Dynamic Access Control Infrastructure for On-demand Provisioned Cloud Services
|
|
- Sheena Randall
- 8 years ago
- Views:
Transcription
1 Dynamic Access Control Infrastructure for On-demand Provisioned Cloud Services Canh Ngo SNE Group, University of Amsterdam OGF-ISOD 33 September 19-21, 2011 Lyon, 2011
2 Agenda Introduction Scenario Motivation Proposals on Security Infrastructure for Ondemand Provisioned Cloud Services Security Reference Model Trust Relationship Model Dynamic Access Control Infrastructure Implementations Summary 2
3 Introduction Scenario Virtual security domain Company A Cloud IaaS Multi-provider Multi-tenant Service Lifecycle Management Company B Company C Cloud Provider 1 Cloud Provider 2 Virtual Resource from Cloud Prov 1 Virtual Resource from Cloud Prov 2 3
4 Introduction Motivation Security context management issues: Integrate with service lifecycles Context delivery and synchronization of isolated operations among multiple tenants Binding end-users operations to separate customers/tenants Trust Management Trust model proposal Trust establishment protocols: establish trust-path/trust-chain between end-users and virtualized resources through supply-chain of providers Bootstrapping protocols for trusted virtualized devices Identity and Access Control Management Authorization policy management: synchronization of policies & reconfigurable resources Identity management, access control Support for virtual security domains across multiple Cloud providers Delegation: Security services/tools delegation for customers/tenants 4
5 Security for On-demand Provisioned Cloud Services Security Reference Model Common Security Service Interface (CSSI) proposal Common Security Service Layer Dynamic Access Control Infrastructure (DACI) proposal Trust model proposal, trust establishment protocols, bootstrapping processes Authentication & Identity Man. Trust Management (Dynamic trust establishment, Bootstrapping) SLA Management Authorization & Policy Man. Security Context Management Security Service Lifecycle Management (SSLM) 5
6 Security for On-demand Provisioned Cloud Services Trust Relationship Model Trust model using cryptographic-based with trust transitivity VIO1 VIO2 Building trust-paths from end-users to virtualized resources Trust-path establishment protocols Bootstrapping for trusted virtualized resources Dynamic Security Association PIP1 VIP1 VIP2 VIP3 PIP2 PIP3 PIP4 PIP: Physical Infrastructure Provider VIP: Virtual Infrastructure Provider VIO: Virtual Infrastructure Operator Static trust link Dynamic trust link Virtual Resource End-user 6
7 Security for On-demand Provisioned Cloud Services Dynamic Access Control Infrastructure Common Security Service Interface (CSSI) SecurityGateway Consolidate a common interface to access security services DACS instance[i] DACI Management Authentication Authority SAML-XACML Layer Authz-token Svc DACI Configuration DACI Monitoring Attr DB Attribute Authority Identity Management Service PIP (Authz Ctx Hdlr) PDP Obligation Handler PAP Authorization Service Authz-token Authority Authz Token Service DACS Man. Service DACI Policy Management DACI Context Management DACI Trust Management DACS Trust Manager Provisioned security services (DACS) DACI: Dynamic Access Control Infrastructure DACS: Dynamic Access Control Services Update authz-policies upon reconfiguring Virtual Infrastructure Dynamic Trust Establishment: DSA, Bootstrapping 7
8 Implementation GAAA-ISOD Toolkit Library Features Dynamic authorization policies: auto generate XACML authz-policies by predefined templates PEP: Common Security Service Interface (CSSI): facilitate integrations of virtualized security services to resources Security token service: XML-based AuthzToken & AuthzTicket, persistent caches, digital signatures Authentication (SAML, X.509, User/Password) Authorization (PDP, PEP, PAP) Security Token OpenSAML SunXACML BouncyCastle (Java crypto library) 8
