1 / 28

Navigating the Standards Landscape

Navigating the Standards Landscape. Andrew Owen SEARCH. Goals. Discuss Information Sharing Standards Describe the problems these standards solve Introduce proven approaches for implementing these standards. Many ways to share information and capabilities. VS.

macy
Télécharger la présentation

Navigating the Standards Landscape

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Navigating the Standards Landscape Andrew Owen SEARCH

  2. Goals • Discuss Information Sharing Standards • Describe the problems these standards solve • Introduce proven approaches for implementing these standards

  3. Many ways to share information and capabilities VS.

  4. Poorly or un-Planned Information Sharing

  5. Nicely Planned Information Sharing

  6. Careful Architecture is Key Transport? Security? Reliable Delivery? Data Format? Access Control?

  7. Global Reference Architecture (GRA) • Reference architecture for doing Service Oriented Architecture (SOA) • Based on the OASIS SOA Reference Model

  8. GRA/SOA …careful preparation for the future by standardizing important decisions

  9. SOA …about efficiently sharing capabilities and infrastructure

  10. GRA/SOA Principles • Standard Service Contracts • Loose Coupling • Abstraction • Reuse • Autonomy • Statelessness • Composability

  11. GRA makes SOA Easy • Establishes consistent terminology • Establishes guidelines and requirements for: • service identification • service description • service interaction • Provides technology specific conformance targets, called Service Interaction Profiles

  12. Web Services Service Interaction Profile • Describes how to meet GRA requirements with Web Services: • SOAP • WSDL • WS-Addressing • WS-Reliable Messaging • WS-Trust • NIEM • GFIPM/SAML

  13. GRA Service Specification Package • Service-level interoperability • Specific rules for packaging • Self-contained

  14. National Information Exchange Model (NIEM) • Standard vocabulary for information exchanges • System-independent • Multi-domain (justice, public safety, emergency management, family services, intelligence etc.)

  15. Information Exchange Package Documentation (IEPD) • Defines one or more specific information exchanges • Message interoperability • Normative and non-normative documentation • Methodology for developing IEPD

  16. GRA and NIEM

  17. Add a User to the mix

  18. Global Federated Identity and Privilege Management (GFIPM) Makes user identity management easier to do • Enables single sign-on • Eliminates the need for multiple logins for a single user • Keeps identity management and user authentication local

  19. GFIPM • Provides a standard vocabulary of identity access attributes • Enables informed access and authorization decisions

  20. Service Provider • Protects a web resource • Requests user information from identity provider • Enforces access control policies • Logs user activity

  21. Identity Provider • Snaps on to existing user credential store • Authenticates users • Issues users assertions to service providers

  22. GFIPM

  23. GFIPM and SAML • Based on the OASIS standard called Security Assertion Markup Language (SAML) version 2.0 • Request User Authentication (SP to IdP) • User Authentication Statement (IdP to SP) • User Assertion (IdP to SP) • SP and IdP Metadata • Industry standard – you probably use this everyday

  24. GFIPM and Web Services • Control access when a user is behind a web service request • SAML token is passed to the web service • GFIPM provides specific profiles for this • Still requires existence of IdP and SP

  25. Trust • Shared IdP and SP metadata • Federation Management Function • Cryptography • IT Policy

  26. Refresher • GRA: big picture of service design and orientation • NIEM: message vocabulary consistency • GFIPM: user access control and identity management

  27. Implementation Options • Apache CXF • Apache Camel • Shibboleth IdP • Shibboleth SP • Microsoft ADFS 2.0

  28. Next session…

More Related