SlideShare uma empresa Scribd logo

Soa security2

Transferir como PPT, PDF
wardell henley
wardell henley

SOA security

Tecnologia
1 de 31
® IBM Software Group © 2004 IBM Corporation Integrated Security Architecture James Andoniadis IBM Canada
IBM Software Group | Tivoli software CEO View: Increased Collaboration Brings Rewards
IBM Software Group | Tivoli software Layers of security Perimeter Defense Keep out unwanted with • Firewalls • Anti-Virus • Intrusion Detection, etc.Perimeter Defense Control Layer Assurance Layer Control Layer • Which users can come in? • What can users see and do? • Are user preferences supported? • Can user privacy be protected? Assurance Layer • Can I comply with regulations? • Can I deliver audit reports? • Am I at risk? • Can I respond to security events?
IBM Software Group | Tivoli software Pre SOA Security: Enforcement & Decision Points Access Enforcement Functionality (AEF) Access Decision Functionality (ADF)
IBM Software Group | Tivoli software Directory Management View Web Access Control Network Access Control Customer Employee Transactional Web Presentation Informational Web Presentation Certificate Status Responder External Directory Transactional Web Integration External SMTP Gateway Internal SMTP Gateway Network Dispatcher Delegated User Management Internal ePortal, LDAP- enabled apps Single Sign On Application Access Control Network Authentication & Authorization Internal Directory LOB Applications Databases Application Directory Network Operating Systems Identity Management Certifcate Authority Web Single Sign On Messaging CRM/ ERP (PeopleSoft) Meta-Directory LDAP Directory Proxy External ePortal
IBM Software Group | Tivoli software Identity and Access Management Portfolio Apps/Email UNIX/Linux NOS Databases & Applications MF/Midrange Identity Stores HRCRM, Partners Security Mgmt Objects ITIM: Provisioning • Policies • Workflow • Password Self-service • Audit trails W eb Applications Enterprise Directory •Personal Info •Credentials •Entitlements ITFIM: Federated Identity Web Services Security Portal Presentation Personalization ITAM: Web Access Management SSO, Authentication, Authorization ITDI Directory Integration ITDS Directory Server TAM for ESSO
IBM Software Group | Tivoli software
IBM Software Group | Tivoli software Governments as Identity Providers “TRUST provides ACCESS” The United States is an “Identity Provider” because it issues a Passport as proof of identification USA Vouches for its Citizens Users Users Germany:Identity Provider Users USA:Identity Provider China:Identity Provider
IBM Software Group | Tivoli software Roles: Identity Provider and Service Provider 1. Issues Network / Login credentials 2. Handles User Administration/ ID Mgmt 3. Authenticates User 4. “Vouches” for the user’s identity Service Provider controls access to services Third-party user has access to services for the duration of the federation Only manages user attributes relevant to SP Identity Provider “Vouching” party in transaction “Validation” party in transaction Service Provider Mutual TRUST
IBM Software Group | Tivoli software Federated Identity Standards
IBM Software Group | Tivoli software Agenda  Enterprise Security Architecture – MASS Intro  Identity, Access, and Federated Identity Management  SOA Security
IBM Software Group | Tivoli software Custom Application Packaged Application Packaged Application Custom Application consumers business processes process choreography services atomic and composite ServiceConsumerServiceProvider 11 22 33 44 55 OO ApplicationCustom ApplicationOutlook SAP Custom Application business processes process choreography Services (Definitions) atomic and composite Service components ServiceConsumerServiceProvider 11 22 33 44 55 OO ApplicationISV Custom Apps Platform Operational systems Supporting Middleware MQ DB2Unix OS/390 SOA Security Encompass all Aspects of Security SOA Security  Identity  Authentication  Authorization  Confidentiality, Integrity  Availability  Auditing & Compliance  Administration and Policy Management SCA Portlet WSRP B2B Other
IBM Software Group | Tivoli software Message-based Security : End-to-End Security  Message-based security does not rely on secure transport  message itself is encrypted  message privacy  message itself is signed  message integrity  message contains user identity  proof of origin HTTPS HTTPS SOAP Message Connection Integrity/Privacy Connection Integrity/Privacy ?
IBM Software Group | Tivoli software Web Service Security Specifications Roadmap WSS – SOAP SecurityWSS – SOAP Security SecuritySecurity PolicyPolicy SecureSecure ConversationConversation TrustTrust FederationFederation PrivacyPrivacy AuthorizationAuthorization SOAP MessagingSOAP Messaging
IBM Software Group | Tivoli software SOAP Message Security: Extensions to Header  SOAP Header allows for extensions  OASIS standard “WS-Security: SOAP Message Security”  defines XML for Tokens, Signatures and Encryption  defines how these elements are included in SOAP Header Envelope Body Header <application data> Security Element Security Token Signature Encrypted Data Security Element
IBM Software Group | Tivoli software Security Drill Down Transport Layer Security SSL/TLS Termination 1st Layer Message Security  Signature Validation/ Origin Authentication Message Level Decryption 2nd Layer Message Security  Requestor Identification & Authentication & Mapping Element Level Decryption Application Security (Authorization with ESB asserted identifier) Security Policy Security Token Service Key Store, Management Authorization Nth Layer Message Security  Requestor Identification & Authentication & Mapping  Message Level Encryption
IBM Software Group | Tivoli software SOAP Moving to SOA – Accommodate Web Services HTTP
IBM Software Group | Tivoli software SOAP Moving to SOA – Accommodate Web Services Transport Layer Confidentiality Integrity Transport Layer Confidentiality Integrity HTTP User Interaction Based I&A Enforcement Identification & Authentication Decisions Token Based Authentication Enforcement Identity Mapping Message Layer Confidentiality Integrity
IBM Software Group | Tivoli software Moving to SOA, Adding the ESB… (Mandatory Scary Picture) Common Auditing & Reporting Service Tivoli Federated Identity Manager Tivoli Access Manager H/W: DataPower XS40 S/W: WebSphere Web Svs. G/W S/W: Tivoli Access Manager Reverse Proxy/Web PI TivoliDirectoryServer WebSphere Enterprise Service Bus DP XI50 TFIM,TAM TFIM TFIM TFIM TAMTAM
IBM Software Group | Tivoli software Further Reading  On Demand Operating Environment: Security Considerations in an Extended Enterprise http://publib-b.boulder.ibm.com/abstracts/redp3928.html?Open  Web Services Security Standards, Tutorials, Papers http://www.ibm.com/developerworks/views/webservices/standards.jsp http://www.ibm.com/developerworks/views/webservices/tutorials.jsp http://webservices.xml.com/  Websphere Security Fundamentals / WAS 6.0 Security Handbook http://www.redbooks.ibm.com/redpieces/abstracts/redp3944.html?Open http://www.redbooks.ibm.com/redpieces/abstracts/sg246316.html?Open  IBM Tivoli Product Home Page http://www.ibm.com/software/tivoli/solutions/security/