9 Implementation GEYSERS Project Based on GAAATK-ISOD toolkit WP3-dev: Logical Infrastructure Composition Layer (LICL) FUSE ESB env, OSGi bundles Packages: AAI (AuthN/Z for LICL, NCP+), DACI (AuthN/Z provisioning for Cloud IaaS) WP4-dev: NCP+ AAI web services SecurityGateway AuthnSvc AuthzSvc TokenSvc DACI Policy Man. DACI Man. DACI Trust DACI Context DACS AAI for LICL (eu.geysers.licl.aai.*) DACI GAAA-ISOD Toolkit 9
10 Implementation DACS Integration using SecurityGateway library Isolate tenants/subscribers by Reservation Id (VI-GRI) CSSI Client VR service CSSI CSSI/GAAPI Policy Enforcement Point SecurityGateway Library AuthN AuthZ TokenSvc Identity Management Service Authorization Service DACS instance Security Token Service 10
11 Summary Future work Trust modeling across virtual security domains SSLM bootstrapping protocols for virtual devices: Trusted Computing Platform Architecture (TCPA) Trusted Platform Module (TPM) Federated virtualized Identity and Access Control Management GAAA-ISOD toolkit implementations with SSLM supports for on-demand infrastructure services provisioning 11
12 Thank you Any questions? 12
Security Framework for Virtualised Infrastructure Services Provisioned On-demand
2011 Third IEEE International Conference on Coud Computing Technology and Science Security Framework for Virtualised Infrastructure Services Provisioned On-demand Canh Ngo 1, Peter Membrey 2, Yuri Demchenko
More informationAccess Control Infrastructure for On-Demand Provisioned Virtualised Infrastructure Services
Access Control Infrastructure for On-Demand Provisioned Virtualised Infrastructure Services Yuri Demchenko University of Amsterdam y.demchenko@uva.nl Canh Ngo University of Amsterdam T.C.Ngo@uva.nl Cees
More informationDefining InterCloud Architecture (for Cloud based Infrastructure Services provisioned on-demand) and Cloud Security Infrastructure
Defining InterCloud Architecture (for Cloud based Infrastructure Services provisioned on-demand) and Cloud Security Infrastructure Yuri Demchenko SNE Group, University of Amsterdam Cloud Federation Workshop,
More informationDefining Generic Architecture for Cloud Infrastructure as a Service (IaaS) Provisioning Model
Defining Generic Architecture for Cloud Infrastructure as a Service (IaaS) Provisioning Model Yuri Demchenko SNE Group, University of Amsterdam ISOD BoF at TNC2011 16 May 2011, Prague ISOD BoF @ TNC2011
More informationSecurity Infrastructure for Cloud Infrastructure as a Service (IaaS) Provisioning Model
Security Infrastructure for Cloud Infrastructure as a Service (IaaS) Provisioning Model Yuri Demchenko SNE Group, University of Amsterdam Cloud Security Workshop, OGF31 23 March 2011, Taipei Cloud IaaS
More informationWhite Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution
White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution Federation and Attribute Based Access Control Page 2 Realization of the IAM (R)evolution Executive Summary Many organizations
More informationDefining Generic Architecture. Cloud Infrastructure as a Service (IaaS) Provisioning Model. for
Defining Generic Architecture for Cloud Infrastructure as a Service (IaaS) Provisioning Model Yuri Demchenko, Cees de Laat SNE Group, University of Amsterdam ISGC2011 Conference 22-25 March 2011, Taipei
More informationDefining Generic Architecture for Cloud Infrastructure as a Service Model
Defining Generic Architecture for Cloud Infrastructure as a Service Model Yuri Demchenko 1 University of Amsterdam Science Park 904, Amsterdam, The Netherlands E-mail: y.demchenko@uva.nl Cees de Laat University
More informationSecurity Infrastructure for Cloud Infrastructure as a Service (IaaS) Provisioning Model
Security Infrastructure for Cloud Infrastructure as a Service (IaaS) Provisioning Model Yuri Demchenko SNE Group, University of Amsterdam Cloud Security Workshop 10-11 January 2011, Stavanger 1 Outline
More informationDEFINING GENERIC ARCHITECTURE FOR CLOUD IAAS PROVISIONING MODEL
DEFINING GENERIC ARCHITECTURE FOR CLOUD IAAS PROVISIONING MODEL Yuri Demchenko, Cees de Laat System and Network Engineering Group, University of Amsterdam, Amsterdam, The Netherlands y.demchenko@uva.nl,
More informationLogical Infrastructure Composition Layer and enhanced Network Control Plane EU-FP7 GEYSERS project
