all rights reserved: justiceexperts.com. data(what)function(how)network(where)people(who)time(when)...
Post on 23-Jan-2016
215 views
TRANSCRIPT
All Rights Reserved: JusticeExperts.com
All Rights Reserved: JusticeExperts.com
DataData
(What)(What)FunctioFunctionn
(How)(How)
NetworkNetwork
(Where)(Where)PeoplePeople
(Who)(Who)TimeTime
(When)(When)Motivation Motivation (Why)(Why)
ObjectivesObjectives//
ScopeScope
List of things List of things important to important to the enterprisethe enterprise
List of List of processes processes the the enterprise enterprise performsperforms
List of List of locations locations where the where the enterprise enterprise operatesoperates
List of List of organizational organizational unitsunits
List of List of business business events/cyclevents/cycleses
List of business List of business goals/strategiesgoals/strategies
ConceptuaConceptuall
(Owners’ View)(Owners’ View)
Entity Entity relationship relationship diagramdiagram
Business Business process process modelmodel
Logistics Logistics networknetwork
Organization Organization chart with chart with roles, skill roles, skill sets, security sets, security issuesissues
Business Business master master scheduleschedule
Business rulesBusiness rules
LogicalLogical
(Architect’s (Architect’s View)View)
Data modelData model Essential Essential data flow data flow diagram; diagram; application application architecturearchitecture
Distributed Distributed system system architecturearchitecture
Human Human interaction interaction architecture architecture (roles, data, (roles, data, access), access), security security requirementsrequirements
Dependency Dependency diagram, diagram, entity life entity life history history (process (process structure)structure)
Business rule Business rule modelmodel
PhysicalPhysical
(Designer’s (Designer’s View)View)
Data Data architecture architecture (tables and (tables and columns); map columns); map to legacy datato legacy data
System System designdesign
System System architecture architecture (hardware, (hardware, software software types)types)
User interface User interface (how the (how the system will system will behave), behave), security security designdesign
““control control flow” flow” diagramdiagram
Business rule Business rule designdesign
Build & Build & ImplementImplement(Programmer’s (Programmer’s View)View)
Data design, Data design, physical physical storage designstorage design
Detailed Detailed Program Program DesignDesign
Network Network ArchitectureArchitecture
Screens, Screens, security security architecture architecture (who can see (who can see what?)what?)
Timing Timing definitionsdefinitions
Rule specification Rule specification in program logicin program logic
FunctioninFunctioning Systemg System
Converted dataConverted data Executable Executable programsprograms
CommunicationCommunications facilitiess facilities
Trained Trained people, using people, using the systemthe system
Business Business eventsevents
Enforced rulesEnforced rules
T
E
C
H
N
O
L
O
G
Y
All Rights Reserved: JusticeExperts.com
Technology Architecture
Application Architecture
Data & InformationArchitecture
BusinessArchitecture
All Rights Reserved: JusticeExperts.com
• Immediate Solution
• Simple Point to Point
• No Enterprise Strategy
• No Common Metadata
• No Common Schema
• No Re-Use
Ad Hoc/EDIAd Hoc/EDI
All Rights Reserved: JusticeExperts.com
Probation
Consolidated System
State's AttorneyCourts
Clerk
PublicDefender Jail/Sheriff
CentralDatabase(shared)
All Rights Reserved: JusticeExperts.com
• Technology Solution
• Virtual Point to Point
• Centralized Data/Metadata
• Centralized Services
• Brokered Metadata
Broker
Data
Hub & SpokeHub & Spoke
All Rights Reserved: JusticeExperts.com
AdultCorrections
(DCIS)
JuvenileCorrections
(CDS/Trails)
Prosecution(Blackstone)
District andCountyCourts(ICON)
LawEnforcement
(CCIC)
CICJIS(CentralIndex)
Virtual System - Colorado IntegratedCriminal Justice Information System
TransfersQueries
All Rights Reserved: JusticeExperts.com
State's Attorney
Probation
Courts
Clerk
PublicDefender Jail/Sheriff
Hybrid System(County Level)
MiddlewareServer
DataWarehouse
All Rights Reserved: JusticeExperts.com
Departmentof
Corrections
Departmentof MotorVehicles
Supreme andAppellate
Courts
CriminalHistory
Repository
State Police
TranslationPush/Pull
All Rights Reserved: JusticeExperts.com
• Business Solution
• Common Point to Point
• Enterprise Metadata Registry
• Centralized Registry
• Distributed/Re-Usable Services
Broker
Data
Registry
Metadata
SOASOA
All Rights Reserved: JusticeExperts.com
DiscoveryAgents
DiscoveryAgents
ServiceRequestor
ServiceProvider
PublishFi
nd
Bind
ServiceDescription
ServiceDescription
ServiceClient
All Rights Reserved: JusticeExperts.com
Web ServicesWeb Services
All Rights Reserved: JusticeExperts.com
What is a Web Service?What is a Web Service?