IBM Software Group | Tivoli software Summary  End-to-end Security Integration is complex  Web Services and SOA security are emerging areas Moving from session level security to message level security  Identity Management incorporates several security services, but other security services need to be integrated as well Audit and Event Management, Compliance and Assurance Etc.  Security technology is part – process, policy, people are the others and often harder to change  Only Constant is Change, but evolve around the fundamentals Establish separation of application and security management Use of open standards will help with integration of past and future technologies
IBM Software Group | Tivoli software Questions?
IBM Software Group | Tivoli software Security 101 Definitions  Authentication - Identify who you are  Userid/password, PKI certificates, Kerberos, Tokens, Biometrics  Authorization – What you can access  Access Enforcement Function / Access Decision Function  Roles, Groups, Entitlements  Administration – Applying security policy to resource protection  Directories, administration interfaces, delegation, self-service  Audit – Logging security success / failures  Basis of monitoring, accountability/non-repudiation, investigation, forensics  Assurance – Security integrity and compliance to policy  Monitoring (Intrusion Detection, AntiVirus, Compliance), Vulnerability Testing  Asset Protection  Data Confidentiality, Integrity, Data Privacy  Availability  Backup/recovery, disaster recovery, high availability/redundance
IBM Software Group | Tivoli software Agenda  Enterprise Security Architecture – MASS Intro  Identity, Access, and Federated Identity Management  SOA Security
IBM Software Group | Tivoli software MASS – Processes for a Security Management Architecture
IBM Software Group | Tivoli software Access Control Subsystem Purpose:  Enforce security policies by gating access to, and execution of, processes and services within a computing solution via identification, authentication, and authorization processes, along with security mechanisms that use credentials and attributes. Functions:  Access control monitoring and enforcement: Policy Enforcement Point/Policy Decision Point/ Policy Administration Point  Identification and authentication mechanisms, including verification of secrets, cryptography (encryption and signing), and single-use versus multiple-use authentication mechanisms  Authorization mechanisms, to include attributes, privileges, and permissions  Enforcement mechanisms, including failure handling, bypass prevention, banners, timing and timeout, event capture, and decision and logging components Sample Technologies:  RACF, platform/application security, web access control
IBM Software Group | Tivoli software Identity and Credential Subsystem Purpose:  Generate, distribute, and manage the data objects that convey identity and permissions across networks and among the platforms, the processes, and the security subsystems within a computing solution. Functions:  Single-use versus multiple-use mechanisms, either cryptographic or non- cryptographic  Generation and verification of secrets  Identities and credentials to be used in access control: identification, authentication, and access control for the purpose of user-subject binding  Credentials to be used for purposes of identity in legally binding transactions  Timing and duration of identification and authentication  Lifecycle of credentials  Anonymity and pseudonymity mechanisms Sample Technologies:  Tokens (PKI, Kerberos, SAML), User registries (LDAP,AD,RACF,…), Administration consoles, Session management
IBM Software Group | Tivoli software Information Flow Control Subsystem Purpose:  Enforce security policies by gating the flow of information within a computing solution, affecting the visibility of information within a computing solution, and ensuring the integrity of information flowing within a computing solution. Functions:  Flow permission or prevention  Flow monitoring and enforcement  Transfer services and environments: open or trusted channel, open or trusted path, media conversions, manual transfer, and import to or export between domain  Encryption  Storage mechanisms: cryptography and hardware security modules Sample Technologies:  Firewalls, VPNs, SSL
IBM Software Group | Tivoli software Security Audit Subsystem Purpose:  Provide proof of compliance to the security policy. Functions:  Collection of security audit data, including capture of the appropriate data, trusted transfer of audit data, and synchronization of chronologies  Protection of security audit data, including use of time stamps, signing events, and storage integrity to prevent loss of data  Analysis of security audit data, including review, anomaly detection, violation analysis, and attack analysis using simple heuristics or complex heuristics  Alarms for loss thresholds, warning conditions, and critical events Sample Technologies:  syslog, application/platform access logs
IBM Software Group | Tivoli software Solution Integrity Subsystem Purpose:  address the requirement for reliable and correct operation of a computing solution in support of meeting the legal and technical standard for its processes Functions:  Physical protection for data objects, such as cryptographic keys, and physical components, such as cabling, hardware, and so on  Continued operations including fault tolerance, failure recovery, and self-testing  Storage mechanisms: cryptography and hardware security modules  Accurate time source for time measurement and time stamps  Alarms and actions when physical or passive attack is detected Sample Technologies:  Systems Management solutions - performance, availability, disaster recovery, storage management  Operational Security tools: , Host and Network Intrusion Detection Sensors (Snort), Event Correlation tools, Host security monitoring/enforcement tools (Tripwire, TAMOS), Host/Network Vulnerability Monitors/Scanners (Neesus), Anti-Virus software
IBM Software Group | Tivoli software On Demand SolutionsOn Demand Solutions On Demand Infrastructure – Services and Components Network Security Solutions (VPNs, firewalls, intrusion detection systems) On Demand Infrastructure – OS, application, network component logging and security events logging; event management; archiving; business continuity Policy Management (authorization, privacy, federation, etc.) Identity Management Key Management Intrusion Defense Anti-Virus Management Audit & Non- Repudiation AssuranceAuthorizationIdentity Federation Credential Exchange Secure Networks and Operating Systems SecureLogging TrustModel Bindings Security and Secure Conversation (transport, protocol, message security) Security Policy Expression Privacy Policy Virtual Org Policies Mapping Rules Service/End- point Policy On Demand Security InfrastructureOn Demand Security Infrastructure On Demand Security Architecture (Logical)

