Turmeric SOA - Security and Policy

841 views

Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Turmeric SOA - Security and Policy

  1. 1. Intalio – eBayOpenSource.org Launch Webinar 24 May 2011
  2. 2. Agenda Introductions Architecture Overview Monitoring Console and Policy Admin Demos What just happened? Security Services Overview Get Involved
  3. 3. Your Presenter David Carver – Columbus, OH Intalio Project Lead Eclipse: Architecture Council Member, Eclipse Committer - XSL Tools, Vex, XQuery, Xpath 2.0 Processor, Dash EclipseCon program commiitee member, 2010, 2011 Former XML Data Architect for STAR. Twitter: kingargyle Blog: http://intellectualcramps.wordpress.com GitHub: github.com/kingargyle
  4. 4. Architecture
  5. 5. Monitoring Console Demo
  6. 6. Policy Adminstration Demo
  7. 7. Hydroelectric pipelines leading to Kinlochleven, Scottland Pipelines for Decoupling Services
  8. 9. Communicating with Services <ul><li>Direct Communication </li><ul><li>Pipeline Handlers
  9. 10. Allows for a series of Services to be Called and Pre-Condition Checks to Occur
  10. 11. Decoupling of the Business Process from the Service. </li></ul><li>Remote Invocation </li><ul><li>Consumers – can be Turmeric, Axis2, XMLHTTP, etc. </li></ul></ul>
  11. 12. <request-handlers> <chain name=&quot;servicehandlers&quot;> <handler name=&quot;ServerCredentialHandler&quot;> <class-name> org.ebayopensource.turmeric.securitycommon.spf.impl.handlers.ServerCredentialHandler </class-name> <options> < option name=&quot;credential-userid&quot;>X-TURMERIC-SECURITY-USERID</option> <option name=&quot;credential-password&quot;>X-TURMERIC-SECURITY-PASSWORD</option> </options> </handler> <handler name=&quot;AuthenticationHandler&quot;> <class-name> org.ebayopensource.turmeric.services.authenticationservice.impl.handler.AuthenticationHandler </class-name> </handler> <handler name=&quot;AuthorizationHandler&quot;> <class-name> org.ebayopensource.turmeric.services.authorizationservice.impl.handler.AuthorizationHandler </class-name> </handler> <handler name=&quot;ObjectAuthorizationHandler&quot;> <class-name>org.ebayopensource.turmeric.services.authorizationservice.impl.handler.ObjectAuthorizationHandler</class-name> <options> <option name=&quot; objectXpath &quot;> PolicyService:deleteSubjectGroups:deleteSubjectGroupsRequest/subjectGroupKey/subjectGroupName; PolicyService:deleteSubjectGroups:deleteSubjectGroupsRequest/subjectGroupKey/subjectGroupId; PolicyService:updateSubjectGroups:updateSubjectGroupsRequest/subjectGroups/SubjectMatch/AttributeValue; PolicyService:updateSubjectGroups:updateSubjectGroupsRequest/subjectGroups@SubjectGroupName; PolicyService:updatePolicy:updatePolicyRequest/policy@PolicyName; PolicyService:updatePolicy:updatePolicyRequest/policy@PolicyId; PolicyService:disablePolicy:disablePolicyRequest/policyKey/policyName; PolicyService:disablePolicy:disablePolicyRequest/policyKey/policyId; PolicyService:enablePolicy:enablePolicyRequest/policyKey/policyName; PolicyService:enablePolicy:enablePolicyRequest/policyKey/policyId; PolicyService:deletePolicy:deletePolicyRequest/policyKey/policyName; PolicyService:deletePolicy:deletePolicyRequest/policyKey/policyId; </option> <option name=&quot;skip-on-local&quot;>true</option> </options> </handler> </chain> </request-handlers> Pipeline Configuration – Policy Service
  12. 13. Security and Policy Services Gluing Everything Together
  13. 14. Policy Enforcement Service Monitoring Console Policy Admin All Call Policy Service
  14. 15. Authorization Service
  15. 17. Policy Service <ul><li>Manages Polices </li><ul><li>Creation, Deletion, Update of Policies
  16. 18. Assignment of Users, Groups, Resources
  17. 19. Configurable Types of Policies through Providers </li></ul><li>Data Structure </li><ul><li>XACML – Based on the OASIS standard.
  18. 20. Does not implement the processing of Policies just their storage and retrieval.
  19. 21. Turmeric provides a DAO implementation using MySQL and Hibernate
  20. 22. Adopters can add their own providers </li></ul></ul>
  21. 23. Get Involved <ul><li>Project Home </li></ul><ul><ul><li>https://www.ebayopensource.org/index.php/Turmeric/HomePage </li></ul><li>Documentation </li><ul><li>https://www.ebayopensource.org/index.php/Documentation/Home </li></ul><li>Support </li><ul><li>Forums https://www.ebayopensource.org/forum/
  22. 24. IRC – freenode.net #turmeric and #turmeric-dev
  23. 25. Paid Support - Intalio </li></ul><li>Downloads </li><ul><li>https://www.ebayopensource.org/index.php/Turmeric/Downloads </li></ul><li>How to Contribute </li><ul><li>https://www.ebayopensource.org/index.php/Turmeric/Contributing </li></ul></ul>

×