Overview Logical Infrastructure Composition Layer and enhanced Network Control Plane EU-FP7 GEYSERS project Joan A. García-Espín i2cat (Barcelona.ES) ISOD BoF OGF30 October 26th, 2010 Grant agreement n
More informationEntitlements Access Management for Software Developers
Entitlements Access Management for Software Developers Market Environment The use of fine grained entitlements and obligations control for access to sensitive information and services in software applications
More informationDAMe Deploying Authorization Mechanisms for Federated Services in the eduroam Architecture
DAMe Deploying Authorization Mechanisms for Federated Services in the eduroam Architecture Sascha Neinert Marseille, 06.02.2008, Sascha Neinert, 06.02.2008 Seite 1 Overview Project Goals Partners Network
More informationINTEGRATED SECURITY SERVICE FOR ON DEMAND SERVICES IN IAAS CLOUD AUTHOR
INTEGRATED SECURITY SERVICE FOR ON DEMAND SERVICES IN IAAS CLOUD AUTHOR MANISHANKAR.S Assistant Professor Amrita Vishwa Vidhyapeetham Mysore Email: manishankar1988@gmail.com Abstract: Security has remained
More informationGEYSERS Project Update
GEYSERS Project Update ISOD RG Meeting OGF31-21 March 2011, Taipei Grant agreement n 248657 GEYSERS Architecture LICL Architecture Outline GEYSERS Service Delivery Framework and VI replanning stage Suggested
More informationFederated Access Control in Heterogeneous Intercloud Environment: Basic Models and Architecture Patterns
Federated Access Control in Heterogeneous Intercloud Environment: Basic Models and Architecture Patterns Craig Lee, The Aerospace Corporation On behalf of Yuri Demchenko, Craig Lee, Canh Ngo, Cees de Laat
More informationCOMPARATIVE STUDY OF VARIOUS EXISTING SECURITY SCENARIOS IN CLOUD COMPUTING ENVIRONMENT
Volume 3, No. 9, September 2012 Journal of Global Research in Computer Science REVIEW ARTICAL Available Online at www.jgrcs.info COMPARATIVE STUDY OF VARIOUS EXISTING SECURITY SCENARIOS IN CLOUD COMPUTING
More informationSecure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact
Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact Robert C. Broeckelmann Jr., Enterprise Middleware Architect Ryan Triplett, Middleware Security Architect Requirements
More informationSecuring Enterprise: Employability and HR
1 Securing Enterprise: Employability and HR Federation and XACML as Security and Access Control Layer Open Standards Forum 2 Employability and HR Vertical Multiple Players - Excellent case for federation
More informationAccess Control Framework of Personal Cloud based on XACML
Access Control Framework of Personal Cloud based on XACML 1 Jun-Young Park, 2 Young-Rok Shin, 3 Kyoung-Hun Kim, 4 Eui-Nam Huh 1First Author, 2 Kyung Hee University, {parkhans, shinyr}@khu.ac.kr 3 Gangdong
More informationTrusted Multi-Tenant Infrastructure
Trusted Multi-Tenant Infrastructure February 14 th 2011 Copyright 2011 - Trusted Computing Group Trusted Multi-Tenant Infrastructure Workgroup Market Observations: Multi-Tenant security is an end-to-end
More informationFederated Access Control in Heterogeneous Intercloud Environment: Basic Models and Architecture Patterns
Federated Access Control in Heterogeneous Intercloud Environment: Basic Models and Architecture Patterns Yuri Demchenko, Canh Ngo, Cees de Laat System and Network Engineering University of Amsterdam Amsterdam,
More informationSAML:The Cross-Domain SSO Use Case
SAML:The Cross-Domain SSO Use Case Chris Ceppi Oblix Corporate Engineer Ed Kaminski OBLIX Federal Business Manager 410-349-1828 ekaminski@oblix.com Mike Blackin Principal Systems Engineer Oblix, Inc. 202-588-7397
More informationUsage Control in Cloud Systems
Usage Control in Cloud Systems Paolo Mori Istituto di Informatica e Telematica Consiglio Nazionale delle Ricerche Pisa Italy Agenda Examples of usage of Cloud services Usage Control Model Policy Language
More informationOpenNebula Open Souce Solution for DC Virtualization. C12G Labs. Online Webinar
OpenNebula Open Souce Solution for DC Virtualization C12G Labs Online Webinar What is OpenNebula? Multi-tenancy, Elasticity and Automatic Provision on Virtualized Environments I m using virtualization/cloud,
