Abstract of the Core Concepts of S.A.F.E.: Standards for Federated Identity Management

Size: px
Start display at page:

Download "Abstract of the Core Concepts of S.A.F.E.: Standards for Federated Identity Management"

Transcription

1 Abstract of the Core Concepts of S.A.F.E.: Standards for Federated Identity Management Subject: Responsible: Secure Access to Federated E-Justice/E-Government Federal and State Authorities Commission for Data Processing and Rationalization in German Justice Version.Release: 1.1 Creation: Last Revision: State: in process / submitted / ready Number of Pages: 16 Authors: Filename: Abstract: Birger Streckel (Dataport) _SAFE_Abstact_V1-1.doc Short summary of the S.A.F.E. S.A.F.E. defines a technical framework for interoperable and safe usage of Digital Identities across administrative borders ( Trust-Domains ) and is set up from the Web Service Protocol Stack ( WS-* ) of OASIS and W3C. The selected standards are profiled for sake of interoperability. Contact: Working Group IT-Standards in Justice Jürgen Ehrmann Ministry of Justice of the state of Baden-Württemberg Telefon: Meinhard Wöhrmann Higher Regional Court in Düsseldorf Telefon:

2 Seite 2 von 16

3 Seite 3 von 16 1 STARTING POINT AND GOALS FUNCTIONAL REQUIREMENTS DESIGN GOALS IDENTITY MANAGEMENT IDENTITY MANAGEMENT IN E-GOVERNMENT/E-JUSTICE IDENTITY MANAGEMENT STANDARDS SAML 2.0, Liberty Alliance WS-Trust, WS-Federation Usage of standards in S.A.F.E THE S.A.F.E. CONCEPT ARCHITECTURAL OVERVIEW Attribute Service (AS) Provisioning Service (PS) Identity-Provider (IdP) CONCEPTUAL FEATURES LITERATURE...15

4 Seite 4 von 16 1 Starting point and goals The conference of justice ministers initiated a Deutschland Online -Project Einheitliche Verfahren für den elektronischen Rechtsverkehr (Standardized processes for the electronic justice), which was finally adopted on by the conference of prime ministers. The intention of this initiative is the advancement of the electronic communication infrastructure in justice with the goal of defining open, interoperable and internationally standardized interfaces for the participants that allow secure access to communication services as well as secure and reliable electronic communication. The S.A.F.E. concept aims at the secure registration, authentication and authorization as well as the secure storage of communication participants. Since these aims are of common interest for most E-Government services also beyond communication and beyond E-Justice, S.A.F.E. was developed as a concept consisting of two main documents. The first document Architecture and Interfaces for Federated Identity Management [1] defines a common standard for user management and registration for general E-Government services. A Web Service based Identity Management Infrastructure is defined, which can be used as a common standard for securing access to E-Government services. The standard is open and expandable to allow interoperability between different E-Government services and to provide Single-Sign-On (SSO) solutions for accessing different services with the same Digital Identity. The second document S.A.F.E. detailed technical concept [2] further specialises the general concept for its use in the concrete E-Justice communication scenario. While preserving the general concept further specializations and extensions are made to meet the demand of the concrete E-Justice application. The base concept can be customized by other E-Government applications. This generates an expanding pool of interoperable E-Government services with a common registration and authentication interface. 1.1 Functional requirements The main goals of the general concept for identity management are to provide an open and highly scalable architecture for Federated Identity Management (FIM) in E-Justice and E-Government. The primary objectives are:

5 Seite 5 von 16 Create a concept for medium-size identity management solutions with the possibility to use federation techniques to expand these to large scale, Federated Identity Management (FIM) enterprises Use Identity Management to provide secure access to E-Government services Define base services for a complete Identity Management Framework including authorisation, authentication, provisioning that are reusable by all kinds of E-Government applications Define minimum standards for security and information that must be fulfilled met by all services that are part of a S.A.F.E.-federation Be open to all kinds of registration and authentication procedures Support roles and rights concepts based on registration and authentication security Provide an address-book service that can be queried for lists of the managed identities The requirements regarding the detailed technical concept for identity management for in an electronic justice communication scenario are much more application-driven: Maintain an identity store with up to identities of legal practitioners, notaries, courts, ministries of justice, business companies, etc. Selective querying of the identity store with support of right and role management Self provisioning and administrative provisioning of these identities Secure access to E-Justice communication services Minimal effort in migrating the existing user database to the new identity management infrastructure 1.2 Design goals From the functional requirements the following design goals were derived: To be open to a variety of E-Government services the concept only defines interfaces and communication protocols between the different services and modules of the described framework, to guarantee interoperability. Realisation of the interfaces and concrete development of the services are left to the implementer. To minimize the implementation efforts and with this raise the acceptance it is necessary to base S.A.F.E. on open international standards, preferably standards with already available implementations. To provide interoperability between all applications implementing the S.A.F.E. concept, a minimum set of standard services and their communication interfaces are defined. These have to be implemented by every partner in a S.A.F.E.-federation.

6 Seite 6 von 16 To provide common security standards for all S.A.F.E. services, guidelines for administration, management and life cycle of digital identities (provisioning) are defined. Rules are established for authenticating an identity and for proving the correct authentication to service providers. A method is set that allows an individual to securely prove its verified identity. To provide common security standards for the identity data rules and interfaces for accessing and storing identity information and attributes are defined. Further conceptual goals are: Platform independence on client- and server-side High scalability to support large scale solutions as well Usage of open, vendor independent standards Possibility to integrate existing Identity Management Infrastructure Secure message exchange with Web Services Possibility to decentralize identity data for functional or spatial aspects with the opportunity of future cooperation (federation) Support of active Web Service oriented client server communication in service oriented architectures (SOAs) Possibility to integrate passive browser-clients for Single-Sign-On scenarios. 2 Identity Management Identity Management is a concept for managing identities. Identities can be individuals, legal persons or IT-components. An identity consists of information about the described individual. Each identity has a unique ID and descriptive attributes, such as address, , certificates. Identity Management is used to identify individuals in a system and to control their access to resources within that system by associating user rights and restrictions, based on the identities attributes, with the established identity. Identity Management covers: Handling of identities and their attributes Authentication of identities by trustworthy entities Authorization of identities to use (web-)resources Secure message transmission in the identity managed enterprise Provisioning of identities and management of identity lifecycles with registration, change and deletion of identities and attributes Management of roles and access rights Management of attribute access and visibility

