navigating the standards landscape

Navigating the Standards LandscapeAndrew Owen

SEARCH

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 2

Goals

Discuss Information Sharing Standards

Describe the problems these standards solve

Introduce proven approaches for implementing these standards

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 3

Many ways to share information and capabilities

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

Poorly or un-Planned Information Sharing

4

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

Nicely Planned Information Sharing

5

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

Careful Architecture is Key

6

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

Global Reference Architecture (GRA)

•Reference architecture for doing Service Oriented Architecture (SOA)

•Based on the OASIS SOA Reference Model

7

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

GRA/SOA

8

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

SOA

9

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

GRA/SOA Principles

Standard Service ContractsLoose CouplingAbstractionReuseAutonomyStatelessnessComposability

10

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

GRA makes SOA Easy

11

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

Web Services Service Interaction Profile

Describes how to meet GRA requirements with Web Services:SOAPWSDLWS-AddressingWS-Reliable MessagingWS-TrustNIEMGFIPM/SAML

12

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

GRA Service Specification Package

Service-level interoperability

Specific rules for packaging

Self-contained

13

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

National Information Exchange Model (NIEM)

Standard vocabulary for information exchanges

System-independent

Multi-domain (justice, public safety, emergency management, family services, intelligence etc.)

14

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

Information Exchange Package Documentation (IEPD)

15

• Defines one or more specific information exchanges

• Message interoperability

• Normative and non-normative documentation

• Methodology for developing IEPD

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

GRA and NIEM

16

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

Add a User to the mix

17

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

Global Federated Identity and Privilege Management (GFIPM)

Makes user identity management easier to do

Enables single sign-on

Eliminates the need for multiple logins for a single user

Keeps identity management and user authentication local

18

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

GFIPM

Provides a standard vocabulary of identity access attributes

Enables informed access and authorization decisions

19

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

Service Provider

Protects a web resourceRequests user information from identity providerEnforces access control policiesLogs user activity

20

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

Identity Provider

Snaps on to existing user credential storeAuthenticates usersIssues users assertions to service providers

21

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

GFIPM

22

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

GFIPM and SAML

Based on the OASIS standard called Security Assertion Markup Language (SAML) version 2.0Request User Authentication (SP to IdP)User Authentication Statement (IdP to SP)User Assertion (IdP to SP)SP and IdP Metadata

Industry standard – you probably use this everyday

23

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

GFIPM and Web Services

Control access when a user is behind a web service request

SAML token is passed to the web service

GFIPM provides specific profiles for this

Still requires existence of IdP and SP

24

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

Trust

Shared IdP and SP metadata

Federation Management Function

Cryptography

IT Policy

25

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

Refresher

GRA: big picture of service design and orientation

NIEM: message vocabulary consistency

GFIPM: user access control and identity management

26

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

Implementation Options

Apache CXFApache CamelShibboleth IdPShibboleth SPMicrosoft ADFS 2.0

27

SEARCH, The National Consortium for Justice Information and Statistics | www.search.org

Next session…

28