More informationCloud Security and Data Protection
Cloud Security and Data Protection Cloud Strategy Partners, LLC Sponsored by: IEEE Educational Activities and IEEE Cloud Computing Course Presenter s Biography This IEEE Cloud Computing tutorial has been
More informationgoberlin a Trusted Cloud Marketplace for Governmental and Commercial Services
goberlin a Trusted Cloud Marketplace for Governmental and Commercial Services Data Protection and Security Considerations in an egovernment Cloud in Germany Dr. Klaus-Peter Eckert Public Sector Cloud Forum
More informationAutonomic Cloud Workflows and Cloud Federation
Autonomic Cloud Workflows and Cloud Federation Dr. Craig A. Lee, Senior Scientist, lee@aero.org The Aerospace Corporation GSAW, March 18, 2013 The Aerospace Corporation 2013 Introduction NIST Definition
More informationVorgangsname 28.02. 30.04. 02.01. 29.02. 30.04. 01.11. 31.12. 28.02. M30 M30 M14 M20
1 APPENDIX (SECTION 6) - GANTT Work plan 2 3 EMI Project 4 Project Duration (M1-M36) 5 EMI 1 Release Candidates/Code Freeze (M10) 6 EMI 1 Release (M12) 7 EMI 2 Feature Freeze () 8 EMI 2 Release Candidates/Code
More informationOpenNebula Open Souce Solution for DC Virtualization
13 th LSM 2012 7 th -12 th July, Geneva OpenNebula Open Souce Solution for DC Virtualization Constantino Vázquez Blanco OpenNebula.org What is OpenNebula? Multi-tenancy, Elasticity and Automatic Provision
More informationThe Great Office 365 Adventure
COURSE OVERVIEW The Great Office 365 Adventure Duration: 5 days It's no secret that Microsoft has been shifting its development strategy away from the SharePoint on-premises environment to focus on the
More informationOpenNebula Open Souce Solution for DC Virtualization
OSDC 2012 25 th April, Nürnberg OpenNebula Open Souce Solution for DC Virtualization Constantino Vázquez Blanco OpenNebula.org What is OpenNebula? Multi-tenancy, Elasticity and Automatic Provision on Virtualized
More informationGENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET
http:// GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET Manisha Dawra 1, Ramdev Singh 2 1 Al-Falah School of Engg. & Tech., Vill-Dhauj, Ballabgarh-Sohna Road, Faridabad, Haryana (INDIA)-121004
More informationIntegrating XACML into JAX-WS and WSIT
Integrating XACML into JAX-WS and WSIT Prof. Dr. Eric Dubuis Berner Fachhochschule Biel May 25, 2012 Overview Problem and Motivation Enforcing the Access Policy JAX-WS Handler Framework WSIT Validators
More informationBringing Cloud Security Down to Earth. Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com
Bringing Cloud Security Down to Earth Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Agenda About Nemertes Cloud Dynamics and Adoption Assessing Risk of Cloud Services
More informationContents at a Glance. 1 Introduction 17. 2 Basic Principles of IT Security 23. 3 Authentication and Authorization in
at a Glance 1 Introduction 17 2 Basic Principles of IT Security 23 3 Authentication and Authorization in SAP NetWeaver Application Server Java 53 4 Single Sign-On 151 5 Identity Provisioning 289 6 Secure
More informationWhite Paper The Identity & Access Management (R)evolution
White Paper The Identity & Access Management (R)evolution Federation and Attribute Based Access Control Page 2 A New Perspective on Identity & Access Management Executive Summary Identity & Access Management
More informationCLOUD AWARE LARGE SCALE DISTRIBUTED SOA. Christophe Hamerling EBM WebSourcing @chamerling
CLOUD AWARE LARGE SCALE DISTRIBUTED SOA Christophe Hamerling EBM WebSourcing @chamerling Christophe Hamerling @EBM WebSourcing SOA Research Engineer Cloud Activity Leader Open Source Developper Petals
More informationSentinet for BizTalk Server SENTINET
Sentinet for BizTalk Server SENTINET Sentinet for BizTalk Server 1 Contents Introduction... 2 Sentinet Benefits... 3 SOA and APIs Repository... 4 Security... 4 Mediation and Virtualization... 5 Authentication
More informationTrusted Virtual Infrastructure Bootstrapping for On Demand Services.