7 Seite 7 von Identity Management in E-Government/E-Justice For the task of secure E-Justice communication it is necessary to provide a user management. This must at least include registration, provisioning and authentication of the communication users. A secure access to the communication services is needed and also some role management specifying the possible communication partners to prevent events like spamming or mass mailing. These requirements has to be met by a flexible, expandable system completely based on open, international and vendor independent standards. This guarantees the interoperability and expandability of the enterprise solution and ensures a seamless integration of components developed by different vendors. Identity Management is the discipline meeting all these requirements and leading to an open standard for user management and registration for general E-Government services also beyond E-Justice. By using the S.A.F.E.-standard identities for different E-Government applications are exchangeable. SSO solutions are possible, where the Identities are provided by local organisations and could be used to gain access to a wide range of different E-Government services. 2.2 Identity Management standards Currently different international standards in the field of digital identity management are existing. The two main standard families covering the necessary features for the described scenario are SAML 2.0/Liberty Alliance and WS-Trust/WS-Federation. Both are vendor independent, open and international standards and at least partially OASIS-ratified. Unfortunately both standard families are at least partially overlapping and incompatible to each other SAML 2.0, Liberty Alliance The SAML Standard, which is already several years in place, with its current version 2.0 [11], provides all necessary features for simple Identity Management solutions. While its main focus is browser-oriented passive federation, it also allows federation of Web Services. Open source implementations exist, but also here with the main focus on browser-sso. In this field it achieved quite some reputation over the last few years. The SAML standard is supplemented by several Liberty Alliance standards (ID-WSF standard family). These extend SAML by advanced features for federation of Web Services. In contrast to the SAML standard ID-WSF is not so widely accepted.

8 Seite 8 von WS-Trust, WS-Federation WS-Trust [7] and WS-Federation [8] are based on the stack of WS-* standards which define Web Services interoperability and are almost without alternative when implementing Web Service functionality. WS-Trust and WS-Federation are the logical continuation of the WS-* standard family and with this have their clear focus on Identity Management using Web Services. Quite some acceptance is noticeable and also implementations of the standards exist. WS-Federation provides also a solution for Browser-oriented passive federation, but is stronger in the field of Web Services Usage of standards in S.A.F.E. So far it is unknown, which of the two standard families will have the greater acceptance in the future. From todays point of view both standards will exist in coexistence. Instead of creating facts by deciding for one or the other standard family one main design goal was using the elements of the WS-* standards family to make it possible to support the SAML/Liberty Alliance standards family. Identity Management can be understood in an abstract way and the components building the Identity Management system could support both standards. Such a cross-protocol solution is called Identity- Meta-System and is a realistic goal for future development. Supporting both standard families in an initial implementation might be realistic but not cost-effective. While the given E-Justice communication scenario was clearly Web Service based, we had to support rich client applications resulting in using the standards having the greater acceptance in Web Service based Identity Management. We decided to use the following standards for the S.A.F.E.-concept focusing on the E-Justice communication scenario: SOAP 1.2 [3] WSDL 2.0 [4] for Web-Service communication for Web-Service description WS-Security 1.1 [5] WS-Policy 1.2 [6] for securing SOAP messages on the message layer for specification of the security concept WS-Trust 1.3 [7] for communication with the Identity Provider (IdP, see below)

9 Seite 9 von 16 WS-Federation 1.1 [8] WS-Secure- Conversation 1.3 [9] SPML 2.0 [10] SAML 2.0 (Assertion) [11] Liberty ID-SIS-PP [12] for federation of independent Trust Domains (TD, see below) for speeding up secure message exchange for communication to the Attribute Service (AS, see below) and the Provisioning Service (PS, see below) issued by the IdP to confirm a individuals identity for serializing identity information to XML 3 The S.A.F.E. Concept Table 1: Standards used in the S.A.F.E.-concept As described earlier, the S.A.F.E.-concept is based on the WS-* stack of standards, particularly on WS-Trust [7] and WS-Federation [8]. The S.A.F.E.-Standard is developed by profiling these standards. This means S.A.F.E. is constraining, extending and tailoring these standards and is hence fully conform to the original standards. The goal is to cut back these standards for easier interoperability and thus less implementation costs but to preserve enough flexibility to allow Federated Identity Management (FIM) for various E-Government services. High flexibility is also achieved by the deliberately inserted extensibility of the S.A.F.E.-base standard [1]. Every S.A.F.E.- conform implemented application should again profile the S.A.F.E.-base standard [1] in a similar way as described in the document [2]. This concept is shown schematically in Figure 1. The S.A.F.E.-base document Architecture and Interfaces for Federated Identity Management 1 is profiling the WS-* stack of standards shown at bottom of Figure 1 - to create a common Identity Management infrastructure for E-Government services. An implementation of this core FIM-infrastructure can be developed in.net 2 or JAVA. Then only small changes are necessary to migrate the core FIM-infrastructure to a concrete application. These steps are described in the S.A.F.E.-extension document S.A.F.E. detailed technical concept for the application of E-Justice communication 4. Other application scenarios 3 like GovernmentGateway or Bürgerportale could develop their own slim concepts adapting the FIM-infrastructure to their own application needs. All FIM-implementations based on the core FIM-infrastructure can be made interoperable and can be merged into a large scale federation with Single-Sign-On for different E-Government applications at hand.

10 Seite 10 von 16 SAFE for ejustice communication 4 Interoperability SAFE for GovernmentGatew ay SAFE for... solution Integration Migration Integration Migration Integration Migration SAFE-Concept (Document [2]) SAFE detailed technical concept 3 SAFE-Concept for GovernmentGatew ay SAFE application concept application specification Further Profiling Further Profiling Further Profiling FIM-infrastructure Open Source / Java 2 FIM-infrastructure.NET FIM-infrastructure Implementation Implementation Implementation SAFE-Concept (Document [1]) "Architecture and Interfaces for Federated Identity Management" 1 FIM-specification Profiling Metadata: WS- Policy WS- SecurityPolicy WS-Federation WS-SecureConversation WS-Trust WS-Security standards Messaging: SOAP, WS-Addressing XML Figure 1: S.A.F.E.-Trust-Domain with Services and Identity-Store