Recomendados

IBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - PortfolioIBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - PortfolioIBM Sverige
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsSafeNet
 
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...IBM Security
 
Privileged Access Manager Product Q&A
Privileged Access Manager Product Q&APrivileged Access Manager Product Q&A
Privileged Access Manager Product Q&AHitachi ID Systems, Inc.
 
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Precisely
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure EnterpriseIBM Security
 
Path Maker Security Presentation
Path Maker Security PresentationPath Maker Security Presentation
Path Maker Security Presentationdanhsmith
 
Whats new in data power
Whats new in data powerWhats new in data power
Whats new in data powersflynn073
 

Recomendados

IBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - PortfolioIBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - PortfolioIBM Sverige
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsSafeNet
 
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...IBM Security
 
Privileged Access Manager Product Q&A
Privileged Access Manager Product Q&APrivileged Access Manager Product Q&A
Privileged Access Manager Product Q&AHitachi ID Systems, Inc.
 
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...
Increase IBM i Security & Accelerate Compliance with New Syncsort Security Re...Precisely
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure EnterpriseIBM Security
 
Path Maker Security Presentation
Path Maker Security PresentationPath Maker Security Presentation
Path Maker Security Presentationdanhsmith
 
Whats new in data power
Whats new in data powerWhats new in data power
Whats new in data powersflynn073
 
Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Krystel Hery
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012gaborvodics
 
Open day competenze digitali boverino v-mware intro
Open day competenze digitali boverino v-mware introOpen day competenze digitali boverino v-mware intro
Open day competenze digitali boverino v-mware introRedazione InnovaPuglia
 
Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM DatapowerSigortam.net
 
Hitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Systems, Inc.
 
IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Thailand Co Ltd
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM Sverige
 
WebSphere Integration User Group 13 July 2015 : DataPower session
WebSphere Integration User Group 13 July 2015 : DataPower sessionWebSphere Integration User Group 13 July 2015 : DataPower session
WebSphere Integration User Group 13 July 2015 : DataPower sessionHugh Everett
 
Oracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracleIDM
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
 
Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1OracleIDM
 
Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.sflynn073
 
SwiftKnowledge Multitenancy
SwiftKnowledge MultitenancySwiftKnowledge Multitenancy
SwiftKnowledge MultitenancyPivotLogix
 
5 reasons your iam solution will fail
5 reasons your iam solution will fail5 reasons your iam solution will fail
5 reasons your iam solution will failIBM Security
 
Technet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager PresentationTechnet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager Presentationjasonlan
 
2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Servicesssphelps
 
Data power use cases
Data power use casesData power use cases
Data power use casessflynn073
 
Cyberoam ssl vpn_management_guide
Cyberoam ssl vpn_management_guideCyberoam ssl vpn_management_guide
Cyberoam ssl vpn_management_guidesupport_cyberoam
 
SkypeShield - Securing Skype for Business
SkypeShield - Securing Skype for BusinessSkypeShield - Securing Skype for Business
SkypeShield - Securing Skype for BusinessYoav Crombie
 
Datapower Steven Cawn
Datapower Steven CawnDatapower Steven Cawn
Datapower Steven CawnValeri Illescas
 
2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Servicesssphelps
 
2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech ServicesSEdwardPhelps
 

Mais conteúdo relacionado

Mais procurados

Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Krystel Hery
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012gaborvodics
 
Open day competenze digitali boverino v-mware intro
Open day competenze digitali boverino v-mware introOpen day competenze digitali boverino v-mware intro
Open day competenze digitali boverino v-mware introRedazione InnovaPuglia
 
Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM DatapowerSigortam.net
 
Hitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Systems, Inc.
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM Sverige
 
WebSphere Integration User Group 13 July 2015 : DataPower session
WebSphere Integration User Group 13 July 2015 : DataPower sessionWebSphere Integration User Group 13 July 2015 : DataPower session
WebSphere Integration User Group 13 July 2015 : DataPower sessionHugh Everett
 
Oracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracleIDM
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
 
Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1OracleIDM
 
Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.sflynn073
 
SwiftKnowledge Multitenancy
SwiftKnowledge MultitenancySwiftKnowledge Multitenancy
SwiftKnowledge MultitenancyPivotLogix
 