Trusted Virtual Infrastructure Bootstrapping for On Demand Services. Abstract As cloud computing continues to gain traction, a great deal of effort is being expended in researching the most effective ways
More informationSoftware and Cloud Security
1 Lecture 12: Software and Cloud Security 2 Lecture 12 : Software and Cloud Security Subjects / Topics : 1. Standard ISO/OSI security services 2. Special problems, specific for software components and
More informationSecurity Architecture for Open Collaborative Environment
Security Architecture for Open Collaborative Environment Yuri Demchenko¹, Leon Gommans¹, Cees de Laat¹, Bas Oudenaarde¹, Andrew Tokmakoff², Martin Snijders², Rene van Buuren² ¹ Universiteit van Amsterdam,
More informationGOA365: The Great Office 365 Adventure
BEST PRACTICES IN OFFICE 365 DEVELOPMENT 5 DAYS GOA365: The Great Office 365 Adventure AUDIENCE FORMAT COURSE DESCRIPTION STUDENT PREREQUISITES Professional Developers Instructor-led training with hands-on
More informationSecure Identity in Cloud Computing
Secure Identity in Cloud Computing Michelle Carter The Aerospace Corporation March 20, 2013 The Aerospace Corporation 2013 All trademarks, service marks, and trade names are the property of their respective
More informationAdding Federated Identity Management to OpenStack
Adding Federated Identity Management to OpenStack David Chadwick University of Kent 3 December 2012 University of Kent 1 Some Definitions What is Identity? A whole set of attributes that in combination
More informationBiometric Single Sign-on using SAML Architecture & Design Strategies
Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan Java Technology Architect Sun Microsystems Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand
More informationA MORE FLEXIBLE MULTI-TENANT SOA FOR SAAS
A MORE FLEXIBLE MULTI-TENANT SOA FOR SAAS Eric H. Nielsen, Ph.D. VP Platform Architecture CA Technologies e.h.nielsen@ieee.org For IEEE Software Technology Conference STC 2014 April 3, 2014 Long Beach,
More informationEnd-to-End Security Policy Auditing and Enforcement in Service Oriented Architecture. Progress Report: January 2014 and Related Research
End-to-End Security Policy Auditing and Enforcement in Service Oriented Architecture Progress Report: January 2014 and Related Research Agenda Motivation REST/SOA Monitoring Framework Demo Future Work
More informationService Oriented Networks Security. David Brossard, M.Eng, SCEA Senior Security Researcher, BT Innovate Globecom 2008
Service Oriented Networks Security David Brossard, M.Eng, SCEA Senior Security Researcher, BT Innovate Globecom 2008 While empowering new business models, SON leads to a proliferation of application networks
More informationGEMBus based Services Composition Platform for Cloud PaaS
GEMBus based Services Composition Platform for Cloud PaaS Yuri Demchenko 1, Canh Ngo 1, Pedro Martínez-Julia 2, Elena Torroglosa 2, Mary Grammatikou 3, Jordi Jofre 4, Steluta Gheorghiu 4, Joan A. Garcia-Espin
More informationIdentity, Privacy, and Data Protection in the Cloud XACML. David Brossard Product Manager, Axiomatics
Identity, Privacy, and Data Protection in the Cloud XACML David Brossard Product Manager, Axiomatics 1 What you will learn The issue with authorization in the cloud Quick background on XACML 3 strategies
More informationWhite paper. Planning for SaaS Integration
White paper Planning for SaaS Integration KEY PLANNING CONSIDERATIONS: Business Process Modeling Data Moderling and Mapping Data Ownership Integration Strategy Security Quality of Data (Data Cleansing)
More informationThe OpenNebula Cloud Platform for Data Center Virtualization
CloudOpen 2012 San Diego, USA, August 29th, 2012 The OpenNebula Cloud Platform for Data Center Virtualization Carlos Martín Project Engineer Acknowledgments The research leading to these results has received
More informationAuthentication and Authorization Systems in Cloud Environments
Authentication and Authorization Systems in Cloud Environments DAVIT HAKOBYAN Master of Science Thesis Stockholm, Sweden 2012 TRITA-ICT-EX-2012:203 Abstract The emergence of cloud computing paradigm offers
More informationWeb Services Security with SOAP Security Proxies
Web Services Security with Security Proxies Gerald Brose, PhD Technical Product Manager Xtradyne Technologies AG OMG Web Services Workshop USA 22 April 2003, Philadelphia Web Services Security Risks! Exposure
More informationNext Challenges in Optical Networking Research: Contribution from the CaON cluster for HORIZON 2020
Next Challenges in Optical Networking Research: Contribution from the CaON cluster for HORIZON 2020 Dimitra Simeonidou: dsimeo@essex.ac.uk, Sergi Figuerola: sergi.figuerola@i2cat.net + CaON projects CaON
