an architecture for integrating security across corba, j2ee and web services
TRANSCRIPT
![Page 1: An Architecture for Integrating Security across CORBA, J2EE and Web Services](https://reader030.vdocuments.net/reader030/viewer/2022020702/61fb19512e268c58cd5a22a0/html5/thumbnails/1.jpg)
©2001 Hitachi Computer Products (America), Inc.
An Architecture for Integrating Security across CORBA, J2EE and
Web Services
Hitachi Computer Products (America) , Inc.
![Page 2: An Architecture for Integrating Security across CORBA, J2EE and Web Services](https://reader030.vdocuments.net/reader030/viewer/2022020702/61fb19512e268c58cd5a22a0/html5/thumbnails/2.jpg)
2©2001 Hitachi Computer Products (America), Inc.
Introduction! With the rapid pace of product development focused on
Web Services and the abundance of security technologies being deployed throughout the enterprise, integration of these disparate products and services becomes increasingly important in order to maintain a manageable level of complexity.
Administrators, unable to manage the incompatible security technologies in any other way, resort to replication of data and effort across multiple security datastores.
Auditors are unable to establish the trustworthiness of the complete system.
![Page 3: An Architecture for Integrating Security across CORBA, J2EE and Web Services](https://reader030.vdocuments.net/reader030/viewer/2022020702/61fb19512e268c58cd5a22a0/html5/thumbnails/3.jpg)
3©2001 Hitachi Computer Products (America), Inc.
Security Fundamentals! Authentication
" Proving the principal’s identity" Multi-factor authentication
! Authorization" Controlling access to protected resources
! Accountability" Who got access to what, when" Why - how the decision was made
! Availability" Rejection of attacks" Access to authorized clients assured
![Page 4: An Architecture for Integrating Security across CORBA, J2EE and Web Services](https://reader030.vdocuments.net/reader030/viewer/2022020702/61fb19512e268c58cd5a22a0/html5/thumbnails/4.jpg)
4©2001 Hitachi Computer Products (America), Inc.
System Requirements! Administration
" Common control point for most, if not all, policies! Availability
" Failover" Redundancy" Fault tolerance
! Scalability" Statefull or stateless?
! Standards Support" JCP" OASIS" OMG" W3C" The Next Big Thing
![Page 5: An Architecture for Integrating Security across CORBA, J2EE and Web Services](https://reader030.vdocuments.net/reader030/viewer/2022020702/61fb19512e268c58cd5a22a0/html5/thumbnails/5.jpg)
5©2001 Hitachi Computer Products (America), Inc.
Platform Requirements! Middleware
" COM" CORBA" J2EE" Web Services
! Operating System" Unix" Windows
! Programming Language" C++" C#" Java
![Page 6: An Architecture for Integrating Security across CORBA, J2EE and Web Services](https://reader030.vdocuments.net/reader030/viewer/2022020702/61fb19512e268c58cd5a22a0/html5/thumbnails/6.jpg)
6©2001 Hitachi Computer Products (America), Inc.
What do they have in common?
!Authentication" Translate evidence to credentials" Attributes
" Translate credentials to privileges
!Authorization" Push vs. Pull" Granularity
!Is that it?" If it were only that simple …
![Page 7: An Architecture for Integrating Security across CORBA, J2EE and Web Services](https://reader030.vdocuments.net/reader030/viewer/2022020702/61fb19512e268c58cd5a22a0/html5/thumbnails/7.jpg)
7©2001 Hitachi Computer Products (America), Inc.
How do they differ …! Authorization
" Push vs. Pull" Granularity
" Users " Realms " Domains" Groups " Servers " Transports" Roles " Objects " Directories" Privileges " Methods " Files
! Attribute Services" Translate some input to some output
! Accountability ?! Administration ?! Availability ?
![Page 8: An Architecture for Integrating Security across CORBA, J2EE and Web Services](https://reader030.vdocuments.net/reader030/viewer/2022020702/61fb19512e268c58cd5a22a0/html5/thumbnails/8.jpg)
8©2001 Hitachi Computer Products (America), Inc.
… and what can we do about it?
!Mapping" Credentials" Attributes" Decisions" Auditable events?
!Correlation" Event stream
!Policy" Is it even possible?" Ok, is it feasible?
![Page 9: An Architecture for Integrating Security across CORBA, J2EE and Web Services](https://reader030.vdocuments.net/reader030/viewer/2022020702/61fb19512e268c58cd5a22a0/html5/thumbnails/9.jpg)
9©2001 Hitachi Computer Products (America), Inc.
QPiK Plugin Architecture!Loadable Services
" Adapters" Mapping" Reporting" Routing" Translation" Transport
!Configuration" Transparency" Dependencies
![Page 10: An Architecture for Integrating Security across CORBA, J2EE and Web Services](https://reader030.vdocuments.net/reader030/viewer/2022020702/61fb19512e268c58cd5a22a0/html5/thumbnails/10.jpg)
10©2001 Hitachi Computer Products (America), Inc.
EASI ArchitectureSecurity Service
Consumer
Adapter
TransportMapper
AdapterTransport
Decision Object Policy
Security Service Supplier
Security Service Supplier
Mapper
Transport
Security Service Consumer
Policy Store
Transport
![Page 11: An Architecture for Integrating Security across CORBA, J2EE and Web Services](https://reader030.vdocuments.net/reader030/viewer/2022020702/61fb19512e268c58cd5a22a0/html5/thumbnails/11.jpg)
11©2001 Hitachi Computer Products (America), Inc.
Trusting the trust decision!Can we trust it when we’re done?
" Consolidated configuration" Secure transport" DSIGs on messages
!But …" Can’t trust anything more than the least-trusted
component" In many cases, that’s the transport layer!" Where’s the private key for your SSL server?" Where’s the key encryption key for your private key?
" DSIGs on decision modules" And where do the keys for that come from?
![Page 12: An Architecture for Integrating Security across CORBA, J2EE and Web Services](https://reader030.vdocuments.net/reader030/viewer/2022020702/61fb19512e268c58cd5a22a0/html5/thumbnails/12.jpg)
12©2001 Hitachi Computer Products (America), Inc.
Deployment ScenarioSOAP Gateway
Adapter
TransportMapper
TransportTransport
Policy
Attribute Service
Authorization Service
Mapper
Transport
App Server
Policy Store
Transport
Adapter
Transport
SOAP Request
Decision Object
SAMLCSIv2