navigating the standards landscape
DESCRIPTION
Navigating the Standards Landscape. Andrew Owen SEARCH. Goals. Discuss Information Sharing Standards Describe the problems these standards solve Introduce proven approaches for implementing these standards. Many ways to share information and capabilities. VS. - PowerPoint PPT PresentationTRANSCRIPT
Navigating the Standards LandscapeAndrew Owen
SEARCH
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 2
Goals
Discuss Information Sharing Standards
Describe the problems these standards solve
Introduce proven approaches for implementing these standards
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org 3
Many ways to share information and capabilities
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
Poorly or un-Planned Information Sharing
4
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
Nicely Planned Information Sharing
5
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
Careful Architecture is Key
6
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
Global Reference Architecture (GRA)
•Reference architecture for doing Service Oriented Architecture (SOA)
•Based on the OASIS SOA Reference Model
7
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
GRA/SOA
8
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
SOA
9
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
GRA/SOA Principles
Standard Service ContractsLoose CouplingAbstractionReuseAutonomyStatelessnessComposability
10
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
GRA makes SOA Easy
11
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
Web Services Service Interaction Profile
Describes how to meet GRA requirements with Web Services:SOAPWSDLWS-AddressingWS-Reliable MessagingWS-TrustNIEMGFIPM/SAML
12
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
GRA Service Specification Package
Service-level interoperability
Specific rules for packaging
Self-contained
13
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
National Information Exchange Model (NIEM)
Standard vocabulary for information exchanges
System-independent
Multi-domain (justice, public safety, emergency management, family services, intelligence etc.)
14
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
Information Exchange Package Documentation (IEPD)
15
• Defines one or more specific information exchanges
• Message interoperability
• Normative and non-normative documentation
• Methodology for developing IEPD
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
GRA and NIEM
16
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
Add a User to the mix
17
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
Global Federated Identity and Privilege Management (GFIPM)
Makes user identity management easier to do
Enables single sign-on
Eliminates the need for multiple logins for a single user
Keeps identity management and user authentication local
18
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
GFIPM
Provides a standard vocabulary of identity access attributes
Enables informed access and authorization decisions
19
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
Service Provider
Protects a web resourceRequests user information from identity providerEnforces access control policiesLogs user activity
20
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
Identity Provider
Snaps on to existing user credential storeAuthenticates usersIssues users assertions to service providers
21
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
GFIPM
22
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
GFIPM and SAML
Based on the OASIS standard called Security Assertion Markup Language (SAML) version 2.0Request User Authentication (SP to IdP)User Authentication Statement (IdP to SP)User Assertion (IdP to SP)SP and IdP Metadata
Industry standard – you probably use this everyday
23
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
GFIPM and Web Services
Control access when a user is behind a web service request
SAML token is passed to the web service
GFIPM provides specific profiles for this
Still requires existence of IdP and SP
24
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
Trust
Shared IdP and SP metadata
Federation Management Function
Cryptography
IT Policy
25
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
Refresher
GRA: big picture of service design and orientation
NIEM: message vocabulary consistency
GFIPM: user access control and identity management
26
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
Implementation Options
Apache CXFApache CamelShibboleth IdPShibboleth SPMicrosoft ADFS 2.0
27
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
Next session…
28