Presentation is loading. Please wait.

Presentation is loading. Please wait.

Navigating the Standards Landscape Andrew Owen SEARCH.

Published byAlice Roberts Modified over 8 years ago

Similar presentations

Presentation on theme: "Navigating the Standards Landscape Andrew Owen SEARCH."— Presentation transcript:

1 Navigating the Standards Landscape Andrew Owen SEARCH

2 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org 1 Goals Discuss Information Sharing Standards Describe the problems these standards solve Introduce proven approaches for implementing these standards

3 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org 2 Many ways to share information and capabilities

4 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org Poorly or un-Planned Information Sharing 3

5 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org Nicely Planned Information Sharing 4

6 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org Careful Architecture is Key 5

7 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org Global Reference Architecture (GRA) Reference architecture for doing Service Oriented Architecture (SOA) Based on the OASIS SOA Reference Model 6

8 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org GRA/SOA 7

9 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org SOA 8

10 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org GRA/SOA Principles Standard Service Contracts Loose Coupling Abstraction Reuse Autonomy Statelessness Composability 9

11 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org GRA makes SOA Easy 10

12 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org Web Services Service Interaction Profile Describes how to meet GRA requirements with Web Services:  SOAP  WSDL  WS-Addressing  WS-Reliable Messaging  WS-Trust  NIEM  GFIPM/SAML 11

13 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org GRA Service Specification Package Service-level interoperability Specific rules for packaging Self-contained 12

14 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org National Information Exchange Model (NIEM) Standard vocabulary for information exchanges System-independent Multi-domain (justice, public safety, emergency management, family services, intelligence etc.) 13

15 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org Information Exchange Package Documentation (IEPD) 14 Defines one or more specific information exchanges Message interoperability Normative and non- normative documentation Methodology for developing IEPD

16 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org GRA and NIEM 15

17 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org Add a User to the mix 16

18 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org Global Federated Identity and Privilege Management (GFIPM) Makes user identity management easier to do  Enables single sign-on  Eliminates the need for multiple logins for a single user  Keeps identity management and user authentication local 17

19 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org GFIPM Provides a standard vocabulary of identity access attributes Enables informed access and authorization decisions 18

20 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org Service Provider Protects a web resource Requests user information from identity provider Enforces access control policies Logs user activity 19

21 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org Identity Provider Snaps on to existing user credential store Authenticates users Issues users assertions to service providers 20

22 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org GFIPM 21

23 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org GFIPM and SAML Based on the OASIS standard called Security Assertion Markup Language (SAML) version 2.0  Request User Authentication (SP to IdP)  User Authentication Statement (IdP to SP)  User Assertion (IdP to SP)  SP and IdP Metadata Industry standard – you probably use this everyday 22

24 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org GFIPM and Web Services Control access when a user is behind a web service request SAML token is passed to the web service GFIPM provides specific profiles for this Still requires existence of IdP and SP 23

25 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org Trust Shared IdP and SP metadata Federation Management Function Cryptography IT Policy 24

26 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org Refresher GRA: big picture of service design and orientation NIEM: message vocabulary consistency GFIPM: user access control and identity management 25

27 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org Implementation Options Apache CXF Apache Camel Shibboleth IdP Shibboleth SP Microsoft ADFS 2.0 26

28 SEARCH, The National Consortium for Justice Information and Statistics | www.search.orgwww.search.org Next session… 27

Download ppt "Navigating the Standards Landscape Andrew Owen SEARCH."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
NRL Security Architecture: A Web Services-Based Solution

NRL Security Architecture: A Web Services-Based Solution
Architecture and Infrastructure Scott Came Deputy Executive Director SEARCH MAJIC Agency Stakeholders Anchorage, Alaska December 18, 2012.

Architecture and Infrastructure Scott Came Deputy Executive Director SEARCH MAJIC Agency Stakeholders Anchorage, Alaska December 18, 2012.
UDDI v3.0 (Universal Description, Discovery and Integration)

UDDI v3.0 (Universal Description, Discovery and Integration)
Will Darby 91.514 5 April 2010.  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.

Will Darby April  What is Federated Security  Security Assertion Markup Language (SAML) Overview  Example Implementations  Alternative.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
1 Introduction to SOA. 2 The Service-Oriented Enterprise eXtensible Markup Language (XML) Web services XML-based technologies for messaging, service description,

1 Introduction to SOA. 2 The Service-Oriented Enterprise eXtensible Markup Language (XML) Web services XML-based technologies for messaging, service description,
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Troy Hutchison Service Oriented Architecture (SOA) Security.

Troy Hutchison Service Oriented Architecture (SOA) Security.
Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.

Carl A. Foster.  What is SAML?  Security Assertion and Markup Language is an XML-based standard for exchanging authentication and authorization between.
95-804 Applied Cryptography Week 13 SAML 1 95-804 Applied Cryptography SAML and XACML Mike McCarthy Week 13.

Applied Cryptography Week 13 SAML Applied Cryptography SAML and XACML Mike McCarthy Week 13.
WebFTS as a first WLCG/HEP FIM pilot

WebFTS as a first WLCG/HEP FIM pilot
Dharmender Singh Leverage Web Services with DRA to Automate User Provisioning.

Dharmender Singh Leverage Web Services with DRA to Automate User Provisioning.
GFIPM Web Services Implementation Status Update GFIPM Delivery Team Meeting November 2011.

GFIPM Web Services Implementation Status Update GFIPM Delivery Team Meeting November 2011.
GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.

GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.

Similar presentations

Ads by Google