Many definitionsMany definitions
A standard way of requesting a computer system to A standard way of requesting a computer system to perform some action on your behalf, and for the perform some action on your behalf, and for the requested computer to return a response.requested computer to return a response.
““www for applications”www for applications”
At a minimum, however, a At a minimum, however, a web serviceweb service is a piece of is a piece of self-contained software that works over the Internet and self-contained software that works over the Internet and uses a standardized XML-based messaging systemuses a standardized XML-based messaging system
All Rights Reserved: JusticeExperts.com
???John Doe
An Example of What They Are An Example of What They Are Doing TodayDoing Today
King County SO
Bellevue PD
Tukwila PD
UDDI
All Rights Reserved: JusticeExperts.com
Two Aspects to Web ServicesTwo Aspects to Web Services
Use web services that others have created Use web services that others have created (consumption)(consumption)
Create your own web services for others Create your own web services for others to use (publishing)to use (publishing)
All Rights Reserved: JusticeExperts.com
How Does It Work?How Does It Work?
Web Service
Client Application
Application Server
Internet
A request is sent to a computer system to A request is sent to a computer system to perform some action on your behalf, and for the perform some action on your behalf, and for the requested computer to return a response.requested computer to return a response.
XML is used to encode all communicationsXML is used to encode all communications
XML can be based on standards such as GJXDM XML can be based on standards such as GJXDM
All Rights Reserved: JusticeExperts.com
Web Services InteractionWeb Services Interaction
GetTemperature( “92010” ) GetTemperature( “90210” )
Return( “65” )Return( “65” )
Process returned Value
Client Application Application Server
All Rights Reserved: JusticeExperts.com
How Do They Help Me?How Do They Help Me?
Provide access to a wider range of Provide access to a wider range of information and services than a web site.information and services than a web site.
No need to copy data locally as it is No need to copy data locally as it is always available across the Internet.always available across the Internet.
Software systems can reap the same Software systems can reap the same benefits as web client users.benefits as web client users.
Facilitates electronic collaboration Facilitates electronic collaboration between (disparate) systems.between (disparate) systems.
All Rights Reserved: JusticeExperts.com
How Does This Help Justice?How Does This Help Justice?
Existing agencies Existing agencies already form the hubs already form the hubs for justice related for justice related information.information.
Large amounts of Large amounts of useful information useful information already exist, but in already exist, but in disparate systems.disparate systems.
All Rights Reserved: JusticeExperts.com
Where Can an Officer Look for Where Can an Officer Look for Information?Information?
Existing systems Existing systems provide access to provide access to information stored information stored locally within an locally within an agency.agency.
All Rights Reserved: JusticeExperts.com
Some agencies offer Some agencies offer information services information services via a web portal of via a web portal of some kind.some kind.
All Rights Reserved: JusticeExperts.com
Web services can Web services can help create a new help create a new “face” for an agency“face” for an agency
All Rights Reserved: JusticeExperts.com
Web Services ComponentsWeb Services Components
All Rights Reserved: JusticeExperts.com
What is UDDI?What is UDDI?
Web Service RegistryWeb Service RegistryStores which web Stores which web services are being services are being provided by a given provided by a given ProviderProviderStores a list of web Stores a list of web service standardsservice standards(T-Models), and (T-Models), and which web services which web services implement each implement each standard.standard.
UDDI Model
Provider A
Standard Web Service A
Standard Web Service B
Standard Web Service C
Web Service C
Web Service B
Web Service A
Provider B
Provider C
Web Service A
Web Service C
Web Service A
All Rights Reserved: JusticeExperts.com
What is SOAP?What is SOAP?
A lightweight, XML-A lightweight, XML-based protocol for based protocol for exchanging information exchanging information in a decentralized, in a decentralized, distributed environment.distributed environment.
SOAP allows objects (or SOAP allows objects (or code) of any kind -- on code) of any kind -- on any platform, in any any platform, in any language -- to cross-language -- to cross-communicate. communicate.
All Rights Reserved: JusticeExperts.com
What is WSDL?What is WSDL?
