Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 1
SOA Security ProgrammingModel
Anthony NadalinDistinguished EngineerIBM Corporation
Presented by Mike Perks
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 2
Agenda
• Securing an on demand business
• Business requirements
• on demand security infrastructure
• Service Oriented Architecture andSecurity
• Federation and trust management
• Business driven application security
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 3
Helps Secure Business Applications
Affects Business Strategy
Needed to Secure theInfrastructure
Impacts Business Processes andOperations
Security is a BusinessRequirement that …
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 4
Manage identity within and acrossenterprise(s)
Protecting privacy and security of customer andemployee information
Manage security policies to mitigate risks
Ensure integrity of the environment (delegated,federated)
Securing exchange of business criticalinformation
Customer Pain Points
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 5
Understanding the pain pointslead to ..
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 6
on demand security infrastructure
Secure Business Process and collaboration
Secure Systems and Networks
Identity and Access
Management
Data protection and disclosure
control
Security Monitoring and audit
Secure Transactions
Secure Business Process and collaboration
Secure Systems and Networks
Identity and Access
Management
Data protection and disclosure
control
Security Monitoring and audit
Secure Transactions
Business Controls, Risk and Security Compliance Management
Secure Business Process and collaboration
Secure Systems and Networks
Identity and Access
Management
Data protection and disclosure
control
Business Controls, Risk and Security Governance
Secure Business Process and collaboration
Secure Systems and Networks
Identity and Access
Management
Data protection and disclosure
control
Security Monitoring and audit
Secure Transactions
on demand security fabric
Toolin
g for
model driven security
infr
astr
uctu
re
on demand security management disciplines
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 7
that help secure an on demandenvironment ..
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 8
So as to achieve …
Enterprise Integration and Virtualization• Security Services• Security components• Pluggability and customizability• Consistent and coherent model
Based on• Service Oriented Architecture• Componentization• Standards based interoperability and integration• Loose coupling and virtualization• Adapters to legacy applications
Using• Security policies from executives to IT staff• End to end tools from modeling to infrastructure management• Governance model and delegation of authority
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 9
.. Using Security Fabric that isStandards Based and Pluggable
3rd Party
3rd Party3rd Party3rd Party
Authentication
SPI
Kerberos, RACF
3rd Party
Authorization SPI
Authz provider
Cred Mapping SPI
Management
provider
Identity
Management
Mapping provider
User Registry
LDAP, OS registry
Policy, Audit,
Intrusion
Detection, Privacy
Operating Environment Security Runtime - Credential propagation, authentication, context establishment, authorization checks, audit, privacy,
Runtime Security APIs
(login, authorization, etc)
Administrative Security APIs
(create user, change policy,..)
Vendor API extensions
(J2EE, Unix, …)
Enterprise Service BusUtility Business ServicesBusiness Application Services
On Demand Applications
…
WS-Authorization WS-Trust WS-Attribute ServiceWS-Trust
WS-Federation
WS-Policy
WS-Privacy
WS-Attribute Service
Security Services Infrastructure
3rd Party
3rd Party3rd Party3rd Party
Authentication
SPI
Kerberos, RACF
3rd Party
Authorization SPI
Authz provider
Cred Mapping SPI
Management
provider
Identity
Management
Mapping provider
User Registry
LDAP, OS registry
Policy, Audit,
Intrusion
Detection, Privacy
Operating Environment Security Runtime - Credential propagation, authentication, context establishment, authorization checks, audit, privacy,
Runtime Security APIs
(login, authorization, etc)
Administrative Security APIs
(create user, change policy,..)
