Presentation is loading. Please wait.

Presentation is loading. Please wait.

NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Identity Management.

Published byFerdinand Hart Modified over 9 years ago

Similar presentations

Presentation on theme: "NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Identity Management."— Presentation transcript:

1 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Identity Management

2 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Authentication (Prove who you are) Authentication techniques –Prompt for username / password –Relay network domain credentials –Digital Certificates –Smart Cards Username / passwords the most common in our apps right now –Every application stores user information, including passwords –Every application is authenticating users only within the context of a single application –Security Risk: Passwords stored in variety of locations Individual applications may not have the resources to keep up with DOI password policies Resolution – Security Token Services (STS) –Centralize user information in STSs Only the STS knows the passwords, and/or other user information DOI security policies are addressed in one place –STS exchange user credentials for an industry standard digitally signed token Token is then passed around to apps and services Applications/Services only have to know how to interpret the token

3 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Security Token Service Validate User Credentials –Domain accounts / Windows NTLM DOI’s Active Directory For users on the DOI network –Usernames / Passwords ADAM / AD LDS a light weight implementation of Active Directory For users not on the DOI network –Other credential types Digital Certificates Authenticating partner applications / services running automated processes Transform User Credentials –Make claims about a user –Wrap the claims within a digitally signed SAML Token

4 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Security Token Process Apps and Services will never see usernames and passwords, just SAML tokens

5 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Authorization (What are you allowed to do) Role based authorization –Users are placed in groups (roles) and permissions are applied to the group –Access to a resource is done by comparing the users role to roles defined for the resource –Advantages: Permission management on small number of groups instead of many users –Limitations: Permissions are applied to resources at a very broad level. Granular rules will require more and more groups Roles only have meaning within individual applications Resource based authorization (Access Control Lists) –Permissions are defined on the resource itself Specify what operation / group / user can access a resource –Advantages: Authorization rules are up held independent of what service is requesting it –Limitations Every resource would have to implement attributes that identify what it is In the case of system files, often requires some form of impersonation to get through operating system process rules

6 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Claims based authorization –Claims are properties that describe the capabilities of an entity Type – allow services consuming claims to know what the claim is in reference to Right –describes the capability the entity has over a resource Resource - something to which a claim is made over –Essentially does role based authorization and more Roles are based on identity. Identity one of many claims that can be made about a user –Advantages: Separates authorization rules from the mechanisms used for authentication Authorization policies, based on claims, can be created down to a very granular level Very good at controlling access across platforms and applications

7 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Challenges Solved and Still to Solve Authentication from multiple sources –Currently can do multiple types of STS Transparent logins for domain users Form based username / passwords against ADAM / AD LDS Digital Certificates Will be developing a flexible and reusable API for authorization –Determine general claim types that are needed across our services –Identify service specific claim types that will be needed –Make it all work for client applications other then web browser Excel Access Etc.

8 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Unit IRMA Infrastructure Services

9 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Problems to Solve Multiple copies of unit, park, etc. databases being used (every app had a different one!) Inconsistent park codes and names used No common maintenance practices

10 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Version 1.0.0 Centralized data source Initial IRMA coding standards, service structure Very atomic methods (not user-friendly, but they work)

11 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Example Reference Service – Search Page http://nrinfo.nps.gov Pick List = data + web controls:

12 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Short-term Vision Full integration with IRMA practices Standardized park codes More efficient fetch methods More sophisticated web controls

13 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Longer-term Vision Customizable web controls Accessible service for networks and parks Search and report page in NRInfo Portal Subunits: –Management districts, ranger districts, etc. Maintenance functions

14 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Taxonomy IRMA Infrastructure Services

15 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Problems to be Solved Multiple applications need to manage information about taxa We need a common currency for discussing taxa We would like to use other taxonomic datasets besides ITIS, such as USDA Plants

16 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Version 1.0 Four primary parts –Names –Categories –Sources –Classifications Searching by Name and by Code Taxon Profile pages Integration with Species

17 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Search by Name

18 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Search by Code

19 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Search Results

20 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Taxon Profile

21 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Short-term Vision Include authorities Integrate USDA Plants list Downloadable taxonomy lists Saved searches and layouts Transform a taxa list using Crosswalks Links to external Classification Sources More search options

22 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Long-term Vision Adding and editing Taxa Roll-up to Ranks Authentication Change History Management Commenting Other types of taxonomies

23 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Benefits One-stop shopping for Taxonomy NPS Taxon Code serves as common currency New Classification Sources can be loaded, adding new sets of names

24 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Reference Service Update Data Manager’s Conference April, 2009

25 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Overview Problem Current Status Short-Term Plans Long-Term Vision Benefits of Service

26 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting What is the Problem? Fundamental need to manage citations/metadata –Documents –Datasets –Photos –Other Citations/Metadata in different systems Hard to associate/group references Applications do not adequately serve the needs of the natural resources program

27 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Reference Service 1.0 Active, non-sensitive, and non-proprietary citations from NatureBib and Data Store Limited subset of the Reference attributes Basic searching and read-only viewing No user-name or password required to search Download attachments Creating/Editing still done through NatureBib and Data Store

28 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting

29 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Search Simple search (search logic behind the scenes) Must be easy to use

30 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Search Results

31 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Detailed View

32 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Short-Term Plans 1.x Iterations –Functionality of NatureBib and DataStore –Begin to clarify definitions –Introduce Reference Owner and Unit Steward roles –Begin Reference Relationships Split into related references (e.g., book chapter is part of book) Begin to Combine duplicates Show related references as one in Portal –Create Reference from XML record –Integrate with other services 2.0 + –Turn off NatureBib and Data Store –Begin following Long-Term Road Map for adding functionality

