Identity Provisions for Cloud Services: Applying OASIS SOA Reference Model



Similar documents
FUJITSU Software Interstage Business Operations Platform: A Foundation for Smart Process Applications

Realizing business flexibility through integrated SOA policy management.

A Service Oriented Security Reference Architecture

Federal Enterprise Architecture and Service-Oriented Architecture

Trust areas: a security paradigm for the Future Internet

Introduction to Service Oriented Architectures (SOA)

Securing Web Services With SAML

Server based signature service. Overview

EA, BPM and SOA. Bridging the information gap using the Oracle BPA Suite and an integrated model. Dirk Stähler, Director Strategy and Innovation

Cloud, security and the mobile enterprise: An end-to-end manageability challenge

Cloud Computing Standards: Overview and ITU-T positioning

Service-Oriented Architecture and Software Engineering

TMW01 Managing and Deploying BYOD Identity Solutions with a Microsoft PKI

Run-time Service Oriented Architecture (SOA) V 0.1

Figure 1 Cloud Computing. 1.What is Cloud: Clouds are of specific commercial interest not just on the acquiring tendency to outsource IT

Building the Agile Enterprise. The MK/OMG Press

Software Engineering Reference Framework

Open S-BPM: Goals and Architecture

Customer Cloud Architecture for Mobile.

OPENIAM ACCESS MANAGER. Web Access Management made Easy

The Ethics of Cloud Computing A Conceptual Review

TECHNICAL SPECIFICATION: LEGISLATION EXECUTING CLOUD SERVICES

ITL BULLETIN FOR JULY Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance

Privacy & Security of Mobile Cloud Computing (MCC)

Guiding SOA Evolution through Governance From SOA 101 to Virtualization to Cloud Computing

Comparative Analysis of SOA and Cloud Computing Architectures using Fact Based Modeling

The XACML Enabled Gateway The Entrance to a New SOA Ecosystem

IBM WebSphere Application Server

Quality Ensuring Development of Software Processes

Integrating ITSM and Cloud into Enterprise IT Governance

Leveraging MITA to Implement Service Oriented Architecture and Enterprise Data Management. Category: Cross Boundary Collaboration

Introduction to SOA governance and service lifecycle management.

Business Object Document (BOD) Message Architecture for OAGIS Release 9.+

Protect Everything: Networks, Applications and Cloud Services

EHR Standards Landscape

Blue Fire Thames Court 1 Victoria Street Windsor SL4 1YB enquiries@bluefire-uk.com

The case for service oriented architecture in realising trusted, interoperable, pan-european egovernment services.

Developing Business Architecture with TOGAF

Master Data Management (MDM)

Service-Oriented Computing and Service-Oriented Architecture

Microsoft SOA Roadmap

Table of Contents. 1 Executive Summary SOA Overview Technology Processes and Governance... 8

SERVICE-ORIENTED MODELING FRAMEWORK (SOMF ) SERVICE-ORIENTED SOFTWARE ARCHITECTURE MODEL LANGUAGE SPECIFICATIONS

Cloud-based Identity and Access Control for Diagnostic Imaging Systems

SOA + BPM = Agile Integrated Tax Systems. Hemant Sharma CTO, State and Local Government

NIST s Guide to Secure Web Services

The Need for Service Catalog Design in Cloud Services Development

TWX-21 Business System Cloud for Global Corporations

CS 356 Lecture 28 Internet Authentication. Spring 2013

OpenHRE Security Architecture. (DRAFT v0.5)

Open Group SOA Governance. San Diego 2009

NCTA Cloud Architecture

IBM Software IBM Business Process Management Suite. Increase business agility with the IBM Business Process Management Suite

Master Data Management (MDM)

Solutions Master Data Governance Model and Mechanism

D6.1: Service management tools implementation and maturity baseline assessment framework

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Service Oriented Architecture and Its Advantages

IT Audit and Compliance

Validating Enterprise Systems: A Practical Guide

Web Services - Consultant s View. From IT Stategy to IT Architecture. Agenda. Introduction

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

Green Power Accounting Workshop: Concept Note For discussion during Green Power Accounting Workshop in Mexico City, May 13th 2011

Module 6. e-business and e- Commerce

journey to a hybrid cloud

SOA Enabled Workflow Modernization

Two-Factor Authentication

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao

Overview of major concepts in the service oriented extended OeBTO

Cyber Essentials Questionnaire

Professional Cloud Solutions and Service Practices

What s New In ITIL V3?

Outline SOA. Properties of SOA. Service 2/19/2016. Definitions. Comparison of component technologies. Definitions Component technologies

VOL. 2, NO. 3, March 2012 ISSN ARPN Journal of Systems and Software AJSS Journal. All rights reserved

Securing Data in Oracle Database 12c

Fidelis XPS Power Tools. Gaining Visibility Into Your Cloud: Cloud Services Security. February 2012 PAGE 1 PAGE 1

A MORE FLEXIBLE MULTI-TENANT SOA FOR SAAS

IBM WebSphere Application Server

Transcription:

Identity Provisions for Cloud Services: Applying OASIS SOA Reference Model Presented by: Dr Michael Poulin Member & Co editor at SOA RM TC Member of AASCIT (American Association for Science and Technology) OASIS RM for SOA & RAF for SOA Head of EA, Clingstone Ltd. Michael.Poulin@Clingstone.co.uk

Unexpected and Hidden Problem What is the difference between a File in your company s File Server and the same File, but located in the Cloud File Server? Assumption: your company does not own this Cloud Answer 1: no differences Answer 3: it is not 100% my file any more Answer 2: do not know A treatment of Consumer Identity for in house Applications or Services A treatment of Consumer Identity for Cloud Services A procurement of this problem from the perspective of SOA-RAF - the Reference Architecture Foundation for SOA, the OASIS Specification [Version 1.0 Committee Specification 01, 04 December 2012 ] has led to interesting results 2