Vendor API extensions
(J2EE, Unix, …)
Enterprise Service BusUtility Business ServicesBusiness Application Services
On Demand Applications
…
WS-Authorization WS-Trust WS-Attribute ServiceWS-Trust
WS-Federation
WS-Policy
WS-Privacy
WS-Attribute Service
Security Services Infrastructure
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 10
Agenda
• Securing an on demand business
• Business requirements
• on demand security infrastructure
• Service Oriented Architecture andSecurity
• Federation and trust management
• Business driven application security
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 11
Federated Lifecycle Management
Partner
Enrollment
Partner-Role-
Attribute
Management
Business
Driven
Trust
Agreements
Partner-User
Enrollment
Security
& Identity
Agreements
User Life cycle
Management
Partner
Enrollment
Transaction/Data
Agreements
Technical
Policies
Operational
Best
Practices
Credentials
Management
Audit
Agreements
Privacy
Agreements
Role/Permission
Management
Attribute change
Management
Federation/
De-federation
Provisioning/
Deprovisioning
Scenario
Management
Scenario
Realization
Identity
Relationship
Management
Audit and compliance
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 12
Federations Require Trust
TrustReflects business relationshipNeeds governance modelImplemented using technology
Trust between Identity Provider and Service ProvidersThis can be implemented using technologyTrust can be provided by WS-Trust, WS-Security, WS-SecureConversation
Trust between users and Identity ProvidersThis can be facilitated by technologyRequires business, legal and “faith based” solutions
Trust by users of how IdP will user their informationThis can be mitigated by WS-Policy familyAlso requires business, legal and “faith based” solutions
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 13
SOAPHTTPS, JMS, MQ
WS-Security Family(Kerberos,X.509, SAML)
Authentication
Authorization
Provisioning
SSO
Users
Web Services Security Model
End to End Security model simplifies integration between companies
Each Web Services message can be individually authenticated, integrity &
confidentiality protected and authorized
Web Services
Security
Gateway
Web Services
Client Requestor Service Provider
B2B
B2B 2 C
Audit
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 14
Security
Checkpoint
Web Services Security
SuppliersApplications
Legacy
Applications
SOAP/HTTP
SOAP Web Services
Web Services
Non Web
ServicesPartners
Services Driven Interactions
How do we identify and authenticate the service requester ?
How to we identify and authenticate the source of the message ?
Is the client authorized to send this message?
Can we ensure message integrity & confidentiality ?
How can I audit the access to Web Services?
Multiple layers of enforcement – perimeter, gateway, app server,
application
CompanyPortal
Remote
Portals
Web Services
Remote Portlets
Web Services
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 15
End to End Message Security
(trust relationship) (trust relationship)
(trust relationship)
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 16
Managing Trust
Audit
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 17
Managing IntegrityManage trust
Use Infrastructure componentsMay be sharedNeed to be trusted components (they are the enforcement points)Interaction (with partners, etc) and role played by infrastructure is managedDelegated authority to LOBs
Application specific policiesShared infrastructure but different policies (specific to LOB, application, etc)Gives flexibility and control
ComplianceAudit and monitoringAccountability and integrity
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 18
Web Services Security Roadmap
SOAP Foundation
WS-Security
WS-SecureConversation
WS-Trust WS-Privacy
WS-Policy
WS-PolicyFramework
WS-PolicyAttachments WS-PolicyAssertions
WS-AuthorizationWS-Federation
Polic
y
Layer
Fe
de
ratio
n
Layer
SOAP Foundation
WS-Security
WS-SecureConversation
WS-Trust WS-Privacy
WS-Policy
WS-PolicyFramework
WS-PolicyAttachments WS-PolicyAssertions
WS-AuthorizationWS-Federation
Polic
y
Layer
Fe
de
ratio
n
Layer
Today
Tim
e
Today
Tim
e
Implementations Available Today
Specifications Announced
TBA
Spec: 8 May 2000
Spec: 5 Apr 2002
OASIS Standard
Spec: 18 Dec 2002
Spec: 8 July 2003
Spec: 28 M
ay 2
003
Spec: 18 Dec 2002
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 19
Application lifecycle and securitypolicies
Corporate policies and line of business/domain specificpolicies
Relevance to business process and business applications
Platform specific models
Impact on IT infrastructure
Compliance and monitoring
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 20
Analyze &
DesignManage &
Monitor
Model
Business
ImplementDeploy
Develop Iteratively
Focus on Architecture
Continuously Ensure Quality
Manage Change & Assets