An XML format for describing network services An XML format for describing network services as a set of endpoints operating on messages as a set of endpoints operating on messages containing either document-oriented or containing either document-oriented or procedure-oriented information. procedure-oriented information.
It can describe information such as the access It can describe information such as the access point (i.e., URL), protocol (SOAP, HTTP, or point (i.e., URL), protocol (SOAP, HTTP, or MIME) and message format (such as XML MIME) and message format (such as XML Schema) of the Web service. Schema) of the Web service.
All Rights Reserved: JusticeExperts.com
Web Service SecurityWeb Service Security
Web services can use the same security Web services can use the same security technologies as the www.technologies as the www.
Identity theft still remains the biggest Identity theft still remains the biggest security hole.security hole.
Use Defense In DepthUse Defense In Depth
All Rights Reserved: JusticeExperts.com
Web Service EnhancementsWeb Service Enhancements
1.0 provides support for security features 1.0 provides support for security features such as digital signature and encryption, such as digital signature and encryption, message routing capabilities, and the message routing capabilities, and the ability to include message attachments ability to include message attachments that are not serialized into XML.that are not serialized into XML.
2.0 provides policy, security, messaging, 2.0 provides policy, security, messaging, and more and more
All Rights Reserved: JusticeExperts.com
Consuming Web ServicesConsuming Web Services
Universal Description, Discovery and Integration Universal Description, Discovery and Integration (UDDI) registries can be used to catalogue (UDDI) registries can be used to catalogue available Web Servicesavailable Web Services
Use an XML-RPC or SOAP toolkit for your Use an XML-RPC or SOAP toolkit for your platform and your preferred programming platform and your preferred programming languagelanguage
Build your application logic around data retrieved Build your application logic around data retrieved from many different organizations through their from many different organizations through their published Web Servicespublished Web Services
All Rights Reserved: JusticeExperts.com
Publishing Web ServicesPublishing Web Services
Create your Web Service using your Create your Web Service using your preferred programming language and preferred programming language and either the XML-RPC or SOAP toolkit for either the XML-RPC or SOAP toolkit for your platformyour platform
Use the Web Service Description Use the Web Service Description Language (WSDL) to describe your Web Language (WSDL) to describe your Web Service to other software systems Service to other software systems
Allow others to discover your Web Service Allow others to discover your Web Service by publishing to a UDDI serverby publishing to a UDDI server
All Rights Reserved: JusticeExperts.com
Web Services in JusticeWeb Services in Justice
An ideal platform for data sharing without An ideal platform for data sharing without the need to gather data in one placethe need to gather data in one place
Present information obtained from multiple Present information obtained from multiple agencies in a unified viewagencies in a unified view
Can be real timeCan be real time
Available 24 hours a dayAvailable 24 hours a day
All Rights Reserved: JusticeExperts.com
What’s Good About WS ?What’s Good About WS ?
Shares many similarities with existing web Shares many similarities with existing web based interaction (http/s, firewalls, etc)based interaction (http/s, firewalls, etc)
Clients and servers can be created using Clients and servers can be created using unrelated technologiesunrelated technologies
Supports all web site security models Supports all web site security models (http/s, certificates, LDAP etc.)(http/s, certificates, LDAP etc.)
Offers additional security features beyond Offers additional security features beyond that of web sites (WS Security).that of web sites (WS Security).
All Rights Reserved: JusticeExperts.com
PitfallsPitfalls
Massively distributed, therefore no Massively distributed, therefore no standards for error managementstandards for error management
Far greater need for securityFar greater need for security
Response time cannot be guaranteed if Response time cannot be guaranteed if using the standard Internet as the using the standard Internet as the transport mechanismtransport mechanism
All Rights Reserved: JusticeExperts.com
Service-OrientedService-Oriented
ArchitectureArchitecture
All Rights Reserved: JusticeExperts.com
What is SOA?What is SOA?
SOASOA - - (Service Oriented Architecture)(Service Oriented Architecture)
A system for linking resources on demand, A system for linking resources on demand, where resources are made available to where resources are made available to other participants in the network as other participants in the network as independent services that are accessed in independent services that are accessed in a standardized way. This provides for a standardized way. This provides for more flexible loose coupling of resources more flexible loose coupling of resources than in traditional systems architecturesthan in traditional systems architectures
All Rights Reserved: JusticeExperts.com
What is SOA?What is SOA?
At its simplest, SOA is just designing your At its simplest, SOA is just designing your architecture to best work in a Web service architecture to best work in a Web service environment, based on the consumer-environment, based on the consumer-provider model. provider model.
