• Like
  • Save
Identity Centric Architecture Aligning SOA with NGN
Upcoming SlideShare
Loading in...5
×
 

Identity Centric Architecture Aligning SOA with NGN

on

  • 1,145 views

 

Statistics

Views

Total Views
1,145
Views on SlideShare
1,143
Embed Views
2

Actions

Likes
0
Downloads
3
Comments
0

1 Embed 2

http://www.slideshare.net 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Identity Centric Architecture Aligning SOA with NGN Identity Centric Architecture Aligning SOA with NGN Presentation Transcript

    • Identity Centric Architecture Aligning SOA with NGN Rakesh Radhakrishnan August 29, 2007 Liberty Alliance Webcast Series http://identity-centric-architecture.blogspot.com/ Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 1 Sun Microsystems, Inc. Proprietary & Confidential
    • Agenda Topics • Identity enabled Sensor Networks • Identity enabled Programmable Networks • Identity enabled WiMAX & Wifi Networks • Identity enabled IMS Network and Network Services • Identity enabled Enterprise Networks (NAC) • Identity enabled IN Services • Identity enabled OAM&P Services (IPSF/ITSM) • Identity enabled Web Services • Identity enabled ESB Services • Identity enabled DRM Services • Identity enabled ILM • Identity enabled User Centric Microsystems, Inc. Sun Services Proprietary & Confidential Internal Use ONLY 2 Sun Microsystems, Inc. Proprietary & Confidential
    • 9 Pain Points (Mobility with Security) - 9 Pain Points to addresses Mobility for SOA – Seamless Integration of different Access Networks – Secure and Controlled integration of external SP – Integrated registration and customer service support – Common view of the static and dynamic data of the customer – Access control and content filtering – Flexible and convergent charging – Integrated environment for VAS development and management – Integrated environment for multi-device support – Management of internal and external content and DRM policy support Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 3 Sun Microsystems, Inc. Proprietary & Confidential
    • 9 Step Process (Mobility with Security) - Step 1: Reputation - Step 2: Rigid Authentication - Step 3: Random numbers/token generation - Step 4: Roles - Roles based Access Control (RBAC) - Step 5: Rules - Step 6: Resources - Step 7: Relationship - Step 8: Regulation - Step 9: Real-time Observe-ability Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 4 Sun Microsystems, Inc. Proprietary & Confidential
    • • Reputation & Rigid AuthN AuthN Confident- iality • Relationship. Integrity • Random No= Regulation and RT Token Trust Identity Distributed Relationships, System Session, Auditing and AuthN RT visual Session, • Roles, Rules and restrictions Resources Includes fine grain rights mgmt, aligned AuthZ Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 5 Sun Microsystems, Inc. Proprietary & Confidential
    • Vertical Integration User & Device Centric IDS User ID & Profile Device ID & Profile User & Device specific Policies Access & Sensor Network IDS AM Agents for Wifi, WiMAX, BPL, Cable head end, xDSL, RFID/EPC & more Core & Federated Network IDS FM integration with OAM, NG IN, HSS, HLR, NAC, FW & more Content & Service Centric IDS Integration with Service Registry Repository, ESB, DRM, Service specific Policies, & more. Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 6 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled Sensor Networks Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 7 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled Sensor Networks • Connecting Business at the edge • Solution for Warehouse Management • Solution for Physical Asset Tracking • Solution for Drug authentication • Solution for Transportation and Distribution • Solution for Retail Sales • Logical and Physical Authentication • Logical and Physical Authorization & Access Control • Sizzle and ECC enabled Containers • Correlating RFID with product profiles • Product Authentication Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 8 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled Programmable Networks Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 9 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled Programmable Networks • Programmable Active Grid Networks • Virtualized Systems & Resources • Provision-able Services & Software • Provisionally Compute, bandwidth and storage resource • System Service Container • Utility Model • Trusted Network Computing (TCG standard) • Encryption to devices (compute and storage) Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 10 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled Wireless Networks (Wifi/Wimax/4G) Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 11 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled Wireless Networks (Wifi/Wimax) • Integrated Wifi Access Controllers • Integrated with WiMAX base stations • Access Manager's support for RADIUS • AAA Services (replaced with ID/NAC) • One IDP for 20 WiMAX base stations that is part of a Mesh (or a Wifi Mesh) • Applicable to BPL as well (broadband over power line • Connectivity after Authentication (Boingo) Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 12 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled IMS Networks/Network Services Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 13 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled IMS Networks/Network Services • Loose Integration with HSS • HSS could potentially extent to WiMax/4G • Broad NEP Support • Federation and SSO • Integrated Provisioning, SEM and Auditing • ID enabled IMS Services (location, presence, etc.) • Integrated with Telecom SOA & Web Services Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 14 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled Enterprise Networks (NAC) Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 15 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled Enterprise Networks (NAC) • Industry Support (CTO) Sean Convery, Identity Engines, Paul Sangster, Symantec, Sanjay Uppal, Caymas Systems, Robin Matherus, Oracle & Jeff Prince, ConSentry Networks • Weave together the application and network layers of corporate networks • Trusted Network Technologies • Machine AC and User AC • NAP and NAC (access protection and admission control) • Pre-admission to the network (patch levels, anti-virus and spyware detection) • Replaces RADIUS and AAA Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 16 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled NG IN Services Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 17 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled NG IN Services • SLEE Container Integration • SBB lookups • JEE Container Integration • Common Security Framework • NG IN Services are device and network agnostic • Device Identities as well (TS 69) • Integrated IN Services (3G, wireline, IP, etc.) • Location, Presence, etc., are NG IN Services Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 18 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled OAM&P Services Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 19 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled OAM&P Services • OSS/J Services run on JEE Containers • Additional Modules -PAM • Federation • Session Centric Policies • Manage the Control Plane and the Service Plane • Adopted by NEP's • Integrates with RADIUS, Tacacs, AAA, etc. • Usefull for Outsourcing Models (OAM outsourcing) Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 20 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled ESB Services Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 21 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled ESB Services • Linking Service Registries • Federation for Choreography • QOS Policies • Authentication Levels • Secure Service Broker-ing • JSR 196 Support • Aligning Identity life-cycle with Service lifecycle • Service Orchestration Aligning with Policy Execution Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 22 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled DRM Services Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 23 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled DRM Services • Inter-operable user centric DRM leverages an IDP • Federation for DRM • Content to Service agnostic • Device and Access Network agnostic • Important for IPTV and VOD services • Disintermediation • Adoption by AT&T (SBC) in the US • Proposed at ATIS • Potential for leveraging XACML 3.x Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 24 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled ILM Services Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 25 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled ILM Services • Harnessing Data Sprawl • Common Anchor of Intelligence (Identity) • Tighter Control makes information accessible • Identity Aware Data • Foundation for ID enabled SOA • Meta Layer – OMG's MDA Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 26 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled UC ID Services Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 27 Sun Microsystems, Inc. Proprietary & Confidential
    • Identity enabled UC ID Services • In the Identity 2.0 space • SXIP, DIX, LID, OpenID, OpenSSO, I-names and more • user centric, • XRI/XDI or URI based, • Distributed identity system for the developer community. • Industry specific identity initiatives as well - such as E-NUM for Telco, E-HR for Healthcare, and more that uses unique identifiers and industry specific profile (identity schema) • Identity discovery services such as YADIS • Ruby in Rails on Web Containers for OpenID • OpenID as a SAML assertion Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 28 Sun Microsystems, Inc. Proprietary & Confidential
    • Vertical Integration of ID Services and Systems Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 29 Sun Microsystems, Inc. Proprietary & Confidential
    • Vertical Integration • Device Centric IDS • User Centric IDS • Access Network Centric IDS • Control Network Centric IDS • Enterprise Network Centric IDS (NAC, etc,) • Service Centric IDS • Information/Data Centric IDS • Content Centric IDS (DRM) • And more. Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 30 Sun Microsystems, Inc. Proprietary & Confidential
    • Vertical Integration • Profile Services • About users (profile and reputation) • About Services (profile and behaviours) • About Devices (profile and context) • About content (profile and drm) • About data (meta-data and ilm) •This intelligence actually need not be SILO'd, it can be integrated through; -consolidation (virtual mapping), -federation (linking), -correlation (linking based on policies), -aggregation (using it as a core reusable SBB/IDSP within an EA), and, Sun Microsystems, Inc. -trailing (indexing), xri, etc. Internal Use ONLY& Confidential Proprietary & Confidential Sun Microsystems, Inc. Proprietary 31
    • Vertical Integration via Standards • TS69 • XRI/XDI • GUP/ENUM • iName/iNumber • SAML, XACML • Federation (liberty) • Trusted Network Computing • OSE • DevID • PubID/ConID • RFID/EP • IPSF and ITSM (for QOSSun Microsystems, Inc. and SLA) • ITU-FG and LibertyMicrosystems, Inc. Proprietary & Confidential Sun Concordia & Confidential Proprietary Internal Use ONLY 32