More informationOracle Platform Security Services & Authorization Policy Manager. Vinay Shukla July 2010
Oracle Platform Security Services & Authorization Policy Manager Vinay Shukla July 2010 The following is intended to outline our general product direction. It is intended for information purposes only,
More informationOracle Reference Architecture and Oracle Cloud
Oracle Reference Architecture and Oracle Cloud Anbu Krishnaswamy Anbarasu Enterprise Architect Social. Mobile. Complete. Global Enterprise Architecture Program Safe Harbor Statement The following is intended
More informationArchitectural Principles for Secure Multi-Tenancy
Architectural Principles for Secure Multi-Tenancy John Linn, Office of the CTO, RSA, The Security Division of EMC John Field, Office of the CTO, EMC Also adapting prior content by Burt Kaliski DIMACS Workshop
More informationSingle Sign On In A CORBA-Based
Single Sign On In A CORBA-Based Based Distributed System Igor Balabine IONA Security Architect Outline A standards-based framework approach to the Enterprise application security Security framework example:
More informationMicrosoft Azure for IT Professionals 55065A; 3 days
Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Microsoft Azure for IT Professionals 55065A; 3 days Course Description This
More informationIBM. How can we support the requirement of creating dynamic, flexible and cost effective solution in the IAM area?
IBM How can we support the requirement of creating dynamic, flexible and cost effective solution in the IAM area? Sven-Erik Vestergaard Nordic Security Architect IBM Software group svest@dk.ibm.com Security
More informationSOA and SaaS - new challenges
SOA and SaaS - new challenges Andre Grübel Business Technology Capgemini Loeffelstrasse 44-46 70597 Stuttgart andre.gruebel@capgemini.com Abstract: SOA is moving towards Software as a Service (SaaS), which
More informationXACML and Access Management. A Business Case for Fine-Grained Authorization and Centralized Policy Management
A Business Case for Fine-Grained Authorization and Centralized Policy Management Dissolving Infrastructures A recent Roundtable with CIOs from a dozen multinational companies concurred that Identity &
More informationDefining Inter-Cloud Architecture for Interoperability and Integration
Defining Inter-Cloud Architecture for Interoperability and Integration 1 Yuri Demchenko, 1 Canh Ngo, 1,2 Marc X. Makkes, 1,2 Rudolf Strijkers, 1 Cees de Laat 1 University of Amsterdam System and Network
More informationIONA Security Platform
IONA Security Platform February 22, 2002 Igor Balabine, PhD IONA Security Architect Copyright IONA Technologies 2001 End 2 Anywhere Agenda IONA Security Platform (isp) architecture Integrating with Enterprise
More informationSecure the Web: OpenSSO
Secure the Web: OpenSSO Sang Shin, Technology Architect Sun Microsystems, Inc. javapassion.com Pat Patterson, Principal Engineer Sun Microsystems, Inc. blogs.sun.com/superpat 1 Agenda Need for identity-based
More informationWeb Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.
Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1 Agenda Need for Identity-based Web services security Single Sign-On
More informationINDIGO DataCloud. Technical Overview RIA-653549. Giacinto.Donvito@ba.infn.it. INFN-Bari
INDIGO DataCloud Technical Overview RIA-653549 Giacinto.Donvito@ba.infn.it INFN-Bari Agenda Gap analysis Goals Architecture WPs activities Conclusions 2 Gap Analysis Support federated identities and provide
More informationBiometric Single Sign-on using SAML
Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan CISSP Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand the importance of Single Sign-On
More informationBuilding a SaaS Application. ReddyRaja Annareddy CTO and Founder
Building a SaaS Application ReddyRaja Annareddy CTO and Founder Introduction As cloud becomes more and more prevalent, many ISV s and enterprise are looking forward to move their services and offerings
More informationSecurity for Cloud- and On Premise Deployment. Mendix App Platform Technical Whitepaper
Security for Cloud- and On Premise Deployment Mendix App Platform Technical Whitepaper Security for Cloud- and On Premise Deployment EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 THE MENDIX APP PLATFORM...
More informationSAFAX. External Clients. TU/e Security Group
2016 SAFAX Policy Evaluation Deploy Policy TU/e Security Group Table of Contents Introduction... 2 List of Acronyms and Definitions... 3 List of Acronyms... 3 List of Definitions... 3 General Steps...