All Rights Reserved: JusticeExperts.com
DiscoveryAgents
DiscoveryAgents
ServiceRequestor
ServiceProvider
PublishFi
nd
Bind
ServiceDescription
ServiceDescription
ServiceClient
All Rights Reserved: JusticeExperts.com
All Rights Reserved: JusticeExperts.com
Technology Architecture
Application Architecture
Data & InformationArchitecture
BusinessArchitecture
All Rights Reserved: JusticeExperts.com
CC/DOCCourtCMSLE CADLE RMS
En
terp
rise
Info
rmat
ion
S
ervi
ces
Lay
erB
ack
En
d
Common Communications
HTTP - SOAP - XML
Access
Collaboration
Assurance
Gateway
Exchange
Workflow
Fro
nt
En
dUser Interface - PresentationUser Interface - Presentation
Justice Applications & FunctionsJustice Applications & Functions
Registries
UDDI Metadata
Common Services
WSDL- Web Services
WirelessTelecomEmailClient
APPSWeb
Browser
All Rights Reserved: JusticeExperts.com
Why is SOA Important?Why is SOA Important?
The nature of e-business is changingThe nature of e-business is changing
Agencies are experiencing an explosion Agencies are experiencing an explosion of interactions both internally and of interactions both internally and externally externally
Need for dynamic A2A relationships that Need for dynamic A2A relationships that drive agencies to employ reusable, drive agencies to employ reusable, flexible, adaptive software services for flexible, adaptive software services for the creation of their CJIS solutions. the creation of their CJIS solutions.
All Rights Reserved: JusticeExperts.com
What Benefits Does SOA Offer What Benefits Does SOA Offer Business Functions?Business Functions?
Concentrate development efforts on building Concentrate development efforts on building services that drive effectiveness services that drive effectiveness Evolve business models and relationships Evolve business models and relationships Reduce costs of internal integration Reduce costs of internal integration Establish interactions with CJ community more Establish interactions with CJ community more efficiently efficiently Deliver business functions to a broader set of Deliver business functions to a broader set of usersusersOutsource IT skills that provide no business Outsource IT skills that provide no business value-addvalue-add
All Rights Reserved: JusticeExperts.com
What Benefits Does What Benefits Does SOA Offer IT Staff?SOA Offer IT Staff?
Easier development, service, and upgrade of solutions
Reuse of existing, proven assets
Reduced dependence on implementation specifics
All Rights Reserved: JusticeExperts.com
SOA SummarySOA SummaryDecouple applications and infrastructure
Allows agencies to quickly build and deploy solutions based on reusable components (internal or external)
Change the target/nature of interactions based on changing business conditions
Leverage flexible business models
Maximize reach to users & partners
Minimize costs and development time
All Rights Reserved: JusticeExperts.com
SecuritySecurity
All Rights Reserved: JusticeExperts.com
Security Issues in Service Security Issues in Service Oriented ArchitectureOriented Architecture
Internal Network
Sheriff’sdatabase Hey, What do you
know about thisguy who was
arrested?
Hey, What do youknow about this
guy who wastried?
Courtdatabase
All Rights Reserved: JusticeExperts.com
Security Issues in Service Security Issues in Service Oriented ArchitectureOriented Architecture
Internet or Intranet
Sheriff’sdatabase
Courtdatabase
SOAP/XML over HTTP
Registry of Services
1. ---
2. ---
I haveinfo
you mightbe interested
in!
So do I!
