Restful Security Requirements
Upcoming SlideShare
Loading in...5
×
 

Restful Security Requirements

on

  • 3,308 views

Security Requirements for RESTful Web Services

Security Requirements for RESTful Web Services

Statistics

Views

Total Views
3,308
Views on SlideShare
3,307
Embed Views
1

Actions

Likes
0
Downloads
19
Comments
0

1 Embed 1

http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Restful Security Requirements Restful Security Requirements Presentation Transcript

    • Web Services Security 1 SensorWeb Requirements Pat Cappelaere NASA EO-1 Team
    • 2 Definitions Web Service: From Wikipedia, the free encyclopedia It is defined by the W3C as quot;a software system designed to support interoperable machine-to-machine interaction over a network It communicates over the HTTP protocol used on the Web. Such services tend to fall into one of two camps: SOAP/WSDL and RESTful Web Services. Both need to be supported [But our preference is to RESTful WEb Services to reduce cost of implementations/operations]
    • Major Requirement The RESTFul Way 3
    • 4 Scope Web Services Need To Be Accessible From An Open Network BUT Are Not (necessarily) On The NASA Network They Are Used To Access Data And/or Assets In A Bi-directional Manner They May Need To Communicate With Many Communities On A Permanent Or Temporary Basis (Disaster Management) Some Data To Be Exchanged May Be: Mostly Public Some Data May Be For Restricted Dissemination For Some Time Period (60days) TBD License Agreements
    • Outside Of Scope Direct Access To NASA Satellite Assets Or Sensitive Data
    • 6 User Scope: Web 2.0 Web Security Protocol Needs To Be Easy To Implement (Many Users Will Have Low-IT Capabilities) Target: Web 2.0 Mass Market Accessible Implementable in Less Than Half a Day By Neo-Geographer Leverage Existing Web 2.0 Standards As Possible To Lower Cost And Speed Up Acceptance
    • SERVIR/CATHALAC Red Cross NGIT USGS IKHANA MODIS NASA DOD SPOT GMU SensorWeb Collaboration JPL Challenge AFRICOM GEOSS RCMRD 7 Hubs NOAA Users CA Firefighters Services Sensors
    • 8 Federated Approach Trust Relationships Between Communities Can Be Permanent Temporary (Under Admin Control) [Permission Policies May Need To Be Exchanged Across Domains] Local Trust Relationship Must Be Easiliy Discoverable By Local Service Providers
    • 9 Federated Management Each Community Needs to Manage its Users and Services In a Satisifactory Manner (But Not Necessarily Identitical) Provide a Recognizable Handle for a User or a Service (passport-like, openid...) Provide An Accessable Profile for User/Service Attributes Some attributes may be read-write User Privacy Issue? User Consent May Be Required To Release Info
    • 10 User Profile Standard Organizational Profile Example: http://www.axschema.org/types/ Plus: One or More Notification URI (SMS, XMPP...) Roles/Permissions Granted By Organization Some User Profile Attributes May Need To Be Writeable By Outside Services DRM/License Agreements...
    • 11 Service Profile Name / Description... Main URL Web Page End Point RSA Public Key
    • 12 Secure Transactions Data Providers Need To Make Sure That: Message Transaction Has Not Been Tampered With Message Has Not Been Playedback Message Is In The Clear Message Comes From Valid Service Consumer Message Comes From Valid User User Has Proper Permission To Access Specified Security Realm User Has Delegated Authority To Consumer (Confirmation May be Necessary) User Has Agreed To Access/License Agreement
    • 1: User SSO 2: Secure Transactions First Responder Dispatch Office 3: Delegation NOAA NGIT 3 (FRDO) GFS Model Weather WPS (Plume) Problems Orchestrating SPS WPS Worflow Consumer SOS 13 Firewall First Responder: Andy NASA
    • 14 User Security Management User Needs To Have One Place To Go To: Manage Authorized Sites Manage Grants Access/Manage Profile Access (Some of the Attributes Only) Access/Manage Services
    • 15 Max Degree Of Separation 2 Two Degrees 1 2
    • THANK YOU Pat G. Cappelaere Contact Information: =cappelaere http://blog.geobliki.com Cell:410-340-4868 pat@cappelaere.com 16