11 Seite 11 von Architectural overview The S.A.F.E. federation is organized in Trust-Domains (TD). All S.A.F.E.-TDs have a similar structure and have to provide identical services. The service interfaces are defined in the S.A.F.E.-concept. All subsystems and services in a trust domain maintain a trust relationship. This means, the services trust each other requests. A S.A.F.E.-TD is divided in three subsystems - Attribute Service (AS), Provisioning Service (PS) and Identity Provider (IdP) - each providing external interfaces. An additional internal subsystem is the identity database or Identity-Store, used by the other three subsystems but providing no external interfaces and thus is encapsulated. In Figure 2 the Trust-Domain and its services are depicted schematically. Requestor Trust-Domain Identity- Provider Service- Provider Attribute- Service Provision. Service Identity-Store Domain Identität Attribut x Attribut y Attribut z... Credential Figure 2: S.A.F.E.-Trust-Domain with Services and Identity-Store Attribute Service (AS) The Attribute Service provides information about identities and their attributes. The Attribute service can be queried for single identities or a group of identities. It can also be queried using search criteria, to provide a kind of address-book functionality. The AS provides read only access to the identities, no modification of identity or attribute data is possible.

12 Seite 12 von 16 The Attribute-Service is a realisation of the in WS-Federation [8] only conceptually described Attribute-Service. Its interface is a profiled version of the SPML-standard [10] (Service Provisioning Markup Language) and provides the SPML operations lookup and search. Identity data is transferred using the ID-SIS-PP standard [12], which defines syntax and semantics for serialising an identity with all its attributes into a defined XMLrepresentation. If more then one TD has to combine and federate their identity data a Virtual Attribute Service can be implemented. The Virtual AS queries the Attribute Services of the TDs and combines the identity data. The Virtual AS is transparent, that means it has an SPML interface identical to the interface of a TD-AS; it can query the TD-Attribute Services by only passing on the user query. The WS-Security [5] binding is used to secure the message exchange between client application and AS. Security is established by a symmetric key that is issued by the IdP Provisioning Service (PS) The Provisioning Service provides a consistent interface for data administration services. It allows administrators or users to add, modify or delete identity data. The interface implements the SPML-standard [10] and provides the SPML operations add, modify and delete. While administrators should have general rights to modify the data, users are only able to modify attributes, which were not checked in the registration process. Again a WS-Security [5] binding is used to protect the PS from fraud and provide safe authentication and authorisation via the IdP Identity-Provider (IdP) The Identity-Provider is the central instance for authentication in each TD. Registered users can use the IdP to prove their identity. The IdP confirms the correct authentication of the user by issuing a security token. These security tokens contain information about the identity and the attributes of the user. The user can use the token to claim his identity against a service. Because of the trust relationship between service and IdP the service can be sure of the users identity. Every service that belongs to a Trust Domain has to implement authentication via a security token, in particular also AS and PS.

13 Seite 13 von 16 The S.A.F.E.-IdP confirms authentication by issuing SAML 2.0 [11] assertions as security tokens. These SAML-tokens are profiled to contain the following information about the user: The unique identity descriptor Attributes, especially a role attribute Information about the registration procedure Information about the authentication procedure It is also defined, how this information is syntactically represented in the SAML-token. The implementation of the IdP strictly follows the WS-Trust standard [7]. 3.2 Conceptual features The described architecture was designed to meet specific conceptual features, especially the following: Platform independence - The described services can be implemented on different platforms like.net or JAVA. Interface centric design - S.A.F.E. primarily defines interfaces on the base of open international standards. This leaves a lot of freedom to the developer for the design of specific components but achieves the interoperability of components from different vendors. Scalability - Because S.A.F.E. is an open concept and not restricted to a particular application or subject a high scalability is absolutely necessary. By structuring Identity Management in Trust Domains it is possible to realise also large scale scenarios. Also distributed data ownership can be supported by grouping the Identities for their functional or spatial aspects. Consistent naming conventions for attributes - To maintain a federation it is necessary that all federation partners have the same understanding of the syntax and semantics of attributes. It is necessary for all federation partners to make use of the S.A.F.E. naming conventions. Attribute representations are defined for attribute representation in a SAML-token as well as for the ID-SIS-PP provisioning objects that are used to by AS and PS. Instructions show, how the set of attributes can be extended by new ones. OSCI 2.0 conformity - S.A.F.E. is compatible to the forthcoming transport-standard OSCI 2.0, and it extends OSCI by Identity Management aspects.

14 Seite 14 von 16 Open for various registration methods - In many Identity Management scenarios there is a strong focus set on the possible registration methods, for applying a digital identity and assuring the correctness of the attributes. Surely many different registration methods are possible, all of which have different security and integrity (correctness of the data). The S.A.F.E.-base concept however does not set any guidelines to the registration process; anything is allowed. Establishing a new registration process in a derived application concept, leads inevitably to the question about the security of the registration process. This security level of the registration process has to be put into the SAML-token, so every service can decide if the registration provides enough security for a possible access. Concrete registration methods are described in the derived concept [2] where the concrete services are defined and their demand for security can be evaluated. Registration methods could be: Online self registration without attribute check Registration via PostIdent Registration by a civil servant in presence of the individual Registration by electronically reading an epass Low security High security High security Normal security Table 2: Examples for registration methods Open for various authentication Methods - Like registration methods there are also different authentication methods that provide variable security. Passwords can be guessed, software certificates can be stolen, certificates stored on a smartcard provide higher security. Again concrete authentication methods are described in document [2]. Authentication Methods could be: Username/Password Software Certificates Smartcard Certificate with PIN CardSpace OpenID Normal security Normal security High security High security Normal security Table 3: Examples for authentication methods Confirmation of registration and authentication process - To be able to judge and to trust the information that the IdP confirms in the issued token, it is also necessary to know details about registration and authentication proc-