More informationCloud Security. Let s Open the Box. Abu Shohel Ahmed ahmed.shohel@ericsson.com NomadicLab, Ericsson Research
t Cloud Security Let s Open the Box t Abu Shohel Ahmed ahmed.shohel@ericsson.com NomadicLab, Ericsson Research Facts about Ericsson Ericsson is a world-leading provider of telecommunication equipment and
More informationBOF4803 Open source identity and access management. 1 October 2012 5:30p San Francisco CA
Open source identity and access management 1 October 2012 5:30p San Francisco CA slide 2 Expert Panel Ludovic Poitou, ForgeRock Matt Hardin, Symas Pascal Jakobi, Thales Group Shawn McKinney, JoshuaTree
More informationHow to Integrate and Extend Oracle CON3755. Gary Williams Principal Curriculum Developer Mobile Cloud Applications October 2014
How to Integrate and Extend Oracle Cl d A li ti Cloud Applications CON3755 Gary Williams Principal Curriculum Developer Mobile Cloud Applications October 2014 October 2014 Safe Harbor Statement The following
More informationOn-demand Provisioning of Workflow Middleware and Services An Overview
On-demand Provisioning of Workflow Middleware and s An Overview University of Stuttgart Universitätsstr. 8 70569 Stuttgart Germany Karolina Vukojevic-Haupt, Florian Haupt, and Frank Leymann Institute of
More informationTowards an Open Identity Infrastructure with OpenSSO. RMLL Nantes July 10 2009. Fulup Ar Foll Master Architect fulup@sun.com
Towards an Open Identity Infrastructure with OpenSSO RMLL Nantes July 10 2009 Fulup Ar Foll Master Architect fulup@sun.com 1 Towards an Open Identity Infrastructure with OpenSSO OpenSSO Overview > Integration
More informationBOF2337 Open Source Identity and Access Management Expert Panel, Part II. 23 September 2013 5:30p Hilton - Golden Gate 6/7/8 San Francisco CA
Open Source Identity and Access Management Expert Panel, Part II 23 September 2013 5:30p Hilton - Golden Gate 6/7/8 San Francisco CA slide 2 Expert Panel Emmanuel Lécharny, Apache Software Foundation Howard
More informationManage all your Office365 users and licenses
Manage all your Office365 users and licenses Delegate 365 White Paper Authors: Toni Pohl, Martina Grom Version: 1.2 of December 2014 atwork information technology gmbh. All rights reserved. For information
More informationAPIs The Next Hacker Target Or a Business and Security Opportunity?
APIs The Next Hacker Target Or a Business and Security Opportunity? SESSION ID: SEC-T07 Tim Mather VP, CISO Cadence Design Systems @mather_tim Why Should You Care About APIs? Amazon Web Services EC2 alone
More informationConsolidated Technology Services PRIVATE CLOUD SERVICE. March 2014
Consolidated Technology Services PRIVATE CLOUD SERVICE March 2014 Topics Service Strategy Features and Benefits Service Options Rates Deployment Strategy Next Steps 2 Private Cloud Service Strategy Transform
More informationMANAGEMENT AND ORCHESTRATION WORKFLOW AUTOMATION FOR VBLOCK INFRASTRUCTURE PLATFORMS
VCE Word Template Table of Contents www.vce.com MANAGEMENT AND ORCHESTRATION WORKFLOW AUTOMATION FOR VBLOCK INFRASTRUCTURE PLATFORMS January 2012 VCE Authors: Changbin Gong: Lead Solution Architect Michael
More informationVirtual Machine in Data Center Switches Huawei Virtual System
Virtual Machine in Data Center Switches Huawei Virtual System Contents 1 Introduction... 3 2 VS: From the Aspect of Virtualization Technology... 3 3 VS: From the Aspect of Market Driving... 4 4 VS: From
More informationThe Jamcracker Enterprise CSB AppStore Unifying Cloud Services Delivery and Management for Enterprise IT
The Jamcracker Enterprise CSB AppStore Unifying Cloud Services Delivery and Management for Enterprise IT Jamcracker, Inc. 4677 Old Ironsides Drive Santa Clara, CA, USA 95054 www.jamcracker.com Table of
More informationThe Case for a Reference Framework for Trusted Multi-Tenant Infrastructure
The Case for a Reference Framework for Trusted Multi-Tenant Infrastructure Michael Donovan Chief Technologist HP Enterprise Services Erik Visnyak IA Engineer BAE Systems 09/21/2011 Abstract Learn about
More informationWhat s New in SharePoint 2016 (On- Premise) for IT Pros
What s New in SharePoint 2016 (On- Premise) for IT Pros This article is based on notes taken during a public presentation at the Microsoft Ignite event by presenter Bill Baer. A video of the session can
More informationIt s All About Cloud Key Concepts, Players, Platforms And Technologies
It s All About Cloud Key Concepts, Players, Platforms And Technologies 3-day seminar Description Cloud computing has gained a lot of attention in recent years. It has mostly been used for non business
More informationCloud Computing Standards: Overview and first achievements in ITU-T SG13.
