280 likes | 295 Views
Explore the importance of information sharing standards and learn how to implement them effectively. Discover the benefits of careful architecture and the Global Reference Architecture (GRA) for Service Oriented Architecture (SOA) to ensure reliable delivery, security, and access control. Uncover how the National Information Exchange Model (NIEM) and Global Federated Identity and Privilege Management (GFIPM) enhance interoperability and user identity management. Implementation options include Apache CXF, Apache Camel, Shibboleth IdP, Shibboleth SP, and Microsoft ADFS 2.0.
E N D
Navigating the Standards Landscape Andrew Owen SEARCH
Goals • Discuss Information Sharing Standards • Describe the problems these standards solve • Introduce proven approaches for implementing these standards
Careful Architecture is Key Transport? Security? Reliable Delivery? Data Format? Access Control?
Global Reference Architecture (GRA) • Reference architecture for doing Service Oriented Architecture (SOA) • Based on the OASIS SOA Reference Model
GRA/SOA …careful preparation for the future by standardizing important decisions
SOA …about efficiently sharing capabilities and infrastructure
GRA/SOA Principles • Standard Service Contracts • Loose Coupling • Abstraction • Reuse • Autonomy • Statelessness • Composability
GRA makes SOA Easy • Establishes consistent terminology • Establishes guidelines and requirements for: • service identification • service description • service interaction • Provides technology specific conformance targets, called Service Interaction Profiles
Web Services Service Interaction Profile • Describes how to meet GRA requirements with Web Services: • SOAP • WSDL • WS-Addressing • WS-Reliable Messaging • WS-Trust • NIEM • GFIPM/SAML
GRA Service Specification Package • Service-level interoperability • Specific rules for packaging • Self-contained
National Information Exchange Model (NIEM) • Standard vocabulary for information exchanges • System-independent • Multi-domain (justice, public safety, emergency management, family services, intelligence etc.)
Information Exchange Package Documentation (IEPD) • Defines one or more specific information exchanges • Message interoperability • Normative and non-normative documentation • Methodology for developing IEPD
Global Federated Identity and Privilege Management (GFIPM) Makes user identity management easier to do • Enables single sign-on • Eliminates the need for multiple logins for a single user • Keeps identity management and user authentication local
GFIPM • Provides a standard vocabulary of identity access attributes • Enables informed access and authorization decisions
Service Provider • Protects a web resource • Requests user information from identity provider • Enforces access control policies • Logs user activity
Identity Provider • Snaps on to existing user credential store • Authenticates users • Issues users assertions to service providers
GFIPM and SAML • Based on the OASIS standard called Security Assertion Markup Language (SAML) version 2.0 • Request User Authentication (SP to IdP) • User Authentication Statement (IdP to SP) • User Assertion (IdP to SP) • SP and IdP Metadata • Industry standard – you probably use this everyday
GFIPM and Web Services • Control access when a user is behind a web service request • SAML token is passed to the web service • GFIPM provides specific profiles for this • Still requires existence of IdP and SP
Trust • Shared IdP and SP metadata • Federation Management Function • Cryptography • IT Policy
Refresher • GRA: big picture of service design and orientation • NIEM: message vocabulary consistency • GFIPM: user access control and identity management
Implementation Options • Apache CXF • Apache Camel • Shibboleth IdP • Shibboleth SP • Microsoft ADFS 2.0