5 reasons your iam solution will fail
5 reasons your iam solution will fail5 reasons your iam solution will fail
5 reasons your iam solution will failIBM Security
 
Technet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager PresentationTechnet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager Presentationjasonlan
 
2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Servicesssphelps
 
Data power use cases
Data power use casesData power use cases
Data power use casessflynn073
 
Cyberoam ssl vpn_management_guide
Cyberoam ssl vpn_management_guideCyberoam ssl vpn_management_guide
Cyberoam ssl vpn_management_guidesupport_cyberoam
 
SkypeShield - Securing Skype for Business
SkypeShield - Securing Skype for BusinessSkypeShield - Securing Skype for Business
SkypeShield - Securing Skype for BusinessYoav Crombie
 

Mais procurados (19)

Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02Datapowercommonusecases 130509114200-phpapp02
Datapowercommonusecases 130509114200-phpapp02
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012
 
Open day competenze digitali boverino v-mware intro
Open day competenze digitali boverino v-mware introOpen day competenze digitali boverino v-mware intro
Open day competenze digitali boverino v-mware intro
 
Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM Datapower
 
Hitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and Technology
 
IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Security Portfolio - 2015
IBM Security Portfolio - 2015
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and Trends
 
WebSphere Integration User Group 13 July 2015 : DataPower session
WebSphere Integration User Group 13 July 2015 : DataPower sessionWebSphere Integration User Group 13 July 2015 : DataPower session
WebSphere Integration User Group 13 July 2015 : DataPower session
 
Oracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcastOracle_Cisco identity platform approach_webcast
Oracle_Cisco identity platform approach_webcast
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and Security
 
Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1
 
Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.Common DataPower use cases, incl Caching with XC-10 appliance.
Common DataPower use cases, incl Caching with XC-10 appliance.
 
SwiftKnowledge Multitenancy
SwiftKnowledge MultitenancySwiftKnowledge Multitenancy
SwiftKnowledge Multitenancy
 
5 reasons your iam solution will fail
5 reasons your iam solution will fail5 reasons your iam solution will fail
5 reasons your iam solution will fail
 
Technet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager PresentationTechnet System Center Mobile Device Manager Presentation
Technet System Center Mobile Device Manager Presentation
 
2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services
 
Data power use cases
Data power use casesData power use cases
Data power use cases
 
Cyberoam ssl vpn_management_guide
Cyberoam ssl vpn_management_guideCyberoam ssl vpn_management_guide
Cyberoam ssl vpn_management_guide
 
SkypeShield - Securing Skype for Business
SkypeShield - Securing Skype for BusinessSkypeShield - Securing Skype for Business
SkypeShield - Securing Skype for Business
 

Semelhante a Soa security2

2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Servicesssphelps
 
2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech ServicesSEdwardPhelps
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud ApplicationsIBM Security
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower securityShiu-Fun Poon
 
Identiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingIdentiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingJoshuaCiccone2
 
IBM MobileFirst Reference Architecture 1512 v3 2015
IBM MobileFirst Reference Architecture 1512 v3 2015IBM MobileFirst Reference Architecture 1512 v3 2015
IBM MobileFirst Reference Architecture 1512 v3 2015Sreeni Pamidala
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
Contextual Security and Application Control for Virtualized Desktops
Contextual Security and Application Control for Virtualized DesktopsContextual Security and Application Control for Virtualized Desktops
Contextual Security and Application Control for Virtualized DesktopsIvanti
 
IBM Security Identity & Access Manager
IBM Security Identity & Access ManagerIBM Security Identity & Access Manager
IBM Security Identity & Access ManagerIBM Sverige
 
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Codit
 
Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Shahar Geiger Maor
 
Rapidly develop secure mobile apps with IBM MobileFirst on Bluemix Containers
Rapidly develop secure mobile apps with IBM MobileFirst on Bluemix ContainersRapidly develop secure mobile apps with IBM MobileFirst on Bluemix Containers
Rapidly develop secure mobile apps with IBM MobileFirst on Bluemix ContainersAjay Chebbi
 
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...IBM Security
 
Application_security_Strategic
Application_security_StrategicApplication_security_Strategic
Application_security_StrategicRamesh VG
 
Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3Ricardo Resnik
 

Semelhante a Soa security2 (20)

Datapower Steven Cawn
Datapower Steven CawnDatapower Steven Cawn
Datapower Steven Cawn
 
2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services
 
2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services2011 09 19 Radiss Tech Services
2011 09 19 Radiss Tech Services
 
Securing Your Cloud Applications
Securing Your Cloud ApplicationsSecuring Your Cloud Applications
Securing Your Cloud Applications
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower security
 
Identiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingIdentiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffing
 
IBM MobileFirst Reference Architecture 1512 v3 2015
IBM MobileFirst Reference Architecture 1512 v3 2015IBM MobileFirst Reference Architecture 1512 v3 2015
IBM MobileFirst Reference Architecture 1512 v3 2015
 
Information Security
Information SecurityInformation Security
Information Security
 
Contextual Security and Application Control for Virtualized Desktops
Contextual Security and Application Control for Virtualized DesktopsContextual Security and Application Control for Virtualized Desktops
Contextual Security and Application Control for Virtualized Desktops
 
Lecture31.ppt
Lecture31.pptLecture31.ppt
Lecture31.ppt
 
IBM Security Identity & Access Manager
IBM Security Identity & Access ManagerIBM Security Identity & Access Manager
IBM Security Identity & Access Manager
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
 