Cloud Computing Standards: Overview and first achievements in ITU-T SG13. Dr ITU-T, Chairman of Cloud Computing Working Party, SG 13 Future Networks Orange Labs Networks, Cloud & Future Networks Standard
More informationITG Software Engineering
IBM WebSphere Administration 8.5 Course ID: Page 1 Last Updated 12/15/2014 WebSphere Administration 8.5 Course Overview: This 5 Day course will cover the administration and configuration of WebSphere 8.5.
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationOracle Cloud 25.09.14. Bjarte Drivenes Enterprise Architect. Copyright 2014 Oracle and/or its affiliates. All rights reserved.
Oracle Cloud 25.09.14 Bjarte Drivenes Enterprise Architect Copyright 2014 Oracle and/or its affiliates. All rights reserved. Copyright 2014 Oracle and/or its affiliates. All rights reserved. Agenda Private
More informationTitle: Cloud Security, Access Control and Compliance
HPCS 2015 TUTORIAL IV Title: Cloud Security, Access Control and Compliance http://www.uazone.org/demch/presentations.html hpcs2015tutorial-cloud-security-access-control-compliance-v02.pdf Yuri Demchenko
More informationWhite Paper. Cloud Native Advantage: Multi-Tenant, Shared Container PaaS. http://wso2.com Version 1.1 (June 19, 2012)
Cloud Native Advantage: Multi-Tenant, Shared Container PaaS Version 1.1 (June 19, 2012) Table of Contents PaaS Container Partitioning Strategies... 03 Container Tenancy... 04 Multi-tenant Shared Container...
More informationOpen Data Center Alliance Usage: Identity Management Interoperability Guide rev. 1.0
sm Open Data Center Alliance Usage: Identity Interoperability Guide rev. 1.0 Open Data Center Alliance Usage: Identity Interoperability Guide Rev. 1.0 Table of Contents Legal Notice... 3 Executive Summary...
More informationDESIGN OF A PLATFORM OF VIRTUAL SERVICE CONTAINERS FOR SERVICE ORIENTED CLOUD COMPUTING. Carlos de Alfonso Andrés García Vicente Hernández
DESIGN OF A PLATFORM OF VIRTUAL SERVICE CONTAINERS FOR SERVICE ORIENTED CLOUD COMPUTING Carlos de Alfonso Andrés García Vicente Hernández 2 INDEX Introduction Our approach Platform design Storage Security
More informationEnterprise Access Control Patterns For REST and Web APIs
Enterprise Access Control Patterns For REST and Web APIs Francois Lascelles Layer 7 Technologies Session ID: STAR-402 Session Classification: intermediate Today s enterprise API drivers IAAS/PAAS distributed
More informationGetting Started Hacking on OpenNebula
LinuxTag 2013 Berlin, Germany, May 22nd Getting Started Hacking on OpenNebula Carlos Martín Project Engineer Acknowledgments The research leading to these results has received funding from Comunidad de
More informationOpen Source Multi-Cloud, Multi- Tenant Automation in the cloud with SlipStream PaaS
Open Source Multi-Cloud, Multi- Tenant Automation in the cloud with SlipStream PaaS A professional open source solution Robert Branchat, SixSq 5 July 2014 Lyon, France Based in Geneva, Switzerland Founded
More informationSentinet for Windows Azure SENTINET
Sentinet for Windows Azure SENTINET Sentinet for Windows Azure 1 Contents Introduction... 2 Customer Benefits... 2 Deployment Topologies... 3 Isolated Deployment Model... 3 Collocated Deployment Model...
More information