Restful Security Requirements
Post on 27-May-2015
1695 Views
Preview:
DESCRIPTION
Transcript
Web Services SecuritySensorWeb Requirements
Pat Cappelaere
NASA EO-1 Team
1
Definitions
Web Service:
From Wikipedia, the free encyclopedia
It is defined by the W3C as "a software system designed to support interoperable machine-to-machine interaction over a network
It communicates over the HTTP protocol used on the Web. Such services tend to fall into one of two camps: SOAP/WSDL and RESTful Web Services.
Both need to be supported [But our preference is to RESTful WEb Services to reduce cost of implementations/operations]
2
Major RequirementThe RESTFul Way 安らぎの道
3
Scope
Web Services Need To Be Accessible From An Open Network BUT Are Not (necessarily) On The NASA Network
They Are Used To Access Data And/or Assets In A Bi-directional Manner
They May Need To Communicate With Many Communities On A Permanent Or Temporary Basis (Disaster Management)
Some Data To Be Exchanged May Be:
Mostly Public
Some Data May Be For Restricted Dissemination For Some Time Period (60days)
TBD License Agreements
4
Outside Of Scope
Direct Access To NASA Satellite Assets Or Sensitive Data
User Scope: Web 2.0
Web Security Protocol Needs To Be Easy To Implement (Many Users Will Have Low-IT Capabilities)
Target: Web 2.0 Mass Market Accessible
Implementable in Less Than Half a Day By Neo-Geographer
Leverage Existing Web 2.0 Standards As Possible To Lower Cost And Speed Up Acceptance
6
NASADOD
Red CrossSERVIR/CATHALAC
IKHANA
CA Firefighters
SPOT
RCMRD
AFRICOM
NGIT
GMU
JPL
GEOSS
NOAA
USGSMODIS
Users
Services
Sensors
Hubs
SensorWebCollaboration
Challenge
7
Federated Approach
Trust Relationships Between Communities Can Be
Permanent
Temporary (Under Admin Control)
[Permission Policies May Need To Be Exchanged Across Domains]
Local Trust Relationship Must Be Easiliy Discoverable By Local Service Providers
8
Federated Management
Each Community Needs to Manage its Users and Services In a Satisifactory Manner (But Not Necessarily Identitical)
Provide a Recognizable Handle for a User or a Service (passport-like, openid...)
Provide An Accessable Profile for User/Service Attributes
Some attributes may be read-write
User Privacy Issue? User Consent May Be Required To Release Info
9
User Profile
Standard Organizational Profile
Example: http://www.axschema.org/types/
Plus:
One or More Notification URI (SMS, XMPP...)
Roles/Permissions Granted By Organization
Some User Profile Attributes May Need To Be Writeable By Outside Services
DRM/License Agreements...
10
Service Profile
Name / Description...
Main URL Web Page End Point
RSA Public Key
11
Secure Transactions
Data Providers Need To Make Sure That:
Message Transaction Has Not Been Tampered With
Message Has Not Been Playedback
Message Is In The Clear
Message Comes From Valid Service Consumer
Message Comes From Valid User
User Has Proper Permission To Access Specified Security Realm
User Has Delegated Authority To Consumer (Confirmation May be Necessary)
User Has Agreed To Access/License Agreement
12
Problems
NASA
SPS
SOS
WPS
First Responder Dispatch Office
(FRDO)
First Responder: Andy
Consumer
NOAA
GFS Model WeatherNGIT
WPS (Plume)
31: User SSO2: Secure Transactions3: Delegation
13Firewall
Orchestrating Worflow
User Security Management
User Needs To Have One Place To Go To:
Manage Authorized Sites
Manage Grants
Access/Manage Profile Access (Some of the Attributes Only)
Access/Manage Services
14
Max Degree Of Separation
2 1 2
Two Degrees
15
THANK YOUPat G. Cappelaere
Contact Information:
=cappelaerehttp://blog.geobliki.com
Cell:410-340-4868pat@cappelaere.com
16
top related