15 Seite 15 von 16 esses of an identity. The IdP thus has to provide information about these processes. By evaluating this information the accessed service can get an idea of how sure it can be that the IdP provided information is correct. Open design, expandability With the division of the S.A.F.E.-concept into two parts, it is possible and desirable that other concepts for E-Government applications set on top of the S.A.F.E.-base concept and thus first federable and later FIM scenarios are evolving in the whole German governmental sector. 4 Literature [1] S.A.F.E.-Feinkonzept - Dokument 1: System- und Schnittstellenspezifikation Föderiertes Identity-Management (Architecture and Interfaces for Federated Identity Management) [2] S.A.F.E.-Feinkonzept - Dokument 2: IT-Feinkonzept (S.A.F.E. detailed technical concept) [3] W3C, SOAP Version 1.2, 27 Apr (http://www.w3.org/tr/soap12-part1) [4] W3C, Web Services Description Language (WSDL) Version 2.0, 26 Jun (http://www.w3.org/tr/wsdl20) [5] OASIS, SOAP Message Security 1.1 (WS-Security 2004), 1. Feb (http://docs.oasis-open.org/wss/v1.1) [6] W3C, Web Services Policy Framework (WS-Policy), 25 Apr (http://www.w3.org/submission/ws-policy) [7] OASIS, WS-Trust 1.3, 19 Mär (http://docs.oasis-open.org/ws-sx/wstrust/200512) [8] Diverse, Web Services Federation Language 1.1 (WS-Federation), Dez (http://specs.xmlsoap.org/ws/2006/12/federation/ws-federation.pdf) [9] OASIS, WS-SecureConversation 1.3, 1. Mär (http://docs.oasis-open.org/wssx/ws-secureconversation/200512) [10] OASIS, Service Provisioning Markup Language (SPML) Version 2, 1. Apr (http://www.oasis-open.org/committees/download.php/17708/pstc-spml-2.0-os.zip)

16 Seite 16 von 16 [11] OASIS, Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0, 15 Mar (http://docs.oasisopen.org/security/saml/v2.0/saml-core-2.0-os.pdf) [12] Liberty Alliance Project, Liberty ID-SIS Personal Profile Service Specification V1.1 (www.projectliberty.org/liberty/content/download/1028/7146/file/liberty-idsispp-v1.1.pdf)

D.I.M. allows different authentication procedures, from simple e-mail confirmation to electronic ID.

D.I.M. allows different authentication procedures, from simple e-mail confirmation to electronic ID. Seite 1 von 11 Distributed Identity Management The intention of Distributed Identity Management is the advancement of the electronic communication infrastructure in justice with the goal of defining open,

More information

Federated Identity Management Solutions

Federated Identity Management Solutions Federated Identity Management Solutions Jyri Kallela Helsinki University of Technology jkallela@cc.hut.fi Abstract Federated identity management allows users to access multiple services based on a single

More information

IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation

IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Author: Creation Date: Last Updated: Version: I. Bailey May 28, 2008 March 23, 2009 0.7 Reviewed By Name Organization

More information

Federation Proxy for Cross Domain Identity Federation

Federation Proxy for Cross Domain Identity Federation Proxy for Cross Domain Identity Makoto Hatakeyama NEC Corporation, Common Platform Software Res. Lab. 1753, Shimonumabe, Nakahara-Ku, Kawasaki, Kanagawa 211-8666, Japan +81-44-431-7663 m-hatake@ax.jp.nec.com

More information

This Working Paper provides an introduction to the web services security standards.

This Working Paper provides an introduction to the web services security standards. International Civil Aviation Organization ATNICG WG/8-WP/12 AERONAUTICAL TELECOMMUNICATION NETWORK IMPLEMENTATION COORDINATION GROUP EIGHTH WORKING GROUP MEETING (ATNICG WG/8) Christchurch New Zealand

More information

Digital Identity and Identity Management Technologies.

Digital Identity and Identity Management Technologies. I. Agudo, Digital Identity and Identity Management Technologies, UPGRADE - The European Journal of the Informatics Professional, vol. 2010, pp. 6-12, 2010. NICS Lab. Publications: https://www.nics.uma.es/publications

More information

Introduction to Service Oriented Architectures (SOA)

Introduction to Service Oriented Architectures (SOA) Introduction to Service Oriented Architectures (SOA) Responsible Institutions: ETHZ (Concept) ETHZ (Overall) ETHZ (Revision) http://www.eu-orchestra.org - Version from: 26.10.2007 1 Content 1. Introduction

More information

Federated Identity Architectures

Federated Identity Architectures Federated Identity Architectures Uciel Fragoso-Rodriguez Instituto Tecnológico Autónomo de México, México {uciel@itam.mx} Maryline Laurent-Maknavicius CNRS Samovar UMR 5157, GET Institut National des Télécommunications,

More information

OPENIAM ACCESS MANAGER. Web Access Management made Easy

OPENIAM ACCESS MANAGER. Web Access Management made Easy OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access

More information

Software Requirement Specification Web Services Security

Software Requirement Specification Web Services Security Software Requirement Specification Web Services Security Federation Manager 7.5 Version 0.3 (Draft) Please send comments to: dev@opensso.dev.java.net This document is subject to the following license:

More information

NIST s Guide to Secure Web Services

NIST s Guide to Secure Web Services NIST s Guide to Secure Web Services Presented by Gaspar Modelo-Howard and Ratsameetip Wita Secure and Dependable Web Services National Institute of Standards and Technology. Special Publication 800-95:

More information

The Use of Service Oriented Architecture In Tax and Revenue

The Use of Service Oriented Architecture In Tax and Revenue The Use of Service Oriented Architecture In Tax and Revenue Presented by: Bruce Baur & Adam Schaffer Revenue Solutions, Inc. Introduction Adam Schaffer Director, Revenue Administration Practice Line More

More information

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact Robert C. Broeckelmann Jr., Enterprise Middleware Architect Ryan Triplett, Middleware Security Architect Requirements

More information

Trend of Federated Identity Management for Web Services

Trend of Federated Identity Management for Web Services 30 Trend of Federated Identity Management for Web Services Chulung Kim, Sangyong Han Abstract While Web service providers offer different approaches to implementing security, users of Web services demand

More information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 OTM and SOA Mark Hagan Principal Software Engineer Oracle Product Development Content What is SOA? What is Web Services Security? Web Services Security in OTM Futures 3 PARADIGM 4 Content What is SOA?

More information

Integration of Hotel Property Management Systems (HPMS) with Global Internet Reservation Systems

Integration of Hotel Property Management Systems (HPMS) with Global Internet Reservation Systems Integration of Hotel Property Management Systems (HPMS) with Global Internet Reservation Systems If company want to be competitive on global market nowadays, it have to be persistent on Internet. If we

More information

The Primer: Nuts and Bolts of Federated Identity Management

The Primer: Nuts and Bolts of Federated Identity Management The Primer: Nuts and Bolts of Federated Identity Management Executive Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities.