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
 
Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)Cloud Security for Startups - From A to E(xit)
Cloud Security for Startups - From A to E(xit)
 
Rapidly develop secure mobile apps with IBM MobileFirst on Bluemix Containers
Rapidly develop secure mobile apps with IBM MobileFirst on Bluemix ContainersRapidly develop secure mobile apps with IBM MobileFirst on Bluemix Containers
Rapidly develop secure mobile apps with IBM MobileFirst on Bluemix Containers
 
Lecture5
Lecture5Lecture5
Lecture5
 
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
 
Application_security_Strategic
Application_security_StrategicApplication_security_Strategic
Application_security_Strategic
 
Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3Mp company overview 2014 0214 version 3
Mp company overview 2014 0214 version 3
 

Mais de wardell henley

RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfwardell henley
 
Landscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfLandscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfwardell henley
 
Facets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfFacets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfwardell henley
 
self_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfself_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfwardell henley
 
Itil a guide to cab meetings pdf
Itil a guide to cab meetings pdfItil a guide to cab meetings pdf
Itil a guide to cab meetings pdfwardell henley
 
9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmpwardell henley
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paperwardell henley
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingwardell henley
 
213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmenwardell henley
 
Cissp chapter-05ppt178
Cissp chapter-05ppt178Cissp chapter-05ppt178
Cissp chapter-05ppt178wardell henley
 
Enterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securityEnterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securitywardell henley
 
3 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp013 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp01wardell henley
 
Splunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardsSplunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardswardell henley
 
Ms app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguideMs app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguidewardell henley
 
IBM enterprise Content Management
IBM enterprise Content ManagementIBM enterprise Content Management
IBM enterprise Content Managementwardell henley
 
5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaperwardell henley
 

Mais de wardell henley (20)

RP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdfRP_Patch_Management_S508C.pdf
RP_Patch_Management_S508C.pdf
 
mita_overview.pdf
mita_overview.pdfmita_overview.pdf
mita_overview.pdf
 
Landscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdfLandscape_Medicaid_Healthcare_Information_Technology.pdf
Landscape_Medicaid_Healthcare_Information_Technology.pdf
 
Facets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdfFacets Overview and Navigation User Guide.pdf
Facets Overview and Navigation User Guide.pdf
 
self_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdfself_inspect_handbook_nisp.pdf
self_inspect_handbook_nisp.pdf
 
Itil a guide to cab meetings pdf
Itil a guide to cab meetings pdfItil a guide to cab meetings pdf
Itil a guide to cab meetings pdf
 
Mn bfdsprivacy
Mn bfdsprivacyMn bfdsprivacy
Mn bfdsprivacy
 
9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp9 150928065812-lva1-app6892 gmp
9 150928065812-lva1-app6892 gmp
 
It security cert_508
It security cert_508It security cert_508
It security cert_508
 
15466 mba technology_white_paper
15466 mba technology_white_paper15466 mba technology_white_paper
15466 mba technology_white_paper
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_training
 
213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen213946 dmarc-architecture-identifier-alignmen
213946 dmarc-architecture-identifier-alignmen
 
Cissp chapter-05ppt178
Cissp chapter-05ppt178Cissp chapter-05ppt178
Cissp chapter-05ppt178
 
Enterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20securityEnterprise%20 security%20architecture%20 %20business%20driven%20security
Enterprise%20 security%20architecture%20 %20business%20driven%20security
 
3 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp013 securityarchitectureandmodels-120331064706-phpapp01
3 securityarchitectureandmodels-120331064706-phpapp01
 
Splunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandardsSplunk 7.2.3-security-hardeningstandards
Splunk 7.2.3-security-hardeningstandards
 
Ms app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguideMs app 1.5.1-msinfra-bestpracticesguide
Ms app 1.5.1-msinfra-bestpracticesguide
 
IBM enterprise Content Management
IBM enterprise Content ManagementIBM enterprise Content Management
IBM enterprise Content Management
 
oracle EBS
oracle EBSoracle EBS
oracle EBS
 
5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Último (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Soa security2

