1 / 17

ClearAvenue, LLC

Case studies on Authentication, Authorization and Audit in SOA Environments Dr. Srini Kankanahalli. ClearAvenue, LLC. Headquartered in Columbia, Maryland Focused on Systems Integration, Data Management, Information Security, Storage networking, Custom Software development

beryl
Download Presentation

ClearAvenue, LLC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Case studies on Authentication, Authorization and Audit in SOA Environments Dr. Srini Kankanahalli

  2. ClearAvenue, LLC • Headquartered in Columbia, Maryland • Focused on Systems Integration, Data Management, Information Security, Storage networking, Custom Software development • Premier IBM Business Partner • 25 employees and contractors as of December 2008 • CMMi Maturity Level 2 • 9 Million in 2007 Revenues • clearAvenue,LLC is a 8(a) certified minority women owned Small Disadvantaged Business

  3. Authentication, Authorization, and Audit– The Challenge • Identity and Access Management is a major challenge for all federal agencies • Multitude of Applications, Legacy as well as state-of the art Systems pose additional challenges • The complexity of Federal laws as well as federal contracting regulations further adds to the complexity • Comprehensive End-to-End Audits across multiple systems poses a significant challenge

  4. Perimeter Defense Control Layer Assurance Layer Layers of Security • Perimeter Defense • Keep out unwanted with • Firewalls • Anti-Virus • Intrusion Detection, etc. • Control Layer • Which users can come in? • What can users see and do? • Are user preferences supported? • Can user privacy be protected? • Assurance Layer • Can I comply with regulations? • Can I deliver audit reports? • Am I at risk? • Can I respond to security events?

  5. SOA Security Encompass All Solution Layers 5 5 5 5 SCA Portlet WSRP B2B Other SOA Security • Identity • Authentication • Authorization & Privacy • Auditing • Confidentiality, Integrity and Availability • Compliance • Administration and Policy Management consumers 4 4 4 4 Service Consumer Service Consumer business processes business processes process choreography process choreography 3 3 3 3 Services (Definitions) services atomic and composite atomic and composite 2 2 2 2 Service components 1 1 1 1 Service Provider Service Provider SAP Custom Custom OO OO Packaged ISV Application Application Application Application Packaged Custom Custom Application Outlook Application Application Application Custom Apps Operational systems Platform Supporting Middleware OS/390 MQ DB2 Unix

  6. Identity Management– the basis of comprehensive security

  7. User Provisioning and De-provisioning • User Provisioning across multiple enterprise systems poses significant challenges • User De-provisioning is a greater challenge • Role-based access and Role Management adds to the complexity • Role Engineering encompasses very little “engineering” and lot of “Politics”

  8. Implementing Role-based Access Control • Successfully implemented RBAC with role-based provisioning to legacy as well as state-of the art systems • A Role is a set of entitlements that has a “Business Context” • Roles are not “cast in stone”, but is derived through a “trial and error” process • Role Re-factoring has to be kept in mind during the design and implementation of any RBAC system

  9. Role-based Access to Legacy and Modernized Systems

  10. Legacy systems integration -- Seibel

  11. Federated Identity Management-- Challenge • In many situations, one federal agency has to communicate and access data from another agency • This problem also may exist between multiple subdivisions of the same agency or organization • The solution involves building and propagating trust across boundaries using industry standards • Audits across agencies or subdivisions pose additional challenges

  12. Organization B SAML Organization A Federated Identity Management Across Multiple Organizations

  13. Federation Entities

  14. LDAP SOA Federated Identity Management SAML TFIM SAML Internet Web Service Websphere ND

  15. Multi-Factor Authentication • There are multiple federal and commercial mandates for strong and Multi-factor authentication

  16. Multi-factor based Certificate based Authentication architecture using IBM Tivoli Federated Identity manager

  17. Conclusions • We have implemented complex security patterns in multiple federal agencies • Security is Multi-faceted and hence has to be carefully architected and implemented correctly • The availability of multiple point products adds to the integration complexity • Authentication, Authorization, Audit and Identity Management are all intertwined and has to be planned and implemented correctly to ensure that “Attack Surface” of an organization is minimized

More Related