More information

Enabling SAML for Dynamic Identity Federation Management

Enabling SAML for Dynamic Identity Federation Management Enabling SAML for Dynamic Identity Federation Management Patricia Arias, Florina Almenárez, Andrés Marín and Daniel Díaz-Sánchez University Carlos III of Madrid http://pervasive.gast.it.uc3m.es/ WMNC 2009

More information

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere. OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere. OpenAM, the only all-in-one open source access management solution, provides the

More information

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On A Federated Authorization and Authentication Infrastructure for Unified Single Sign On Sascha Neinert Computing Centre University of Stuttgart Allmandring 30a 70550 Stuttgart sascha.neinert@rus.uni-stuttgart.de

More information

On A-Select and Federated Identity Management Systems

On A-Select and Federated Identity Management Systems On A-Select and Federated Identity Management Systems Joost Reede August 4, 2007 Master s Thesis Information Systems Chair Computer Science Department University of Twente ii This thesis is supervised

More information

Federated Identity in the Enterprise

Federated Identity in the Enterprise www.css-security.com 425.216.0720 WHITE PAPER The proliferation of user accounts can lead to a lowering of the enterprise security posture as users record their account information in order to remember

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

The Primer: Nuts and Bolts of Federated Identity Management

The Primer: Nuts and Bolts of Federated Identity Management The Primer: Nuts and Bolts of Federated Identity Management Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities. With so

More information

Presented By: Muhammad Afzal 08May, 2009

Presented By: Muhammad Afzal 08May, 2009 Secure Web ServiceTransportation for HL7 V3.0 Messages Authors: Somia Razzaq, Maqbool Hussain, Muhammad Afzal, Hafiz Farooq Ahmad Presented By: Muhammad Afzal 08May, 2009 NUST School of Electrical Engineering

More information

ALF SSO: Security Framework for Tool Integration. Brian Carroll, Eclipse ALF Project Lead bcarroll@serena.com

ALF SSO: Security Framework for Tool Integration. Brian Carroll, Eclipse ALF Project Lead bcarroll@serena.com ALF SSO: Security Framework for Tool Integration Brian Carroll, Eclipse ALF Project Lead bcarroll@serena.com 2008 by Brian Carroll, Serena; made available under the EPL v1.0 March 2008 ALF: Is About Process

More information

Federated Identity and Trust Management

Federated Identity and Trust Management Redpaper Axel Buecker Paul Ashley Neil Readshaw Federated Identity and Trust Management Introduction The cost of managing the life cycle of user identities is very high. Most organizations have to manage

More information

New Generation of Liberty. for Enterprise. Fulup Ar Foll, Sun Microsystems Fulup@sun.com

New Generation of Liberty. for Enterprise. Fulup Ar Foll, Sun Microsystems Fulup@sun.com New Generation of Liberty TEG Federated Progress Architecture Update for Enterprise Fulup Ar Foll, Sun Microsystems fulup@sun.com 1 Identity Framework Problematic User Seamless (nothing is too simple)

More information

WEB SERVICES SECURITY

WEB SERVICES SECURITY WEB SERVICES SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Biometric Single Sign-on using SAML

Biometric Single Sign-on using SAML Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan CISSP Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand the importance of Single Sign-On

More information

T-Check in Technologies for Interoperability: Web Services and Security Single Sign-On

T-Check in Technologies for Interoperability: Web Services and Security Single Sign-On T-Check in Technologies for Interoperability: Web Services and Security Single Sign-On Lutz Wrage Soumya Simanta Grace A. Lewis Saul Jaspan December 2007 TECHNICAL NOTE CMU/SEI-2008-TN-026 Integration

More information

Authentication and Single Sign On

Authentication and Single Sign On Contents 1. Introduction 2. Fronter Authentication 2.1 Passwords in Fronter 2.2 Secure Sockets Layer 2.3 Fronter remote authentication 3. External authentication through remote LDAP 3.1 Regular LDAP authentication

More information

Privacy in Cloud Computing Through Identity Management

Privacy in Cloud Computing Through Identity Management Privacy in Cloud Computing Through Identity Management Bharat Bhargava 1, Noopur Singh 2, Asher Sinclair 3 1 Computer Science, Purdue University 2 Electrical and Computer Engineering, Purdue University

More information

Interoperable Provisioning in a Distributed World

Interoperable Provisioning in a Distributed World Interoperable Provisioning in a Distributed World Mark Diodati, Burton Group Ramesh Nagappan, Sun Microsystems Sampo Kellomaki, SymLabs 02/08/07 IAM 302 Contacts Mark Diodati (mdiodati@burtongroup.com)

More information

Service Virtualization: Managing Change in a Service-Oriented Architecture

Service Virtualization: Managing Change in a Service-Oriented Architecture Service Virtualization: Managing Change in a Service-Oriented Architecture Abstract Load balancers, name servers (for example, Domain Name System [DNS]), and stock brokerage services are examples of virtual

More information

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion. Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1 Agenda Need for Identity-based Web services security Single Sign-On

More information

HMA AWG Meeting Proposal for a Security Token Service - 29. September 2009 Marko Reiprecht con terra GmbH, Germany

HMA AWG Meeting Proposal for a Security Token Service - 29. September 2009 Marko Reiprecht con terra GmbH, Germany HMA AWG Meeting Proposal for a Security Token Service - 29. September 2009 Marko Reiprecht con terra GmbH, Germany Goal Show the differences of two alternative federated user management specifications

More information

IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0

IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0 International Virtual Observatory Alliance IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0 IVOA Proposed Recommendation 20151029 Working group http://www.ivoa.net/twiki/bin/view/ivoa/ivoagridandwebservices

More information

Nationwide and Regional Health Information Networks and Federated Identity for Authentication and HIPAA Compliance

Nationwide and Regional Health Information Networks and Federated Identity for Authentication and HIPAA Compliance Nationwide and Regional Health Information Networks and Federated Identity for Authentication and HIPAA Compliance Christina Stephan, MD Co-Chair Liberty Alliance ehealth SIG National Library of Medicine

More information

Introduction to Service-Oriented Architecture for Business Analysts

Introduction to Service-Oriented Architecture for Business Analysts Introduction to Service-Oriented Architecture for Business Analysts This course will provide each participant with a high-level comprehensive overview of the Service- Oriented Architecture (SOA), emphasizing