OASIS RAF for SOA SO Ecosystem <viewpoint> Captures what is meant to realize a SOA-based system in a SOA ecosystem. Stakeholders - involved in the design, development and deployment of SOA-based systems Effective construction of SOA-based systems. <model> Understanding Governance A Generic Model for Governance Governance Applied to SOA Architectural Implications of SOA Governance <viewpoint> <viewpoint> Captures what is meant for people to participate in a SOA ecosystem Stakeholders - all participants in the SOA ecosystem Understanding ecosystem constraints and contexts in which business can be conducted predictably and effectively. OASIS Reference Architecture Foundation for SOA Captures what is meant to own a SOA-based system in a SOA ecosystem Stakeholders - involved in governing, managing, securing, and testing SOA-based systems Processes to ensure governance, management, security, and testing of SOA-based systems feedback direction <position> <model> Landscape Around Architecture," Joint Paper, The Open Group, OASIS, and OMG, July 2009 Management Management Means & Relationships Management & Governance Management & Contracts Management for Monitoring & Reporting Management for Infrastructure Architectural Implications on the Management Model 3

SO Ecosystem about Business Aspects of Services SO Ecosystem (OASIS RAF) o is a space in which people, processes and machines act together to deliver business capabilities as services in order to further both their own objectives and the objectives of the larger community o there may not be any single person or organization that is really "in control" or"in charge" ofthe whole ecosystem The OASIS SOA Reference Model defines : Service Oriented Architecture SOA (OASIS RAF) is a paradigm for organizing and utilizing distributed capabilities that may be under the control of different ownership domains. It provides a uniform means to offer, discover, interact with and use capabilities to produce desired effects consistent with measurable preconditions and expectations. The central focus of SOA is the task or business function getting something done, and Services as the mechanism by which needs and capabilities are brought together. Together, these ideas describe an environment in which business functions (realized in the form of services) address business needs. Service body utilizes capabilities or represents a capability implementation to produce specific (real world) effects that fulfil business needs. Both the services and the capabilities may be distributed across ownership domains, with different policies and conditions of use Applications do not need Trust, services do Trust is the private assessment or internal perception of one actor that another actor will perform actions in accordance with an assertion regarding a desired real world effect. Ownership A set of claims, expressed as rights and responsibilities that a stakeholder has in relation to a resource; it may include the right to transfer that ownership, or some subset of rights and responsibilities, to another entity. Service Contract is a derivative from Service Description: An implicit or explicit documented agreement between the service consumer and service provider about the use of the service based on the commitment by a service provider to provide service functionality and results consistent with identified real world effects and the commitment by a service consumer to interact with the service per specific means and per specified policies, where both consumer and provider actions are in the manner described in the service description. 4

A Cloud Service is a SOA Service As for a regular SOA Business Service: o A Cloud Service is provided by independent business entity o A Cloud consumers reaches a Cloud Service based on a Service Contract o A Cloud consumers selects a Cloud Service based on an off-line Service Description o A Cloud Provider engages other Cloud Services on demand o A Cloud Provider offers different interfaces of the Cloud consumers depending on the agreement with them o A Cloud Provider competes with other Cloud Providers for the Cloud consumers. o A Cloud Provider charges Cloud consumers for the provided Cloud Services A Cloud Service is not your IT service; it requires a business, rather than technology, management 5

A Power of Knowledge SO Ecosystem mimics & models a real world Business. Since we know how SO Ecosystem operates, we can predict with a high level of accuracy the behavioural patterns of Service Providers and Service Consumers 6

Back to the Problem: Competing Security Realms I do not want to pay You, or I do not want to pay You more than your competitor charges Security Authority Security Authority Security Realm A Cloud Consumer Security Realm B 7

If You are not my Consumer, Why would I Care about your ID? XYZ MNQ ID ABC A propagation of an end-user identity among independent Cloud Services requires special considerations that may be commercially infeasible 8

Knight Rules of Service Ownership When work in SO Ecosystem, do as Services do A Service of my Service is not my Service A Supplier of my Supplier is not my Supplier A Partner of my Partner is not my Partner A Consumer of my Consumer is not my Consumer 9

What to Do? From Provider World to Consumer World We need to cross the boundaries of Cloud Security Realms Bridging 3 rd party Security Authority Security Gateway Service for the Realm A Security Authority ID 2 Security Authority Security Realm A ID 1 A Cloud Consumer Security Realm B 10

Clouds Service Security: how SOA Handles Commercialisation To Take Away: Every Cloud Provider is an independent business. Cloud includes security services of authentication, authorisation, encryption and so forth. Security services are for a cost to Cloud consumers Every Cloud Provider is free to chose a Security Authority and its protected realm Providers of Security Realms are not obliged to agree on any security cooperation, collaboration or federation No Cloud Provider can enforce a consumer to share the same Security Authority & realm A Provider of the Cloud services cannot and is not obliged to deal with any identity information that belongs to a consumer of its consumer. Nonetheless, this identity may be verified if they all consumers and providers are in the same Security Realm A Security Gateway Service can be created in any Security Realm and, being an independent business entity, participate in another Security Realm at the same time A Security Gateway Service can play a role of an intermediary across boundaries of the Security Realms Business Services establish trust regardless Security Authorities and Security Realms A propagation of the end-user s Identity in the chain of Cloud services makes sense only if both end-user and all chained Cloud services belong to the same Cloud Security Realm 11

Thank You! 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information