Model security requirementsand application security
Declare application
security policies;
Build and test secure applications
Configure infrastructure for
application security;
Subscribe and customize security policies
Manage security of the business application;Monitor behavior and
change policies as necessary
Security policy officer
Security auditor
Business analyst
Security architects
Application architects
Application programmer
Security developer
Application administrator
Security administrator
IT administrator
Security administrator
Operator
Business driven application
securityDefine businessand corporate
securitypolicies
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 21
Business application policies
Analyzing relevance to business processesand applications
Translating intent/goals into enforceablepolicies
Business vocabulary vs. implementation
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 22
Application modeling andsecurity policies
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 23
Programming model:Infrastructure vs. application managed
Infrastructure managed (gateways, application container)Let application concentrate on business logic
Let the infrastructure enforce the intended policies
Policies aligned with business goals and deployment patterns
Policies may come from
application artifacts (e.g., deployment descriptors),
system configuration (e.g., based on topology), and
published policies (based on target interactions e.g. ws-policy)
Application managedArchitected and standardized call-outs
Abstract out as a security provider (e.g., JAAS, JACC)
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 24
Deployment and management
Corporate, IT policies, etc
(e.g., use corporate LDAP)Application policy
(e.g., in deployment descriptors)
Solution Install
Subscription time changes
(e.g.,
High level security, Fabrikam as
certificate authority)
SubscribeRequestor
(consumer)
Service
Provider
Consumer
administrator
ERP
Travel app
Transform, persist and distribute policies to security provider
(e.g., Security XACML policies and coordinates with
Tivoli AccessManager )
Security Policy Manager
e.g. Tivoli AccessManager
Initial policies are ‘pushed ’ or stored;
updates are pushed or pulled:
XACML policy docs
Application Server runtime
Runtime Publication of Policies(e.g., WS -Policy)
(e.g., 128 bit SSL required,
X.509 certs from Verisign )
Administer policies
Manage/Administer & Runtime
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 25
Federated Identity
Management
(Federated User Lifecycle
Management)Web Single
Sign-On
SOA Security (Web Services
Security Management)Services View
Access Management
Existing Capability
New Capability
Identity Management
Identity Management Market “Identity”
Service Oriented Architecture (SOA)
“Services”
Enterprise Identity mgmt
Services Transformation
Identity transformation from a product-centric view to a service-centric view – move to adoption of service-oriented architectures with
federation characteristics for simplifying identity management and strengthening corporate compliance
“Identity”“Service”
Identity Management & ServiceOriented Architecture
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 26
Identity Integration Problem
Multi Protocol
Federation Gateway
Partners using
WS-Federation
Partners using
Liberty
Partners using
SAML in their
Portal or Web
Partners using
WS-Security
SAP Platform
WebSphere Platform
MS .NET Platform
“Identity”
“Identity”
“Identity”
“Identity”
“Identity”
“Identity”
“Identity”
How to share informationHow to share information
with trusted providers?with trusted providers?
Identity Management as a business
process for cross-enterprise
collaboration
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 27
Identity & Web Services -LandscapeIndustry leveraging Federation to “simplify” Service Delivery and providesuperior end user experience
New Service Enablers are driving need for identity sharing based on Webservices
Presence, Location, Group Management etc
HTTP Centric Services still a dominant delivery modeli.e. Services are Built and Delivered using normal HTTP to browser-based clientsE.g. Location-based Services, Third-Party ContentEnables Mobile Operator to assume the role of “Trusted Identity Provider/Authority” in mediatingvalue-add data services with third-partiesHTTP Identity Services Standards in Mobile Industry
• Current Deployments happening with Liberty ID FF 1.1/1.2• Role of SAML 1.0/1.1 very minimal in mobile industry (due to Liberty uptake)• SAML 2.0 will converge Liberty ID FF 1.1/1.2 and SAML 1.0/1.1 but adoption of SAML 2.0 not likely until 2006• WS-Federation becomes a critical strategy for integration with Microsoft Active Directory and Microsoft .NET
Services
Federation of Web Services is a dominant theme in “Service OrientedArchitecture”