UD
DI
WS
DL
UD
DI
WS
DL
All Rights Reserved: JusticeExperts.com
The NeedThe NeedIntegrated Justice Integrated Justice
ApplicationApplicationSecurity ChallengesSecurity Challenges Technology to the Technology to the
RescueRescue
Securely exchange Securely exchange information between information between disparate organizationsdisparate organizations
Positively identify both partiesPositively identify both parties
Secure information in transitSecure information in transit
Proper handling at Proper handling at destinationdestination
VPNsVPNs
I&AI&A
Post information to the Post information to the public over the Internetpublic over the Internet
Protect the privacy of Protect the privacy of exchanges with the publicexchanges with the public
Ensure the integrity of court -Ensure the integrity of court -provided informationprovided information
Digital SignatureDigital Signature
PKIPKISSLSSL
Electronic case filing & Electronic case filing & reduced paper processesreduced paper processes
Provide the integrity of an Provide the integrity of an official record in electronic official record in electronic formatsformats
Digital SignatureDigital Signature
PKIPKI
PrivacyPrivacy Provide access on a right-to-Provide access on a right-to-know basisknow basis
EncryptionEncryption
I&AI&A
Support an increasingly Support an increasingly mobile workforcemobile workforce
Protect electronic information Protect electronic information beyond the walls of the beyond the walls of the courthousecourthouse
VPNsVPNs
I&AI&A
EncryptionEncryption
In integrated justice applications, the security problems often surface as a byproduct of implementation
All Rights Reserved: JusticeExperts.com
An Ontology of Security ServicesAn Ontology of Security Services
PreventionPrevention Protected communicationsProtected communications AuthenticationAuthentication AuthorizationAuthorization Access control enforcement Access control enforcement Non-repudiationNon-repudiation Transaction privacyTransaction privacy
Detection and RecoveryDetection and Recovery AuditAudit Intrusion detection and Intrusion detection and
containmentcontainment Proof of WholenessProof of Wholeness Restore ‘secure’ stateRestore ‘secure’ state
Supporting ServicesSupporting Services Identification (& naming)Identification (& naming) Cryptographic key managementCryptographic key management Security administrationSecurity administration System protectionsSystem protections
All Rights Reserved: JusticeExperts.com
Secure Information Sharing:Secure Information Sharing:3 Basic Properties3 Basic Properties
CConfidentialityonfidentiality
IIntegrityntegrity
AAvailabilityvailability
SSL
Digital Signature
VPN
All Rights Reserved: JusticeExperts.com
Identification & Identification & AuthenticationAuthentication
Identification factorsIdentification factors Something you know (password or PIN) Something you have (token/smart card) Something about you (biometric)
Increasingly secure authentication includes Increasingly secure authentication includes multiple factorsmultiple factors
Password protection is still the most prevalentPassword protection is still the most prevalent
Biometrics are receiving substantial interestBiometrics are receiving substantial interest
SI
All Rights Reserved: JusticeExperts.com
I&A—Common (Best?) PracticesI&A—Common (Best?) Practices
Strong password system with auditingStrong password system with auditing
Hardware token with a one-time Hardware token with a one-time passwordpassword
PKI-based with password to unlock PKI-based with password to unlock secret keysecret key
HW token with containing cert & secret HW token with containing cert & secret key with PIN to unlockkey with PIN to unlock
Increa
sing C
om
plexity
SI
All Rights Reserved: JusticeExperts.com
A Typical VPN ApplicationA Typical VPN Application
FIREWALL
PublicSide
Agency Bobdatabase
PrivateSide
• Depending upon the level of trust, the databases may be replicated
• Alice has query-only capability to Bob’s database (and vice versa)
• Access might be user-to-database or computer-to-database
FIREWALL
Agency Alicedatabase
encrypted “tunnel”
C&I
Internet
All Rights Reserved: JusticeExperts.com
What Do VPNs Buy You?What Do VPNs Buy You?
Confidentiality and integrity AT THE NETWORK Confidentiality and integrity AT THE NETWORK LEVELLEVEL
Exploit public networks for reasons of cost Exploit public networks for reasons of cost effectiveness and location flexibilityeffectiveness and location flexibility
Establishment of “communities of interest” with Establishment of “communities of interest” with in private networksin private networks
Does not buy you…Does not buy you… I&A (although many products include that)I&A (although many products include that) Individual security (e.g., secure email)Individual security (e.g., secure email) Protection from other network operators bad practicesProtection from other network operators bad practices
C&I
All Rights Reserved: JusticeExperts.com
e-shopper’s browser (client)
e-merchant’s web server (host)
Client Hello Message
Starts the session
Server Hello Message
Send certificate containing server’s public key1
Client Key Exchange Message
Send session key encrypted with server’s public key
Finished
Exchange information encrypted with the session key
SSL Can Provide ConfidentialitySSL Can Provide ConfidentialityC
All Rights Reserved: JusticeExperts.com
What Does SSL Buy You?What Does SSL Buy You?
