Your SlideShare is downloading. ×
0
Web Services Security
1   SensorWeb Requirements	
    Pat Cappelaere
    NASA EO-1 Team
2   Definitions
      Web Service:
       From Wikipedia, the free encyclopedia
         It is defined by the W3C as quot;a ...
Major Requirement
    The RESTFul Way




3
4   Scope
     Web Services Need To Be Accessible From An Open Network BUT Are Not
     (necessarily) On The NASA Network
...
Outside Of Scope	
 Direct Access To NASA Satellite Assets Or Sensitive Data
6   User Scope: Web 2.0
     Web Security Protocol Needs To Be Easy To Implement (Many Users Will
     Have Low-IT Capabil...
SERVIR/CATHALAC
                                                 Red Cross

          NGIT


   USGS                      ...
8   Federated Approach
     Trust Relationships Between Communities Can Be
      Permanent
      Temporary (Under Admin Co...
9   Federated Management
     Each Community Needs to Manage its Users and Services In a Satisifactory
     Manner (But No...
10   User Profile
       Standard Organizational Profile
        Example: http://www.axschema.org/types/

       Plus:
     ...
11   Service Profile
       Name / Description...
       Main URL Web Page End Point
       RSA Public Key
12   Secure Transactions
      Data Providers Need To Make Sure That:
       Message Transaction Has Not Been Tampered Wit...
1: User SSO
                                             2: Secure Transactions
           First Responder
           Disp...
14   User Security Management
      User Needs To Have One Place To Go To:
       Manage Authorized Sites
       Manage Gr...
15   Max Degree Of Separation




     2     Two Degrees
                         1   2
THANK YOU
     Pat G. Cappelaere


     Contact Information:

     =cappelaere
     http://blog.geobliki.com

     Cell:41...
Upcoming SlideShare
Loading in...5
×

Restful Security Requirements

1,715

Published on

Security Requirements for RESTful Web Services

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,715
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Restful Security Requirements"

  1. 1. Web Services Security 1 SensorWeb Requirements Pat Cappelaere NASA EO-1 Team
  2. 2. 2 Definitions Web Service: From Wikipedia, the free encyclopedia It is defined by the W3C as quot;a software system designed to support interoperable machine-to-machine interaction over a network It communicates over the HTTP protocol used on the Web. Such services tend to fall into one of two camps: SOAP/WSDL and RESTful Web Services. Both need to be supported [But our preference is to RESTful WEb Services to reduce cost of implementations/operations]
  3. 3. Major Requirement The RESTFul Way 3
  4. 4. 4 Scope Web Services Need To Be Accessible From An Open Network BUT Are Not (necessarily) On The NASA Network They Are Used To Access Data And/or Assets In A Bi-directional Manner They May Need To Communicate With Many Communities On A Permanent Or Temporary Basis (Disaster Management) Some Data To Be Exchanged May Be: Mostly Public Some Data May Be For Restricted Dissemination For Some Time Period (60days) TBD License Agreements
  5. 5. Outside Of Scope Direct Access To NASA Satellite Assets Or Sensitive Data
  6. 6. 6 User Scope: Web 2.0 Web Security Protocol Needs To Be Easy To Implement (Many Users Will Have Low-IT Capabilities) Target: Web 2.0 Mass Market Accessible Implementable in Less Than Half a Day By Neo-Geographer Leverage Existing Web 2.0 Standards As Possible To Lower Cost And Speed Up Acceptance
  7. 7. SERVIR/CATHALAC Red Cross NGIT USGS IKHANA MODIS NASA DOD SPOT GMU SensorWeb Collaboration JPL Challenge AFRICOM GEOSS RCMRD 7 Hubs NOAA Users CA Firefighters Services Sensors
  8. 8. 8 Federated Approach Trust Relationships Between Communities Can Be Permanent Temporary (Under Admin Control) [Permission Policies May Need To Be Exchanged Across Domains] Local Trust Relationship Must Be Easiliy Discoverable By Local Service Providers
  9. 9. 9 Federated Management Each Community Needs to Manage its Users and Services In a Satisifactory Manner (But Not Necessarily Identitical) Provide a Recognizable Handle for a User or a Service (passport-like, openid...) Provide An Accessable Profile for User/Service Attributes Some attributes may be read-write User Privacy Issue? User Consent May Be Required To Release Info
  10. 10. 10 User Profile Standard Organizational Profile Example: http://www.axschema.org/types/ Plus: One or More Notification URI (SMS, XMPP...) Roles/Permissions Granted By Organization Some User Profile Attributes May Need To Be Writeable By Outside Services DRM/License Agreements...
  11. 11. 11 Service Profile Name / Description... Main URL Web Page End Point RSA Public Key
  12. 12. 12 Secure Transactions Data Providers Need To Make Sure That: Message Transaction Has Not Been Tampered With Message Has Not Been Playedback Message Is In The Clear Message Comes From Valid Service Consumer Message Comes From Valid User User Has Proper Permission To Access Specified Security Realm User Has Delegated Authority To Consumer (Confirmation May be Necessary) User Has Agreed To Access/License Agreement
  13. 13. 1: User SSO 2: Secure Transactions First Responder Dispatch Office 3: Delegation NOAA NGIT 3 (FRDO) GFS Model Weather WPS (Plume) Problems Orchestrating SPS WPS Worflow Consumer SOS 13 Firewall First Responder: Andy NASA
  14. 14. 14 User Security Management User Needs To Have One Place To Go To: Manage Authorized Sites Manage Grants Access/Manage Profile Access (Some of the Attributes Only) Access/Manage Services
  15. 15. 15 Max Degree Of Separation 2 Two Degrees 1 2
  16. 16. THANK YOU Pat G. Cappelaere Contact Information: =cappelaere http://blog.geobliki.com Cell:410-340-4868 pat@cappelaere.com 16
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×