i.e. Services are discovered using Web Services (WSDL)Dominant Web Services Security Platform is WS-SecurityWS-Security now an official OASIS standard and implementations available from leading middlewareplatforms from Microsoft .NET and IBM
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 28
Best Practice – Enterprise UserProvisioning
Administrator/CSR
Identity Management
HR Feed
DelegatedAdminWorkflow
PasswordSync/Reset
Enterprise
Identity
Foundation
PartnerUsers
Legacy
ERP
Portal
ERP
Portal
LDAP
Bi-directionalProvisioning
DAML/DSML
Directory
Self-
Care
Authoritative
Feeds
AccountProvisioning
Legacy
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 29
Best Practices – AccessManagement
Web Access /
Web SSO
Benefits Service Billing ServicePortal
Service
Web
SSOWeb SSO Web SSO
WS-Security/WS-
Federation/SAML/Liberty
Partners using
Microsoft®
Partners using
Liberty
Partners using
SAML
Micro
SSO/Authentication/Authorization
Third-party User
Partner
Third Party
Third-Party
Access
Federated ID
User
Federate
d Access
Direct
Access
WS-
Federation/SAML/Liberty
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 30
Deployment Patterns & Roles –Federated Web Services
C2B / E2B HTTP
C2B – Web Services
B2B – Web Services
Composite Patterns – C2B + B2B
Identity Provider, Service Provider
Web Services Client, WS Provider
Web Services Client, WS Provider
Identity Provider; WS Client,Service Provider; WS Provider
Patterns Roles
Consumer-2-Business (C2B)
Employee-2-Business (E2B)
Business-to-Business (B2B, e.g. Portal to Portal)
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 31
C2B2B - Portal to Portal –Deployment
PORTAL
(Identity Provider)
Users
Service
Provider/WSP
Enterprise
Directory
local ID Token
WS
-Tru
st
Security
Service
Policy Service
Web Services Client
Security
Token
Web Services
Provider
Token local ID
WS
-Tru
st
Identity
Service Enterprise
Directory
Security
Service
Policy Service
Identity
Service
SOAP Request
WS-Security
To
kenThird-party
User
Third Party
XML/Web Services
Gateway
XML/Web Services
Gateway
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 32
Federated
Identity
Provider
(Liberty)
Web Services
Providers
(Remote
Portals)
Federated
Identity
Provider
(WS-Federation)
Identity
Services
Federated
Identity
Provider
(Liberty)
Federated
Identity
Provider
(SAML)
Security
Services
Identity Services
Enterprise ID
Gateway Liberty
SAML
WS-Federation SAMLWS-Security
WS-Trust/WS-
Security
Federated
Identity
Provider
(SAML)
Partner Spokes
Enterprise Web
Services Platforms
Web Services
Providers
(Remote
Portals)
Clients
Browser
Rich Client
Mobile Terminal
I “know” this subscriber from my
partner company”I “know” how to connect the
“user” to authorized services
SMB
Identity + Web Services -Architecture
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 33
Compliance – Auditing the Integrity ofMortgage Approval Business Process
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 34
SIMPLE IDENTITY & CHANGE AUDITFOR CONTINUOUS COMPLIANCE
Analytics/
Correlation
Engine
Analytics/
Correlation
Engine
SOX Basel II Visa CISPEU/Japan Privacy
Law
Corporate
Security PoliciesUS Patriot Act
Compliance Drivers
SOX Basel II Visa CISPEU/Japan Privacy
Law
Corporate
Security PoliciesUS Patriot Act
Compliance Drivers
SQL
Rational Requisite Pro
Network Remediation
TPM, TCM, TIM,
TAM, FIMChange
& Remediation
ProcessAbnormal
Events/Alerts Rational Requisite Pro
Network Remediation
TPM, TCM, TIM,
TAM, FIMChange
& Remediation
ProcessAbnormal
Events/Alerts
Workplace for
BCR
(Communicate,
Track)
CEI, CBE Events/State Changes
DB2
AlphaBlox
Dashboard
Business & IT
Reports
Workplace for
BCR
(Communicate,
Track)
CEI, CBE Events/State Changes
DB2
AlphaBlox
Dashboard
Business & IT
Reports
Central
Audit Service
Compliance
Data
(Security, Change,
Archive)
CARS
Central
Audit Service
Compliance
Data
(Security, Change,
Archive)
CARS
INPUT OUTPUT
CEI, CBE
Business Services
CCMDB/
Warehouse
Processes/
WBI
Change Events/
Alerts
Audit
Process
XML Policy
CEI, CBE
Business Services
CCMDB/
Warehouse
Processes/
WBI
Change Events/
Alerts
Audit
Process
XML Policy
CEI, CBE
Identity, Access
(Company & Partner)
TIM/TAM
FIM,SCM
ERP/
CRMDatabase
Security Events/AlertsAudit
Process
XML Security Policy
CEI, CBE
Identity, Access
(Company & Partner)
TIM/TAM
FIM,SCM
ERP/
CRMDatabase
Security Events/AlertsAudit
Process
XML Security Policy
Colorado Software Summit: October 23 – 28, 2005 © Copyright 2005, IBM Corporation
Anthony Nadalin — SOA Security Programming Model Page 35
SummarySecurity is about business, no longer just abouttechnology
SOA enables better Application Integration
Web Services Security standards optimizes thedevelopment, deployment and management ofComposite Applications
Federation is the “bridge” by which web servicessecurity integrates with Service Oriented Architectures