1 / 11

SOA Security and Federated Identity Management

SOA Security and Federated Identity Management. Normunds Šaumanis IT Architect IBM Software Group. What is the SOA model? . Business Componentization Re-defining today’s monolithic enterprise processes as a set of standardized modular business process components. CBM business components.

jela
Download Presentation

SOA Security and Federated Identity Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SOA Security and Federated Identity Management Normunds Šaumanis IT Architect IBM Software Group

  2. What is the SOA model? Business Componentization Re-defining today’s monolithic enterprise processes as a set of standardized modular business process components CBM business components Service Oriented Architecture An IT model which mirrors the interaction of business components through a set of IT applications implemented as real-time services that interact dynamically SOA application “components” * (XML, SOAP, WSDL, UDDI) provide an interface toolkit for components Web Services A set of vendor neutral and platform agnostic standards that can be used to define how SOA components interact Business components SOA components Service Interactions * Each SOA application component may be made up of multiple applications

  3. Web Services Security Applications Suppliers SOAP/HTTP Services Driven Interactions Web Services Legacy Applications Partners Security Checkpoint SOAP WebServices Non Web Services Web ServicesRemote Portlets Web Services Company Portal Remote Portals How do we identify and authenticate the service requester ? How to we identify and authenticate the source of the message ?Is the client authorized to send this message? Can we ensure message integrity & confidentiality ?How can I audit the access to Web Services? Multiple layers of enforcement – perimeter, gateway, app server, application

  4. Identity Management & Service Oriented Architecture http://www.ibm.com/developerworks/library/ws-soa-progmodel7/ New Capability “Identity” “Service” Existing Capability SOA Security (Web Services Security Management) Services View Enterprise Identity mgmt Federated Identity Management (Federated User Lifecycle Management) Web Single Sign-On Services Transformation Access Management Identity Management Service Oriented Architecture (SOA)“Services” Identity Management Market “Identity” Identity transformation from a product-centric view to a service-centric view – move to adoption of service-oriented architectures with federation characteristics for simplifying identity management and strengthening corporate compliance

  5. Enforce • authentication • authorization Administer • provision/manage Synchronize • meta-directory Store • directory • LDAP Identity Management Ecosystem

  6. Enforce • authentication • authorization Administer • provision/manage Synchronize • meta-directory Store • directory • LDAP Identity Management Ecosystem IBM Tivoli Access Manager IBM Tivoli Identity Manager IBM Tivoli Directory Integrator IBM Tivoli Directory Server

  7. Federated Identity Management Enterprise B WS-Security Liberty SAML IBM Tivoli Federated Identity Manager Enterprise A Enterprise C

  8. Identity Integration Problem How to share information with trusted providers? Partners using WS-Federation SAP Platform “Identity” “Identity” Partners using Liberty “Identity” Multi Protocol Federation Gateway “Identity” WebSphere Platform “Identity” Partners using SAML in their Portal or Web “Identity” MS .NET Platform “Identity” Partners using WS-Security Identity Management as a business process for cross-enterprise collaboration

  9. Federated Identity Management • Definition • An “identity federation” is a federation in which identity management (authentication, access control, auditing, and provisioning) is distributed between the partners based on their role within the federation. • An Identity Federation can allow users from one federation partner to seamlessly access resources from another partner in a secure and trustworthy manner. • Roles • End user • Identity Provider (IdP) • Service Provider (SP) • Functions • Single Sign-On/Sign-Off (including “global” sign-off) • Provisioning/De-provisioning • Account Linking/De-linking

  10. FIM Technologies and Standards Identity Management for Federated Web Services(HTTP and SOAP-based SSO using Security Tokens) Identity Federation Management HTTP Single Sign ON WS-Federation (Passive, Active) Liberty (Passive) SAML Kerberos SAML (Passive) Liberty (Passive) PKI Username HTTP Federation Web Services Federation

More Related