  • 1. ® IBM Software Group © 2004 IBM Corporation Integrated Security Architecture James Andoniadis IBM Canada
  • 2. IBM Software Group | Tivoli software CEO View: Increased Collaboration Brings Rewards
  • 3. IBM Software Group | Tivoli software Layers of security Perimeter Defense Keep out unwanted with • Firewalls • Anti-Virus • Intrusion Detection, etc.Perimeter Defense Control Layer Assurance Layer Control Layer • Which users can come in? • What can users see and do? • Are user preferences supported? • Can user privacy be protected? Assurance Layer • Can I comply with regulations? • Can I deliver audit reports? • Am I at risk? • Can I respond to security events?
  • 4. IBM Software Group | Tivoli software Pre SOA Security: Enforcement & Decision Points Access Enforcement Functionality (AEF) Access Decision Functionality (ADF)
  • 5. IBM Software Group | Tivoli software Directory Management View Web Access Control Network Access Control Customer Employee Transactional Web Presentation Informational Web Presentation Certificate Status Responder External Directory Transactional Web Integration External SMTP Gateway Internal SMTP Gateway Network Dispatcher Delegated User Management Internal ePortal, LDAP- enabled apps Single Sign On Application Access Control Network Authentication & Authorization Internal Directory LOB Applications Databases Application Directory Network Operating Systems Identity Management Certifcate Authority Web Single Sign On Messaging CRM/ ERP (PeopleSoft) Meta-Directory LDAP Directory Proxy External ePortal
  • 6. IBM Software Group | Tivoli software Identity and Access Management Portfolio Apps/Email UNIX/Linux NOS Databases & Applications MF/Midrange Identity Stores HRCRM, Partners Security Mgmt Objects ITIM: Provisioning • Policies • Workflow • Password Self-service • Audit trails W eb Applications Enterprise Directory •Personal Info •Credentials •Entitlements ITFIM: Federated Identity Web Services Security Portal Presentation Personalization ITAM: Web Access Management SSO, Authentication, Authorization ITDI Directory Integration ITDS Directory Server TAM for ESSO
  • 7. IBM Software Group | Tivoli software
  • 8. IBM Software Group | Tivoli software Governments as Identity Providers “TRUST provides ACCESS” The United States is an “Identity Provider” because it issues a Passport as proof of identification USA Vouches for its Citizens Users Users Germany:Identity Provider Users USA:Identity Provider China:Identity Provider
  • 9. IBM Software Group | Tivoli software Roles: Identity Provider and Service Provider 1. Issues Network / Login credentials 2. Handles User Administration/ ID Mgmt 3. Authenticates User 4. “Vouches” for the user’s identity Service Provider controls access to services Third-party user has access to services for the duration of the federation Only manages user attributes relevant to SP Identity Provider “Vouching” party in transaction “Validation” party in transaction Service Provider Mutual TRUST
  • 10. IBM Software Group | Tivoli software Federated Identity Standards
  • 11. IBM Software Group | Tivoli software Agenda  Enterprise Security Architecture – MASS Intro  Identity, Access, and Federated Identity Management  SOA Security
  • 12. IBM Software Group | Tivoli software Custom Application Packaged Application Packaged Application Custom Application consumers business processes process choreography services atomic and composite ServiceConsumerServiceProvider 11 22 33 44 55 OO ApplicationCustom ApplicationOutlook SAP Custom Application business processes process choreography Services (Definitions) atomic and composite Service components ServiceConsumerServiceProvider 11 22 33 44 55 OO ApplicationISV Custom Apps Platform Operational systems Supporting Middleware MQ DB2Unix OS/390 SOA Security Encompass all Aspects of Security SOA Security  Identity  Authentication  Authorization  Confidentiality, Integrity  Availability  Auditing & Compliance  Administration and Policy Management SCA Portlet WSRP B2B Other
  • 13. IBM Software Group | Tivoli software Message-based Security : End-to-End Security  Message-based security does not rely on secure transport  message itself is encrypted  message privacy  message itself is signed  message integrity  message contains user identity  proof of origin HTTPS HTTPS SOAP Message Connection Integrity/Privacy Connection Integrity/Privacy ?
  • 14. IBM Software Group | Tivoli software Web Service Security Specifications Roadmap WSS – SOAP SecurityWSS – SOAP Security SecuritySecurity PolicyPolicy SecureSecure ConversationConversation TrustTrust FederationFederation PrivacyPrivacy AuthorizationAuthorization SOAP MessagingSOAP Messaging
  • 15. IBM Software Group | Tivoli software SOAP Message Security: Extensions to Header  SOAP Header allows for extensions  OASIS standard “WS-Security: SOAP Message Security”  defines XML for Tokens, Signatures and Encryption  defines how these elements are included in SOAP Header Envelope Body Header <application data> Security Element Security Token Signature Encrypted Data Security Element
  • 16. IBM Software Group | Tivoli software Security Drill Down Transport Layer Security SSL/TLS Termination 1st Layer Message Security  Signature Validation/ Origin Authentication Message Level Decryption 2nd Layer Message Security  Requestor Identification & Authentication & Mapping Element Level Decryption Application Security (Authorization with ESB asserted identifier) Security Policy Security Token Service Key Store, Management Authorization Nth Layer Message Security  Requestor Identification & Authentication & Mapping  Message Level Encryption
  • 17. IBM Software Group | Tivoli software SOAP Moving to SOA – Accommodate Web Services HTTP
  • 18. IBM Software Group | Tivoli software SOAP Moving to SOA – Accommodate Web Services Transport Layer Confidentiality Integrity Transport Layer Confidentiality Integrity HTTP User Interaction Based I&A Enforcement Identification & Authentication Decisions Token Based Authentication Enforcement Identity Mapping Message Layer Confidentiality Integrity
  • 19. IBM Software Group | Tivoli software Moving to SOA, Adding the ESB… (Mandatory Scary Picture) Common Auditing & Reporting Service Tivoli Federated Identity Manager Tivoli Access Manager H/W: DataPower XS40 S/W: WebSphere Web Svs. G/W S/W: Tivoli Access Manager Reverse Proxy/Web PI TivoliDirectoryServer WebSphere Enterprise Service Bus DP XI50 TFIM,TAM TFIM TFIM TFIM TAMTAM
  • 20. IBM Software Group | Tivoli software Further Reading  On Demand Operating Environment: Security Considerations in an Extended Enterprise http://publib-b.boulder.ibm.com/abstracts/redp3928.html?Open  Web Services Security Standards, Tutorials, Papers http://www.ibm.com/developerworks/views/webservices/standards.jsp http://www.ibm.com/developerworks/views/webservices/tutorials.jsp http://webservices.xml.com/  Websphere Security Fundamentals / WAS 6.0 Security Handbook http://www.redbooks.ibm.com/redpieces/abstracts/redp3944.html?Open http://www.redbooks.ibm.com/redpieces/abstracts/sg246316.html?Open  IBM Tivoli Product Home Page http://www.ibm.com/software/tivoli/solutions/security/
