authorization Services –Exchange Network Discovery Service –Universal Description.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
2006 IEEE International Conference on Web Services ICWS 2006 Overview.

2006 IEEE International Conference on Web Services ICWS 2006 Overview.
Peoplesoft: Building and Consuming Web Services

Peoplesoft: Building and Consuming Web Services
Web services security I

Web services security I

Similar presentations

Ads by Google