SlideShare a Scribd company logo

Interoperable Provisioning in a distributed world

Ramesh Nagappan
Ramesh Nagappan

This document discusses interoperable provisioning in a distributed environment. It provides an overview of identity provisioning approaches such as batch provisioning, LDAP replication, and using assertions. The document then discusses the Services Provisioning Markup Language (SPML) standard for interoperable provisioning and describes SPML version 2.0 features and components. It also covers implementing SPML using Java web services toolkits and SPML's relationships with WS-Security and SAML standards.

1 of 28
Download to read offline
Interoperable Provisioning in a Distributed World Mark Diodati, Burton Group Ramesh Nagappan, Sun Microsystems Sampo Kellomaki, SymLabs 02/08/07 – IAM 302
Contacts • Mark Diodati (mdiodati@burtongroup.com) • Ramesh Nagappan (Ramesh.Nagappan@Sun.COM) • Sampo Kellomaki (sampo@symlabs.com)
References • OASIS PSTC SPML 2.0 Specifications — http://docs.oasis-open.org/provision/spml-2.0-cd-01/pstc-spml2-cd-01.pdf • OpenSPML 1.0 Toolkit — www.openspml.org • JAX-WS 2.0 Reference Implementation — https://jax-ws.dev.java.net/ • Identity provisioning with SPML – Patterns and Best practices. — www.coresecuritypatterns.com • Sun Java System Identity Manager (Supports SPML 2.0) — Download at http://www.sun.com/download/products.xml?id=453fe041 • SPML: Gaining Maturity (Burton Group research document) — www.burtongroup.com/spml
Agenda • Presentation – Mark Diodati • Presentation – Ramesh Nagappan • Presentation – Sampo Kellomaki • References
Identity Management - Provisioning Identity Data Services Identities, roles, groups Provisioning Services AccessGateway Policy Enforcement Infrastructure Identity & Policy Admin Delegated admin, self-service Federation Public Identity Services Affiliate Enterprises Subjects (Users, services) Internal Business Units Platform- or application-specific policy enforcement Federation Proxy Virtualization Directory Replication Synchronization Objects (Applications, services, resources) ManagementandAudit Authenticationandreducedsign-on Access proxy Authorization Firewalls Other
Federated Provisioning • The federation standards and products are mature from a technology perspective — Provide good user SSO (authentication) for web applications — Possess some authorization capabilities — Lack user identity provisioning capabilities • Many (most) service provider (SP) applications require a non- ephemeral identity — The identity provider (IdP) and SP must agree upon a provisioning protocol to meet this requirement • How are identities provided to the SP?
Batch Approach • Using an out-of-band process, the IdP sends using provisioning information (adds, changes, deletions) to the SP • Excel spreadsheet, EDI, or other • Benefits — Low technology barrier • Challenges — Slower updates can introduce service and liability issues — IdP may not have a mechanism to verify user identities status — May introduce burdensome manual processes for both the IdP and the SP
LDAP Replication Approach Service Provider Identity Store Local LDAP StoreMaster LDAP Store (1) User information is replicated to onsite store (LDAPS) Darth Sidious Darth Sidious Service Provider Application (4) User with SAML artifact attempts access Darth Sidious (6) Application retrieves user attributes Identity Provider (IdP) (5) Application retrieves SAML assertion
Assertion Approach Identity Provider (IdP) Service Provider Identity Store Darth Sidious Service Provider Application(1) User with SAML artifact attempts access (2) Application retrieves SAML assertion (3) Application creates user identity SAML assertion Name = Darth Sidious SSN = 555-55-5555 Group = Sith Darth Sidious
Services Provisioning Markup Language (SPML) • SPML v1 approved in 2003 — Some “Essential” operations were not included (had to be customized) — Some errors in XML schema • SPML v2 OASIS standard approved in spring of 2006 — “Essential” functions included • Three profiles — DSML (most commonly used and existed in v1) — XSD (new in v2, from WS-Provisioning proposal) — SAML (currently in development) to provide tighter integration of user attributes • Good provisioning vendor support — Widely adopted by the provisioning vendors (Sun, CA, BMC, HP, Oracle, Siemens) • Improving target vendor support — Citrix, SAP, MaxWare
SPML • Benefits — Interoperable provisioning (no custom connectors required) — Reliability — Some auditing and correlation • Challenges — Requires a separate channel for federated provisioning — User schema will likely require pre-agreement — Does not provide protocol security (by intent) • Authentication and confidentiality - use HTTPS and/or WS-Security 2004 • Authorization – may be achieved via certificate trust list or may require more advanced authorization features in the future Provisioning tools can provide authorization capabilities
SPML – Federated Provisioning (2) User added
Agenda • Presentation – Mark Diodati • Presentation – Ramesh Nagappan • Presentation – Sampo Kellomaki • References
The State of SPML 2.0 • SPML 2.0 has been ratified as an OASIS standard. • Builds on the concepts of SPML 1.0 specifications. — Maintains the core protocol, basic roles, operations, data types and elements. — Core protocol enables interoperability among Provisioning service providers. • Defines modal mechanisms for executing provisioning synchronously or asynchronously. • Defines the notion of SPML Profiles. — Profiles define the agreement protocol between requestor and service provider. — SPML v2 XSD Profile and DSML v2 Profile • DSML v2 profile provides the backward compatibility with SPML 1.0 and to support LDAP and X.500 directory services — SPML v2 SAML 2.0 Profile is on its way ! • SPML 2.0 supports extended operations as “Capabilities”.