33 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Long-Term Road Map Stakeholder Interviews Project Scope Version Timeline

34 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Stakeholder Interviews Fall of 2008 Gather user needs 100+ people interviewed 25+ meetings

35 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Road Map - Project Scope Out for review - March 2009 Integrates user needs Proposes long-term functionality Very general and… dry Minimize risks –Get everyone on the same page –Identify logical flaws Survey to Get Feedback/Comments

36 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Survey Results Chapter TitleAverageStDev Reference Collections1.20.5 Change History Management1.20.5 Notification1.20.5 Search/Query References1.20.4 Introduction1.20.6 System Level User Groups and Role Management1.30.7 Reference-Reference Relationships1.40.7 Import/Export References1.51.0 Reference-Taxonomy Relationships1.50.7 Holdings1.50.9 Reference Unit Relationships1.50.8 Reference Management1.60.9 User Comments and Discussion Threads1.81.3 Appendix1.91.2 Accessing the Reference Service via SOAP Messages2.01.1

37 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Road Map – Version Timeline Prioritize functionality in Project Scope Can begin once Project Scope is completed Very important beyond 2.0

38 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Further Development and Refinement Progressive elaboration Regular user feedback

39 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Benefits Leverages functionality of other services –Taxonomy –Units –Authentication –File Can be leveraged by other services –Species –Project –Data Clearinghouses

40 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting NPSpecies Update Presented by: Alison Loar

41 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting New NPSpecies is Useful Because Shared infrastructure –Units, Taxonomy, Authentication, etc Reusable controls New user friendly user interface on the NRInfo Portal Ability to access service fetch operations to “build your own”

42 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Current Status NPSpecies 2.0.3 on NRInfo Portal Certified Species Lists –For data that have been certified –ability to download lists Live Demo…

43 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Upcoming Release NPSpecies 2.1.0 –Released next month –Species lists with more views –Park-Species Profile –Simple stats –List of Units (where one species is found) –Live Demo…

44 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Roadmap Release Plan Short Term NPSpecies 2.2 Integrate NPSpecies with New Match List Application NPSpecies 2.3 Integrate NPSpecies with New Evidence Applications (Vouchers, Observations, References) NPSpecies 3.0 Add/Edit/Delete Turn off NPSpecies 1.0

45 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Roadmap Release Plan Long Term NPSpecies 3.1 –Ability to have multiple species lists for one category & one unit in NPSpecies –Tools to Compare and Merge data NPSpecies 3.2 –QA toolbox with QA Filters –Automated workflow

46 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting IRMA Summary: What this Means for You Data Manager’s Conference April, 2009

47 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Accessing Information Web Portal –Consistent Interface –Brings multiple services together SOAP Messages

48 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting SOAP Messages Simple Object Access Protocol Get information without a web interface Text messages Industry Standard (e.g., Travelocity) Supported by other Languages and Applications MS Products Python

49 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Example SOAP Message Birds of ROMO NPS 20080104

50 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Example Messages FetchReferenceList CreateReference FetchReferenceHolding DeleteReference

51 NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Application to Networks Custom applications Integrate multiple services for higher level functionality Automatic update of web pages

Download ppt "NPS Natural Resource & GIS Programs Inventory and Monitoring Program 2009 Data Manager’s Meeting Identity Management."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Natural Resource Program Center Inventory & Monitoring Program IRMA and the National Resource Information Portal 2010 Resource Information Management Conference.

Natural Resource Program Center Inventory & Monitoring Program IRMA and the National Resource Information Portal 2010 Resource Information Management Conference.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
Program Management Portal: Overview for the Client

Program Management Portal: Overview for the Client
Multi-Mode Survey Management An Approach to Addressing its Challenges

Multi-Mode Survey Management An Approach to Addressing its Challenges
Test Case Management and Results Tracking System October 2008 D E L I V E R I N G Q U A L I T Y (Short Version) www.megalith-solutions.com.

Test Case Management and Results Tracking System October 2008 D E L I V E R I N G Q U A L I T Y (Short Version)
Getting to know IRMA ( Integration of Resource Management Applications) - Overview By: Margaret Beer, Brent Frakes, Alison Loar, Simon Kingston National.

Getting to know IRMA ( Integration of Resource Management Applications) - Overview By: Margaret Beer, Brent Frakes, Alison Loar, Simon Kingston National.
Natural Resource Program Center Data Manager’s Conference Layout the Foundation for SOA Transformation April 3, 2008.

Natural Resource Program Center Data Manager’s Conference Layout the Foundation for SOA Transformation April 3, 2008.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Understanding Active Directory

Understanding Active Directory
A Guide to Getting Started

A Guide to Getting Started
Enterprise Business Information Model Enterprise Data Services.

Enterprise Business Information Model Enterprise Data Services.
State of Indiana Business One Stop Process Storyboards To support RFP and Requirements As of September 13, 2013 Prepared by: RFP 14-47 Attachment L.

State of Indiana Business One Stop Process Storyboards To support RFP and Requirements As of September 13, 2013 Prepared by: RFP Attachment L.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Form Builder 4.0.4 Iteration 2 User Acceptance Testing (UAT) Denise Warzel Semantic Infrastructure Operations Team Presented to caDSR Curation Team March.

Form Builder Iteration 2 User Acceptance Testing (UAT) Denise Warzel Semantic Infrastructure Operations Team Presented to caDSR Curation Team March.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
MobeSys Technologies MobeSys – helping you overcome mobile technology challenges.

MobeSys Technologies MobeSys – helping you overcome mobile technology challenges.
Classroom User Training June 29, 2005 Presented by:

Classroom User Training June 29, 2005 Presented by:

Similar presentations

Ads by Google