More information

Les technologies de gestion de l identité

Les technologies de gestion de l identité Commission Identité Numérique Groupe de travail Gestion des identités Les technologies de gestion de l identité ATELIER 1 Paul TREVITHICK, CEO de Parity Responsable projet Higgins Président Fondation Infocard

More information

Guiding Principles for Technical Architecture

Guiding Principles for Technical Architecture This document is a statement of the principles that will guide the technical development of the Kuali Student system. It will serve as a reference throughout the full lifecycle of the project. While these

More information

Developing a business model for Identity Management. Dr. Hellmuth Broda, VP Business Development, First Ondemand Spokesperson, Liberty Alliance

Developing a business model for Identity Management. Dr. Hellmuth Broda, VP Business Development, First Ondemand Spokesperson, Liberty Alliance Developing a business model for Identity Management Dr. Hellmuth Broda, VP Business Development, First Ondemand Spokesperson, Liberty Alliance Life With An Identity Mess A typical intensive IT user has

More information

SAML, The Liberty Alliance, and Federation* Eve Maler eve.maler@sun.com http://www.xmlgrrl.com/blog

SAML, The Liberty Alliance, and Federation* Eve Maler eve.maler@sun.com http://www.xmlgrrl.com/blog SAML, The Liberty Alliance, and Federation* Eve Maler eve.maler@sun.com http://www.xmlgrrl.com/blog IIWb, Mountain View, CA, 4 December 2006 1 When you distribute identity tasks and information in the

More information

A Service Oriented Security Reference Architecture

A Service Oriented Security Reference Architecture International Journal of Advanced Computer Science and Information Technology (IJACSIT) Vol. 1, No.1, October 2012, Page: 25-31, ISSN: 2296-1739 Helvetic Editions LTD, Switzerland www.elvedit.com A Service

More information

Distributed Identity Management Model for Digital Ecosystems

Distributed Identity Management Model for Digital Ecosystems International Conference on Emerging Security Information, Systems and Technologies Distributed Identity Management Model for Digital Ecosystems Hristo Koshutanski Computer Science Department University

More information

Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards)

Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards) Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards) Michael P. Papazoglou (INFOLAB/CRISM, Tilburg University, The Netherlands)

More information

Biometric Single Sign-on using SAML Architecture & Design Strategies

Biometric Single Sign-on using SAML Architecture & Design Strategies Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan Java Technology Architect Sun Microsystems Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand

More information

OIO SAML Profile for Identity Tokens

OIO SAML Profile for Identity Tokens > OIO SAML Profile for Identity Tokens Version 1.0 IT- & Telestyrelsen October 2009 Content > Document History 3 Introduction 4 Related profiles 4 Profile Requirements 6 Requirements 6

More information

SAML and OAUTH comparison

SAML and OAUTH comparison SAML and OAUTH comparison DevConf 2014, Brno JBoss by Red Hat Peter Škopek, pskopek@redhat.com, twitter: @pskopek Feb 7, 2014 Abstract SAML and OAuth are one of the most used protocols/standards for single

More information

Identity opens the participation age. Dr. Rainer Eschrich. Program Manager Identity Management Sun Microsystems GmbH

Identity opens the participation age. Dr. Rainer Eschrich. Program Manager Identity Management Sun Microsystems GmbH Identity opens the participation age Open Web Single Sign- On und föderierte SSO Dr. Rainer Eschrich Program Manager Identity Management Sun Microsystems GmbH Agenda The Identity is the Network Driving

More information

Interoperate in Cloud with Federation

Interoperate in Cloud with Federation Interoperate in Cloud with Federation - Leveraging federation standards can accelerate Cloud computing adoption by resolving vendor lock-in issues and facilitate On Demand business requirements Neha Mehrotra

More information

A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems

A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems Volume 1, Number 2, December 2014 JOURNAL OF COMPUTER SCIENCE AND SOFTWARE APPLICATION A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems Satish Kumar*,

More information

SOA, case Google. Faculty of technology management 07.12.2009 Information Technology Service Oriented Communications CT30A8901.

SOA, case Google. Faculty of technology management 07.12.2009 Information Technology Service Oriented Communications CT30A8901. Faculty of technology management 07.12.2009 Information Technology Service Oriented Communications CT30A8901 SOA, case Google Written by: Sampo Syrjäläinen, 0337918 Jukka Hilvonen, 0337840 1 Contents 1.

More information

WebLogic Server 7.0 Single Sign-On: An Overview

WebLogic Server 7.0 Single Sign-On: An Overview WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of

More information

Java Security Web Services Security (Overview) Lecture 9

Java Security Web Services Security (Overview) Lecture 9 Java Security Web Services Security (Overview) Lecture 9 Java 2 Cryptography Java provides API + SPI for crypto functions Java Cryptography Architecture Security related core classes Access control and

More information

SPML (Service Provisioning Markup Language) and the Importance of it within the Security Infrastructure Framework for ebusiness

SPML (Service Provisioning Markup Language) and the Importance of it within the Security Infrastructure Framework for ebusiness Interoperability Summit 2002 SPML (Service Provisioning Markup Language) and the Importance of it within the Security Infrastructure Framework for ebusiness Gavenraj Sodhi Senior Technology Analyst Provisioning

More information

Server based signature service. Overview

Server based signature service. Overview 1(11) Server based signature service Overview Based on federated identity Swedish e-identification infrastructure 2(11) Table of contents 1 INTRODUCTION... 3 2 FUNCTIONAL... 4 3 SIGN SUPPORT SERVICE...