SPML 2.0 - Logical components • Requesting Authority (RA) — Client initiating the SPML requests to the provisioning system. • Provisioning Service Provider (PSP) — The identity provisioning system that listens, receives, processes SPML requests and returns responses. — Executes provisioning operations. • Provisioning Service Target (PST) — Actual resource where operations are performed. • Provisioning Service Object (PSO) — Represents the data entity on a PST. (ex. User account) Requesting Authority Provisioning Service Provider SPML Response SPML Request PSOPSO PSO Provisioning Service Targets
SPML 2.0: Operations & Capabilities • Core Operations (Mandatory) — SPML 2.0 conformant providers must implement all of them — Basic Operations • addRequest • modifyRequest • deleteRequest • lookupRequest — Discovery Operation • listTargets • Optional Capabilities — Operations that apply to a specific target and supported by a provider. — SPML 2.0 defines a set of standard capabilities • Async capability • Batch capability • Bulk capability • Password capability • Search capability • Suspend capability • Updates capability — Allows PSP define custom capabilities.
Anatomy of a SPML 2.0 Message Request Message Response Message </addRequest> </data> </dsml:attr> <dsml:value>mypasswd</dsml:value> <dsml:attr xmlns:dsml= 'urn:oasis:names:tc:DSML:2:0:core' name=‘password'> </dsml:attr> <dsml:value>JavaGuy</dsml:value> <dsml:attr xmlns:dsml= 'urn:oasis:names:tc:DSML:2:0:core' name='objectclass'> </dsml:attr> <dsml:value>mySPMLTestId</dsml:value> <dsml:attr xmlns:dsml= 'urn:oasis:names:tc:DSML:2:0:core' name='accountId'> <data> <openspml:operationalNameValuePair xmlns:openspml= 'urn:org:openspml:v2:util:xml' name='session' value='AAALPgAAYD0A'/> <addRequest xmlns='urn:oasis:names:tc:SPML:2:0' requestID='rid-spmlv2' executionMode='synchronous‘ targetID=‘xyz1`> </addResponse> </pso> </data> </dsml:attr> <dsml:value>mypasswd</dsml:value> <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name=‘password'> </dsml:attr> <dsml:value>JavaGuy</dsml:value> <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core‘ name='objectclass'> </dsml:attr> <dsml:value>mySPMLTestId</dsml:value> <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core‘ name='accountId'> <data> <psoID ID=‘mySPMLTestId'/> <pso> <openspml:operationalNameValuePair xmlns:openspml='urn:org:openspml:v2:util:xml' name='session' value='AAALPgAAYD0A'/> <addResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='success' requestID='rid-spmlv2‘ targetID=‘xyz1`>
SPML Based Provisioning via Web Services Requesting Authority Provisioning Service Provider WSDL Provisioning Service Targets SOAP WS-Security SPML UDDI
SPML Relationship with WS-Security and SAML • SPML recommends the use of SSL/TLS protocols and WS-Security for ensuring Transport-layer and Message-layer security. — SPML can take advantage of SOAP/HTTPS transport provisioning requests and responses. — XML Encryption and XML Digital Signature allows to ensure SPML message/element- level confidentiality and integrity. — WS-Security tokens (X.509, SAML Token) to authenticate provisioning service providers. • SPML supports the principles of using SAML 2.0 and Project Liberty Alliance standards. — SPML requests and responses can make use of SAML assertions as a authentication context between the requesting authority and provisioning systems. — SAML assertions from an Identity provider can be used to qualify a subject on a provisioning target.
Role of SPML in Identity Federation (Liberty ID-FF) IdentityIdentity ProviderProvider Service ProvidersService Providers (Out(Out--sourced)sourced) IDID--FF: Circle of TrustFF: Circle of Trust ServiceService ProviderProvider Service providers can issue SPML requests based on a “SAML Authorization Decision” Assertion. • Helps dynamic/on-demand provisioning of roles, privileges, resources etc. ServiceService RequesterRequester InternetInternet SPML Use SAML Assertions
Implementing SPML with Java • OpenSPML 1.0 Toolkit — Comprehensive vendor-independent Java API toolkit for SPML 2.0. — Java classes for constructing/parsing SPML requests and responses support implementing a SPML 2.0 conformant requesting authority. — Supports SPML 2.0 profiles (DSML v2 and XML Schema) and its supporting Java/XML bindings. — Web container pluggable SOAP runtime for sending/receiving SPML messages via SOAP over HTTP. • JAX-WS 2.0 — Java API toolkit for developing WS-I Basic Profile 1.1 compliant XML Web Services. — Helps to build SPML Web Services with WS-Security. • OpenSPML Toolkit can be plugged for creating SPML constructs.
Agenda • Presentation – Mark Diodati • Presentation – Ramesh Nagappan • Presentation – Sampo Kellomaki • References
Liberty Provisioning Initiatives • For avoidance of doubt — Trusted Module provisioning (liberty-idwsf-prov-v1.0-02.pdf) — Very specific target: Advanced Clients and Trusted Modules •Not applicable in this domain — General provisioning •Some marketing requirement floated •No specific approach chosen •SPML, enhanced with ID-WSF, could be an option
ID-DAP Overview MED1
Slide 24 MED1 If this is not a specification or a standard, we cannot discuss in detail, since it breaks interoperability. Mark Diodati, 1/26/2007
Health Care Use Case
Tentative Liberty Provisioning Map
Panel Discussion