  • 21. IBM Software Group | Tivoli software Summary  End-to-end Security Integration is complex  Web Services and SOA security are emerging areas Moving from session level security to message level security  Identity Management incorporates several security services, but other security services need to be integrated as well Audit and Event Management, Compliance and Assurance Etc.  Security technology is part – process, policy, people are the others and often harder to change  Only Constant is Change, but evolve around the fundamentals Establish separation of application and security management Use of open standards will help with integration of past and future technologies
  • 22. IBM Software Group | Tivoli software Questions?
  • 23. IBM Software Group | Tivoli software Security 101 Definitions  Authentication - Identify who you are  Userid/password, PKI certificates, Kerberos, Tokens, Biometrics  Authorization – What you can access  Access Enforcement Function / Access Decision Function  Roles, Groups, Entitlements  Administration – Applying security policy to resource protection  Directories, administration interfaces, delegation, self-service  Audit – Logging security success / failures  Basis of monitoring, accountability/non-repudiation, investigation, forensics  Assurance – Security integrity and compliance to policy  Monitoring (Intrusion Detection, AntiVirus, Compliance), Vulnerability Testing  Asset Protection  Data Confidentiality, Integrity, Data Privacy  Availability  Backup/recovery, disaster recovery, high availability/redundance
  • 24. IBM Software Group | Tivoli software Agenda  Enterprise Security Architecture – MASS Intro  Identity, Access, and Federated Identity Management  SOA Security
  • 25. IBM Software Group | Tivoli software MASS – Processes for a Security Management Architecture
  • 26. IBM Software Group | Tivoli software Access Control Subsystem Purpose:  Enforce security policies by gating access to, and execution of, processes and services within a computing solution via identification, authentication, and authorization processes, along with security mechanisms that use credentials and attributes. Functions:  Access control monitoring and enforcement: Policy Enforcement Point/Policy Decision Point/ Policy Administration Point  Identification and authentication mechanisms, including verification of secrets, cryptography (encryption and signing), and single-use versus multiple-use authentication mechanisms  Authorization mechanisms, to include attributes, privileges, and permissions  Enforcement mechanisms, including failure handling, bypass prevention, banners, timing and timeout, event capture, and decision and logging components Sample Technologies:  RACF, platform/application security, web access control
  • 27. IBM Software Group | Tivoli software Identity and Credential Subsystem Purpose:  Generate, distribute, and manage the data objects that convey identity and permissions across networks and among the platforms, the processes, and the security subsystems within a computing solution. Functions:  Single-use versus multiple-use mechanisms, either cryptographic or non- cryptographic  Generation and verification of secrets  Identities and credentials to be used in access control: identification, authentication, and access control for the purpose of user-subject binding  Credentials to be used for purposes of identity in legally binding transactions  Timing and duration of identification and authentication  Lifecycle of credentials  Anonymity and pseudonymity mechanisms Sample Technologies:  Tokens (PKI, Kerberos, SAML), User registries (LDAP,AD,RACF,…), Administration consoles, Session management
  • 28. IBM Software Group | Tivoli software Information Flow Control Subsystem Purpose:  Enforce security policies by gating the flow of information within a computing solution, affecting the visibility of information within a computing solution, and ensuring the integrity of information flowing within a computing solution. Functions:  Flow permission or prevention  Flow monitoring and enforcement  Transfer services and environments: open or trusted channel, open or trusted path, media conversions, manual transfer, and import to or export between domain  Encryption  Storage mechanisms: cryptography and hardware security modules Sample Technologies:  Firewalls, VPNs, SSL
  • 29. IBM Software Group | Tivoli software Security Audit Subsystem Purpose:  Provide proof of compliance to the security policy. Functions:  Collection of security audit data, including capture of the appropriate data, trusted transfer of audit data, and synchronization of chronologies  Protection of security audit data, including use of time stamps, signing events, and storage integrity to prevent loss of data  Analysis of security audit data, including review, anomaly detection, violation analysis, and attack analysis using simple heuristics or complex heuristics  Alarms for loss thresholds, warning conditions, and critical events Sample Technologies:  syslog, application/platform access logs
  • 30. IBM Software Group | Tivoli software Solution Integrity Subsystem Purpose:  address the requirement for reliable and correct operation of a computing solution in support of meeting the legal and technical standard for its processes Functions:  Physical protection for data objects, such as cryptographic keys, and physical components, such as cabling, hardware, and so on  Continued operations including fault tolerance, failure recovery, and self-testing  Storage mechanisms: cryptography and hardware security modules  Accurate time source for time measurement and time stamps  Alarms and actions when physical or passive attack is detected Sample Technologies:  Systems Management solutions - performance, availability, disaster recovery, storage management  Operational Security tools: , Host and Network Intrusion Detection Sensors (Snort), Event Correlation tools, Host security monitoring/enforcement tools (Tripwire, TAMOS), Host/Network Vulnerability Monitors/Scanners (Neesus), Anti-Virus software
  • 31. IBM Software Group | Tivoli software On Demand SolutionsOn Demand Solutions On Demand Infrastructure – Services and Components Network Security Solutions (VPNs, firewalls, intrusion detection systems) On Demand Infrastructure – OS, application, network component logging and security events logging; event management; archiving; business continuity Policy Management (authorization, privacy, federation, etc.) Identity Management Key Management Intrusion Defense Anti-Virus Management Audit & Non- Repudiation AssuranceAuthorizationIdentity Federation Credential Exchange Secure Networks and Operating Systems SecureLogging TrustModel Bindings Security and Secure Conversation (transport, protocol, message security) Security Policy Expression Privacy Policy Virtual Org Policies Mapping Rules Service/End- point Policy On Demand Security InfrastructureOn Demand Security Infrastructure On Demand Security Architecture (Logical)