Secure (i.e., encrypted) communications Secure (i.e., encrypted) communications between two parties who previously don’t between two parties who previously don’t know each other (digitally, that is)know each other (digitally, that is)
Broad standardization; easy user Broad standardization; easy user participationparticipation
Confidentiality at the SESSION LEVELConfidentiality at the SESSION LEVEL
Option for two way authenticationOption for two way authentication
C
All Rights Reserved: JusticeExperts.com
Secret vs. Public Key EncryptionSecret vs. Public Key Encryption
TrustedHolder ofPublic Keys
ESECRET KEY(m) DSECRET KEY(m)encrypted messagedigital signature
• Alice encrypts her message with Bob’s public key: confidentiality
Alice BobJudge Bob
EBob-public(m) DBob-private(m)
Attorney Alice
AuthorityCertificate
DBob-public(m) EBob-private(m)
• Bob encrypts his message with his private key: integrity (digital signature)
C&I
All Rights Reserved: JusticeExperts.com
Electronic vs. Digital Electronic vs. Digital SignatureSignature
ElectronicElectronicDoes not guarantee the Does not guarantee the integrity of the integrity of the documentdocument
Can be loosely Can be loosely biometricbiometric
TransactionalTransactional
Eliminates enrollmentEliminates enrollment
DigitalDigitalImplies the use of PKIImplies the use of PKI
Ensures document Ensures document integrityintegrity
Author cannot deny Author cannot deny involvement (non-involvement (non-repudiation)repudiation)
Requires user to Requires user to “enroll” with “enroll” with Registration AuthorityRegistration Authority300D09262A4B912E41723E300D09262A4B912E41723E
I
All Rights Reserved: JusticeExperts.com
Digital Certificates Bind a Person to Digital Certificates Bind a Person to a Public Keya Public Key
Version (of X.509)
Serial Number (of certificate)
Signature Algorithm (e.g., RSA + more details like key length)
Issuer (in that weird X.500 notation)
Validity date range
Subject (more weird X.500 notation)
Public key (finally)
Digital signature (of issuer)
It’s a computer file
It’s a digital credential
Think of it like a bank signature card
SI
All Rights Reserved: JusticeExperts.com
Security Demands for the Security Demands for the SOASOA
Confidentiality: Protect specific fields and Confidentiality: Protect specific fields and documents in XMLdocuments in XML
Integrity: Information is valid and undisturbedIntegrity: Information is valid and undisturbed
Availability: Critical services remain up and Availability: Critical services remain up and running running
Authentication: Know who you’re talking to on a Authentication: Know who you’re talking to on a enterprise-wide basisenterprise-wide basis
All Rights Reserved: JusticeExperts.com
What’s Available and Why It’s What’s Available and Why It’s LackingLacking
SSLSSL Indiscriminately covers an entire session and on a user to Indiscriminately covers an entire session and on a user to
server basisserver basis
Digital SignatureDigital Signature Good but relies on interoperable PKIsGood but relies on interoperable PKIs
Dumb FirewallsDumb Firewalls Only looks at the network level and misses the threatOnly looks at the network level and misses the threat
UserID/PasswordUserID/Password Still the most common way to get accessStill the most common way to get access No enterprise wide standardizationNo enterprise wide standardization No accommodation for role based access controlNo accommodation for role based access control Lightweight securityLightweight security
All Rights Reserved: JusticeExperts.com
What We NeedWhat We Need
Fine grained encryption in web servicesFine grained encryption in web services
Enterprise standards for digital credentialsEnterprise standards for digital credentials—a law enforcement standard for digital —a law enforcement standard for digital credentialscredentials
““Application aware” firewallsApplication aware” firewalls
Cooperation among PKI owner-operatorsCooperation among PKI owner-operators
Mature standards and tools for developersMature standards and tools for developers
Peace on EarthPeace on Earth
All Rights Reserved: JusticeExperts.com
Standards-Based Standards-Based Approaches: SAMLApproaches: SAML
OASIS standard based on XML
Includes assertions for Authentication (e.g., I
authenticated thru RISS or ARJIS, …)
Attributes (e.g. I’m a member of ATIX)
Authorization Extensible Incorporates XML digital
signature standards Version 2.0 now available
Source: Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML), OASIS Standard, 5 November 2002
All Rights Reserved: JusticeExperts.com
TransportTransport
MessagingMessaging
DescriptionDescription
DiscoveryDiscovery
QualityQualityof Serviceof Service
Integration
HTTP, BEEP,IIOP, JMS, SMTPHTTP, BEEP,IIOP, JMS, SMTP
XML,EncodingXML,Encoding
SOAPSOAP
WSDLWSDL
UDDIUDDI
Reliable MessagingReliable Messaging
Business Process Languages:Business Process Languages:BPEL, XPDL, BPMLBPEL, XPDL, BPML
SecuritySecurity
TransactionsTransactions
CoordinationCoordination
Business Collaboration Language: Business Collaboration Language: Choreography Description LanguageChoreography Description Language
ContextContext
WS Interoperability StackWS Interoperability Stack