    • Vertical Integration via Meta Layer • Morpghing into a Multi-M (media/modal/protocol) Meta System - Actividentity for integrating logical and physical asset security with the Identity System. - Approva for integrating, streamlining and automating compliant provisioning processes with the Identity System. - Bridgestream for integrating roles management solution with the Identity System. - Bonsai Networks for integrating Wifi (& Wimax) Service Managers with the Identity System. - Consul for integrating privileged user monitoring and auditing with the Identity System. - Leapstone for integrating Service Brokering and Subscriber information with the Identity System. - Locationnet platform for GIS engine and location application engine integration with the Identity System. - Lucents VOIP platform integration with Identity (& Directory) System. - Mobicents SLEE and other SLEE platforms integration for policies, profiles, etc., with the Identity System. - Passlogix for integrating simplified enterprise & desktop SSO (non web applications) with the Identity System. - Pronto Networks for integrating wireless SDP (service delivery platform) with the Identity System. - Vaau for integrating role engineering, identity auditing and identity certification with the Identity System. - Verimatrix for integrating with OMC DRM via disintermediation (d15n- implied) with the Identity System. - Virsa for integrating continuous compliance and real time insights with the Identity System. - Nominum for Secure Sharing and Managing ENUM profile (iName and iNumber as well) - Layer 7 for integrating with XML firewall – security co-processing with ESB - IDE NetBeans for integrating with a development Microsystems, Inc. Sun tool Proprietary & Confidential 33 - Appium for Profile sharing Internal Use ONLY Sun Microsystems, Inc. Proprietary & Confidential
    • Vertical Integration User & Device Centric IDS User ID & Profile Device ID & Profile User & Device specific Policies Access & Sensor Network IDS AM Agents for Wifi, WiMAX, BPL, Cable head end, xDSL, RFID/EPC & more Core & Federated Network IDS FM integration with OAM, NG IN, HSS, HLR, NAC, FW & more Content & Service Centric IDS Integration with Service Registry Repository, ESB, DRM, Service specific Policies, & more. Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 34 Sun Microsystems, Inc. Proprietary & Confidential
    • Vertical Integration Target State 2008 Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 35 Sun Microsystems, Inc. Proprietary & Confidential
    • Vertical Integration Target State To achieve this target state (as depicted in the picture above) an Identity System (with a the 5 integration models) has to be integrated: ● with the User (the "me") : User Centric Identity Systems (URI/XRI based, extensive profile, preferences and policies -defined by the user); ● with the Access Devices (such as TS69/OMA): Device Centric Identity Systems (for device profile, machine authentication, virus checks, client side fire wall updates, sensory devices, etc.)., ● with the Access Networks (for context, QOS capabilities of access networks, session traversals, mobility, etc.)., ● with the Core Network (for controlled invocation, federation, secure choreography, OAM&P, NG IN, Single Sign-off, auditing, etc.)., ● with the Service Networks (for NAC, RBAC, Service orchestration, ESB, programmable network elements, service profile, context, etc.)., ● and the Content Networks (for disintermediation of DRM, entitlement, content protection, content profile, content context, etc.). Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 36 Sun Microsystems, Inc. Proprietary & Confidential
    • Project Liberty Slides – Business Problem - Structural Changes in the Industry Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 37 Sun Microsystems, Inc. Proprietary & Confidential
    • Project Liberty Slides – Business Problem - Trust, QOE and Secure Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 38 Sun Microsystems, Inc. Proprietary & Confidential
    • Project Liberty Slides – Business Problem - enabler the Business of Government and Enterprise Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 39 Sun Microsystems, Inc. Proprietary & Confidential
    • Project Liberty Slides – Business Problem - Who is Who? What is What? Who gets access to What? Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 40 Sun Microsystems, Inc. Proprietary & Confidential
    • Project Liberty Slides – Business Problem - Aligning with Inter-oprable Standards Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 41 Sun Microsystems, Inc. Proprietary & Confidential
    • Project Liberty Slides – Business Problem - Secure delivery of Content (IPTV, Games, etc.) Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 42 Sun Microsystems, Inc. Proprietary & Confidential
    • Project Liberty Slides – Business Problem - Revenue Flow (access and usage) Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 43 Sun Microsystems, Inc. Proprietary & Confidential
    • Project Liberty Slides – Business Problem - Lack of a Cohesive Contrl Layer Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 44 Sun Microsystems, Inc. Proprietary & Confidential
    • Project Liberty Slides – Business Problem - Seperation of Concerns Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 45 Sun Microsystems, Inc. Proprietary & Confidential
    • Project Liberty Slides Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 46 Sun Microsystems, Inc. Proprietary & Confidential
    • Project Liberty Slides – Business Problem - Convergence Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 47 Sun Microsystems, Inc. Proprietary & Confidential
    • Project Liberty Slides – Business Problem - Leverage Voice as an Application Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 48 Sun Microsystems, Inc. Proprietary & Confidential
    • Project Liberty Slides – Business Problem - Privacy and Policies Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 49 Sun Microsystems, Inc. Proprietary & Confidential
    • Close Sun Microsystems, Inc. Proprietary & Confidential Internal Use ONLY 50 Sun Microsystems, Inc. Proprietary & Confidential