More information

Oracle Application Server 10g Web Services Frequently Asked Questions Oct, 2006

Oracle Application Server 10g Web Services Frequently Asked Questions Oct, 2006 Oracle Application Server 10g Web Services Frequently Asked Questions Oct, 2006 This FAQ addresses frequently asked questions relating to Oracle Application Server 10g Release 3 (10.1.3.1) Web Services

More information

Why Identity Management. Identity Management. What We Cover. Role of Digital Identity. Digital Identity. Digital Identity (or network identity)

Why Identity Management. Identity Management. What We Cover. Role of Digital Identity. Digital Identity. Digital Identity (or network identity) Why Identity Management Identity Management Claudiu Duma Identity crisis Privacy concerns Identity theft Terrorist threat Department of Computer and Information Science cladu@ida.liu.se What We Cover Digital

More information

IAM Application Integration Guide

IAM Application Integration Guide IAM Application Integration Guide Date 03/02/2015 Version 0.1 DOCUMENT INFORMATIE Document Title IAM Application Integration Guide File Name IAM_Application_Integration_Guide_v0.1_SBO.docx Subject Document

More information

SAML 101. Executive Overview WHITE PAPER

SAML 101. Executive Overview WHITE PAPER SAML 101 Executive Overview Today s enterprise employees use an ever-increasing number of applications, both enterprise hosted and in the Cloud, to do their jobs. What s more, they are accessing those

More information

Secure Semantic Web Service Using SAML

Secure Semantic Web Service Using SAML Secure Semantic Web Service Using SAML JOO-YOUNG LEE and KI-YOUNG MOON Information Security Department Electronics and Telecommunications Research Institute 161 Gajeong-dong, Yuseong-gu, Daejeon KOREA

More information

IBM WebSphere Application Server

IBM WebSphere Application Server IBM WebSphere Application Server SAML 2.0 web single-sign-on 2012 IBM Corporation This presentation describes support for SAML 2.0 web browser Single Sign On profile included in IBM WebSphere Application

More information

SCUR203 Why Do We Need Security Standards?

SCUR203 Why Do We Need Security Standards? SCUR203 Why Do We Need Security Standards? Cristina Buchholz Product Security, SAP Learning Objectives As a result of this workshop, you will be able to: Recognize the need for standardization Understand

More information

An Open Policy Framework for Cross-vendor Integrated Governance

An Open Policy Framework for Cross-vendor Integrated Governance An Open Policy Framework for Cross-vendor Integrated Governance White Paper Intel SOA Expressway An Open Policy Framework for Cross-vendor Integrated Governance Intel SOA Expressway delivers a pluggable

More information

A Privacy-Preserving eid based Single Sign-On Solution

A Privacy-Preserving eid based Single Sign-On Solution A Privacy-Preserving eid based Single Sign-On Solution Bernd Zwattendorfer, Arne Tauber, Thomas Zefferer E-Government Innovation Center Graz, Austria {Bernd.Zwattendorfer, Arne.Tauber, Thomas.Zefferer}@egiz.gv.at

More information

Identity Management im Liberty Alliance Project

Identity Management im Liberty Alliance Project Rheinisch-Westfälische Technische Hochschule Aachen Lehrstuhl für Informatik IV Prof. Dr. rer. nat. Otto Spaniol Identity Management im Liberty Alliance Project Seminar: Datenkommunikation und verteilte

More information

Extending DigiD to the Private Sector (DigiD-2)

Extending DigiD to the Private Sector (DigiD-2) TECHNISCHE UNIVERSITEIT EINDHOVEN Department of Mathematics and Computer Science MASTER S THESIS Extending DigiD to the Private Sector (DigiD-2) By Giorgi Moniava Supervisors: Eric Verheul (RU, PwC) L.A.M.

More information

Introduction to Identity Management. Sam Lee, Outblaze Ltd.

Introduction to Identity Management. Sam Lee, Outblaze Ltd. Introduction to Identity Management Sam Lee, Outblaze Ltd. Agenda Background Identity Management Single Sign-On Federation Future s Identity management Conclusions 2 Background Why identity management?

More information

Using WS-Federation and WS-Security for Identity Management in Virtual Organisations

Using WS-Federation and WS-Security for Identity Management in Virtual Organisations Using WS-Federation and WS-Security for Identity Management in Virtual Organisations Demchenko, Yu. , Universiteit van Amsterdam Abstracts The paper provides insight into one of key

More information

Oracle SOA Reference Architecture

Oracle SOA Reference Architecture http://oraclearchworld.wordpress.com/ Oracle SOA Reference Architecture By Kathiravan Udayakumar Introduction to SOA Service Oriented Architecture is a buzz word in IT industry for few years now. What

More information

Run-time Service Oriented Architecture (SOA) V 0.1

Run-time Service Oriented Architecture (SOA) V 0.1 Run-time Service Oriented Architecture (SOA) V 0.1 July 2005 Table of Contents 1.0 INTRODUCTION... 1 2.0 PRINCIPLES... 1 3.0 FERA REFERENCE ARCHITECTURE... 2 4.0 SOA RUN-TIME ARCHITECTURE...4 4.1 FEDERATES...

More information

The Top 5 Federated Single Sign-On Scenarios

The Top 5 Federated Single Sign-On Scenarios The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3

More information

Federated Identity Management. Willem Elbers (MPI-TLA) EUDAT training

Federated Identity Management. Willem Elbers (MPI-TLA) EUDAT training Federated Identity Management Willem Elbers (MPI-TLA) EUDAT training Date: 26 June 2012 Outline FIM and introduction to components Federation and metadata National Identity federations and inter federations

More information

Introduction to SAML

Introduction to SAML Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments

More information

Resolution Database Privacy preserving based Single-Signon

Resolution Database Privacy preserving based Single-Signon Resolution Database Privacy preserving based Single-Signon Solution S.S Dhanvantri Divi 1, T.Swapna 2, K.J.Sharma 3 1 Student, TRR ENGINEERING COLLEGE, PATANCHERU, HYDERABAD 2 Associate Professor, TRR

More information

Trusting XBRL: Using the Liberty Web Services Framework to Secure and Authenticate XBRL Documents

Trusting XBRL: Using the Liberty Web Services Framework to Secure and Authenticate XBRL Documents Trusting XBRL: Using the Liberty Web Services Framework to Secure and Authenticate XBRL Documents Farrukh Najmi and Eve Maler farrukh.najmi@sun.com, eve.maler@sun.com Sun Microsystems, Inc. Goals for today's

More information

Internet Single Sign-On Systems

Internet Single Sign-On Systems Internet Single Sign-On Systems Radovan SEMANČÍK nlight, s.r.o. Súľovská 34, 812 05 Bratislava, Slovak Republic semancik@nlight.sk Abstract. This document describes the requirements and general principles

More information

Identity Management. Audun Jøsang University of Oslo. NIS 2010 Summer School. September 2010. http://persons.unik.no/josang/

Identity Management. Audun Jøsang University of Oslo. NIS 2010 Summer School. September 2010. http://persons.unik.no/josang/ Identity Management Audun Jøsang University of Oslo NIS 2010 Summer School September 2010 http://persons.unik.no/josang/ Outline Identity and identity management concepts Identity management models User-centric