Notas do Editor

  1. With current enterprise practices: High cost to operating the Control Layer Poor security from ineffective control layer High systems development costs
  2. The Security Enforcement Service (SES) is the “services” view of the commonly used “Policy Enforcement Point”/”Access Enforcement Functionality” (PEP, AEF) defined by ISO. This service is responsible for enforcing the decisions made by the SDS and thus allowing/disallowing access to resources based on these decisions. The Security Decision Service (SDS) is the “services” view of the commonly used “Policy Decision Point”/”Access Decision Functionality” (PDP, ADF) defined by ISO. This service is responsible for making the access control decisions based on information provided by the SES. Typically these decisions are of the form “can user X access resource Y in manner Z”, which translates to examples such as “Can Joe Read File A?”. These decisions may be richer than described, including information such sa time of day, requestor’s IP address, or even the contents of the request (“Transfer $10,000 from an account with a balance of $200 INTO an account with a balance of $50).
  3. Reality: IDC estimates that the average enterprise has 150+ directories Every application uses a directory, all are disparate, but have dependancies A SINGLE Enterprise LDAP directory is not a reality: Each application has its own varying degrees of proprietary/openess – externalization of attribues, sharing, etc. Dependancies among directories: employee/partner/customer information, passwords Authoritative sources – user profile is made up from various sources – HR, email, business apps Multiple organizations manage Varying levels of security requirements Desired Environment: A balanced federated directory model, managed under a common set of processes, tools and organizational governance Consolidate where possible, understand what directories and uses of directories, manage at appropriate level
  4. Need an example that describes the “multiple Identity Issues” Imagine a world where every country issues Passports for every person visiting that country. That would be chaotic. Countries would end up administering passports for non-authoritative users.
  5. Within a federation, organizations play one or both of two roles: identity provider and/or service provider. Identity Provider: The identity provider (IdP) is the authoritative site responsible for authenticating an end user and asserting an identity for that user in a trusted fashion to trusted partners. The identity provider is responsible for account creation, provisioning, password management, and general account management and also acts as a collection point or client to trusted identity providers. . Service Provider: Those partners who offer services but do not act as identity providers are known as service providers. The service provider (SP) relies on the IdP to assert information about a user, leaving the SP to manage only those user attributes that are relevant to the SP. Looking back at our earlier example of IBM and Hewitt: IBM would be the identity provider, they are asserting the identity of an IBM employee to Hewitt Hewitt would be the service provider. There service is the savings plan/401k management
  6. Managing the SOA Security includes: Identity Services Authentication Services Consistent authorization across the infrastructure components (policy managed based on a single decision point implementing authorization across layers) Auditing &amp; Compliance to security policy Trust/Map identities between various security sub-systems Confidentiality, Integrity and Availability Administration and Policy Management
  7. The lock on the SOAP Message is meant to imply that the SOAP message is inherently secure in and of itself. The SOAP message can be transported in any way and its security is not affected. The SOAP message could be sent as an e-mail attachment, carried on a floppy-disk, etc, and the properties of privacy, integrity, proof of origin are not affected. In contrast, the security of a message that relies on transport security is exposed when that transport security has “gaps” – as would occur when multiple SSL hops are required to move the message from the origin to the ultimate receiver. The gaps in the transport security may or may not be an issue – depending on the trust assigned to the nodes that provide the transport compared to the trust required for the message.
  8. The full title of the SOAP message security specification is “Web Services Security: SOAP Message Security 1.0”, and it can be found at http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf This standard defines a set of SOAP extensions that provide the ability to: send security tokens as part of a message, include an XML Digital Signature as part of a message, encrypt all or part of the message using XML Encryption These elements can be used to achieve “message-based security” for a SOAP message. That is, the message in and of itself is tamper-proof and confidental. The origin of the message is provided by the Token Element. Any change to the message will cause the signature validation to fail so content integrity is provided. An observer of the message cannot read it if it is encrypted, providing message privacy. The Oasis page for Web Service Security in general is http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss
  9. NOTES: TRANSPORT LAYER/EDGE SECURITY This is an “optional” component. There will be pressure to use XML FW/GW as the transport layer edge termination (among other things, they do have slick acceleration capabilities). However, many customers will already have an edge termination component and won’t willingly give it up XML FW/GW (aka DataPower) While this can do message layer functionality, it typically won’t be able to handle any element level decryption (not allowed to, as opposed to not capable of). The component will typically “authenticate” based on the certificate that is included with the request and used as part of signature validation. This may well not represent the actual requestor (think sales clerk placing order versus outbound SOAP gateway at sales clerk’s company) ESB Additional tokens for identification and authentication can be handled within ESB (need as part of routing a message, user is gold/silver, for example, in addition to security type decisions, silver not authorized to request upgrades online) APPLICATION Receives requestor’s identity from ESB (eg asserted over TAI in a WAS environment) and uses this for local, application based authorization decisions Note that XML FW/GW, ESB will communicate with security services using WS-Trust, in the guise of token functionality (token validation mainly, but also the ability to extract an identity and map it appropriately for use by component) Application may use WS-Trust but this is a lot less likely (cause it means that App is getting a web services request and knows how to deal with it) but will often, through things like JACC providers, access third-party/external security services. Security services can provide all sorts of functionality. This is a “grab bag” box, to indicate that we typically want a consolidated provider/container for security policy, token functionality, key management, authorization, etc.
  10. MASS – Method for Architecting Secure Solutions Based on Common Criteria requirements, terminology, a methodology for enumeration of security services applied to a given system architecture