Your SlideShare is downloading. ×
Restful Security Requirements
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Restful Security Requirements


Published on

Security Requirements for RESTful Web Services

Security Requirements for RESTful Web Services

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Web Services Security 1 SensorWeb Requirements Pat Cappelaere NASA EO-1 Team
  • 2. 2 Definitions Web Service: From Wikipedia, the free encyclopedia It is defined by the W3C as quot;a software system designed to support interoperable machine-to-machine interaction over a network It communicates over the HTTP protocol used on the Web. Such services tend to fall into one of two camps: SOAP/WSDL and RESTful Web Services. Both need to be supported [But our preference is to RESTful WEb Services to reduce cost of implementations/operations]
  • 3. Major Requirement The RESTFul Way 3
  • 4. 4 Scope Web Services Need To Be Accessible From An Open Network BUT Are Not (necessarily) On The NASA Network They Are Used To Access Data And/or Assets In A Bi-directional Manner They May Need To Communicate With Many Communities On A Permanent Or Temporary Basis (Disaster Management) Some Data To Be Exchanged May Be: Mostly Public Some Data May Be For Restricted Dissemination For Some Time Period (60days) TBD License Agreements
  • 5. Outside Of Scope Direct Access To NASA Satellite Assets Or Sensitive Data
  • 6. 6 User Scope: Web 2.0 Web Security Protocol Needs To Be Easy To Implement (Many Users Will Have Low-IT Capabilities) Target: Web 2.0 Mass Market Accessible Implementable in Less Than Half a Day By Neo-Geographer Leverage Existing Web 2.0 Standards As Possible To Lower Cost And Speed Up Acceptance
  • 7. SERVIR/CATHALAC Red Cross NGIT USGS IKHANA MODIS NASA DOD SPOT GMU SensorWeb Collaboration JPL Challenge AFRICOM GEOSS RCMRD 7 Hubs NOAA Users CA Firefighters Services Sensors
  • 8. 8 Federated Approach Trust Relationships Between Communities Can Be Permanent Temporary (Under Admin Control) [Permission Policies May Need To Be Exchanged Across Domains] Local Trust Relationship Must Be Easiliy Discoverable By Local Service Providers
  • 9. 9 Federated Management Each Community Needs to Manage its Users and Services In a Satisifactory Manner (But Not Necessarily Identitical) Provide a Recognizable Handle for a User or a Service (passport-like, openid...) Provide An Accessable Profile for User/Service Attributes Some attributes may be read-write User Privacy Issue? User Consent May Be Required To Release Info
  • 10. 10 User Profile Standard Organizational Profile Example: Plus: One or More Notification URI (SMS, XMPP...) Roles/Permissions Granted By Organization Some User Profile Attributes May Need To Be Writeable By Outside Services DRM/License Agreements...
  • 11. 11 Service Profile Name / Description... Main URL Web Page End Point RSA Public Key
  • 12. 12 Secure Transactions Data Providers Need To Make Sure That: Message Transaction Has Not Been Tampered With Message Has Not Been Playedback Message Is In The Clear Message Comes From Valid Service Consumer Message Comes From Valid User User Has Proper Permission To Access Specified Security Realm User Has Delegated Authority To Consumer (Confirmation May be Necessary) User Has Agreed To Access/License Agreement
  • 13. 1: User SSO 2: Secure Transactions First Responder Dispatch Office 3: Delegation NOAA NGIT 3 (FRDO) GFS Model Weather WPS (Plume) Problems Orchestrating SPS WPS Worflow Consumer SOS 13 Firewall First Responder: Andy NASA
  • 14. 14 User Security Management User Needs To Have One Place To Go To: Manage Authorized Sites Manage Grants Access/Manage Profile Access (Some of the Attributes Only) Access/Manage Services
  • 15. 15 Max Degree Of Separation 2 Two Degrees 1 2
  • 16. THANK YOU Pat G. Cappelaere Contact Information: =cappelaere Cell:410-340-4868 16