More information

Developers Integration Lab (DIL) System Architecture, Version 1.0

Developers Integration Lab (DIL) System Architecture, Version 1.0 Developers Integration Lab (DIL) System Architecture, Version 1.0 11/13/2012 Document Change History Version Date Items Changed Since Previous Version Changed By 0.1 10/01/2011 Outline Laura Edens 0.2

More information

Secure Identity in Cloud Computing

Secure Identity in Cloud Computing Secure Identity in Cloud Computing Michelle Carter The Aerospace Corporation March 20, 2013 The Aerospace Corporation 2013 All trademarks, service marks, and trade names are the property of their respective

More information

SOA GOVERNANCE MODEL

SOA GOVERNANCE MODEL SOA GOVERNANCE MODEL Matjaz B. Juric University of Ljubljana, Slovenia matjaz.juric@fri.uni-lj.si Eva Zupancic University of Ljubljana, Slovenia Abstract: Service Oriented Architecture (SOA) has become

More information

Leveraging Service Oriented Architecture (SOA) to integrate Oracle Applications with SalesForce.com

Leveraging Service Oriented Architecture (SOA) to integrate Oracle Applications with SalesForce.com Leveraging Service Oriented Architecture (SOA) to integrate Oracle Applications with SalesForce.com Presented by: Shashi Mamidibathula, CPIM, PMP Principal Pramaan Systems shashi.mamidi@pramaan.com www.pramaan.com

More information

CICS Web Service Security. Anthony Papageorgiou IBM CICS Development March 13, 2012 Session: 10282

CICS Web Service Security. Anthony Papageorgiou IBM CICS Development March 13, 2012 Session: 10282 Web Service Security Anthony Papageorgiou IBM Development March 13, 2012 Session: 10282 Agenda Web Service Support Overview Security Basics and Terminology Pipeline Security Overview Identity Encryption

More information

Identity Management for the Cloud

Identity Management for the Cloud Identity Management for the Cloud New answers to old questions 10. Anwenderkonferenz Softwarequalität, Test und Innovationen 6. und 7. September 2012 Alpen-Adria-Universität Klagenfurt Dr. Horst Walther,

More information

Identity Management Challenges for Intercloud Applications

Identity Management Challenges for Intercloud Applications Identity Management Challenges for Intercloud Applications David Núñez 1, Isaac Agudo 1, Prokopios Drogkaris 2 and Stefanos Gritzalis 2 1 Department of Computer Science, E.T.S. de Ingeniería Informática,

More information

SAML Security Option White Paper

SAML Security Option White Paper Fujitsu mpollux SAML Security Option White Paper Fujitsu mpollux Version 2.1 February 2009 First Edition February 2009 The programs described in this document may only be used in accordance with the conditions

More information

Web Services Security: What s Required To Secure A Service-Oriented Architecture. An Oracle White Paper January 2008

Web Services Security: What s Required To Secure A Service-Oriented Architecture. An Oracle White Paper January 2008 Web Services Security: What s Required To Secure A Service-Oriented Architecture An Oracle White Paper January 2008 Web Services Security: What s Required To Secure A Service-Oriented Architecture. INTRODUCTION

More information

COPYRIGHTED MATERIAL. Chapter 1: Introduction

COPYRIGHTED MATERIAL. Chapter 1: Introduction Chapter 1: Introduction 1 Chapter 1: Introduction A major industry trend is evident in the deployment of Web services technology to enhance existing services and to create new and innovative services.

More information

OIO Web SSO Profile V2.0.5

OIO Web SSO Profile V2.0.5 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

More information

e-filing Secure Web Service User Manual

e-filing Secure Web Service User Manual e-filing Secure Web Service User Manual Page1 CONTENTS 1 BULK ITR... 6 2 BULK PAN VERIFICATION... 9 3 GET ITR-V BY TOKEN NUMBER... 13 4 GET ITR-V BY ACKNOWLEDGMENT NUMBER... 16 5 GET RETURN STATUS... 19

More information

Securing Web Services Using Microsoft Web Services Enhancements 1.0. Petr PALAS PortSight Software Architect petrp@portsight.com www.portsight.

Securing Web Services Using Microsoft Web Services Enhancements 1.0. Petr PALAS PortSight Software Architect petrp@portsight.com www.portsight. Securing Web Services Using Microsoft Web Services Enhancements 1.0 Petr PALAS PortSight Software Architect petrp@portsight.com www.portsight.com Agenda What is WSE and Its Relationship to GXA Standards

More information

Manisha R. Patil. Keywords Cloud service provider, Identity Provider, Enhanced Client Profile, Identity Management, Privacy, Trust Manager.

Manisha R. Patil. Keywords Cloud service provider, Identity Provider, Enhanced Client Profile, Identity Management, Privacy, Trust Manager. Volume 4, Issue 7, July 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Privacy and Dynamic

More information

e-gov Architecture Service Interface Guidelines

e-gov Architecture Service Interface Guidelines 1 Introduction... 4 2 Mandatory Standards... 5 2.1 WSDL... 5 2.1.1 Service Definition Layer... 5 2.1.2 Binding Layer... 6 2.2 SOAP... 7 2.3 UDDI... 8 2.3.1 Different types of UDDI registries... 8 2.3.2

More information

Distributed Identification and Consumer Data Protection. Khaja Ahmed Microsoft Corporation

Distributed Identification and Consumer Data Protection. Khaja Ahmed Microsoft Corporation Distributed Identification and Consumer Data Protection Khaja Ahmed Microsoft Corporation Threats to Online Safety Consumer privacy has steadily declined as internet use grew over the years Greater use

More information

Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver

Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver SAP Product Management, SAP NetWeaver Identity Management

More information

An Efficient Windows Cardspace identity Management Technique in Cloud Computing

An Efficient Windows Cardspace identity Management Technique in Cloud Computing IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 16, Issue 3, Ver. VII (May-Jun. 2014), PP 61-66 An Efficient Windows Cardspace identity Management Technique

More information

Securing Enterprise: Employability and HR

Securing Enterprise: Employability and HR 1 Securing Enterprise: Employability and HR Federation and XACML as Security and Access Control Layer Open Standards Forum 2 Employability and HR Vertical Multiple Players - Excellent case for federation

More information