Recommended

SOA for PL/SQL Developer (OPP 2010)
SOA for PL/SQL Developer (OPP 2010)SOA for PL/SQL Developer (OPP 2010)
SOA for PL/SQL Developer (OPP 2010)
Lucas Jellema
 
Introducing SOA and Oracle SOA Suite 11g for Database Professionals
Introducing SOA and Oracle SOA Suite 11g for Database ProfessionalsIntroducing SOA and Oracle SOA Suite 11g for Database Professionals
Introducing SOA and Oracle SOA Suite 11g for Database Professionals
Lucas Jellema
 
Where and when to use the Oracle Service Bus (OSB)
Where and when to use the Oracle Service Bus (OSB)Where and when to use the Oracle Service Bus (OSB)
Where and when to use the Oracle Service Bus (OSB)
Guido Schmutz
 
oracle-osb
oracle-osboracle-osb
oracle-osb
AbrarMoiz
 
SOA_BPM_12c_launch_event_SOA_track_deepdive_developerproductivityandperforman...
SOA_BPM_12c_launch_event_SOA_track_deepdive_developerproductivityandperforman...SOA_BPM_12c_launch_event_SOA_track_deepdive_developerproductivityandperforman...
SOA_BPM_12c_launch_event_SOA_track_deepdive_developerproductivityandperforman...
Getting value from IoT, Integration and Data Analytics
 
SOA Suite 12c - Service Bus new features summary
SOA Suite 12c - Service Bus new features summarySOA Suite 12c - Service Bus new features summary
SOA Suite 12c - Service Bus new features summary
Lucas Jellema
 
Exchange Server 2013 Architecture Deep Dive, Part 1
Exchange Server 2013 Architecture Deep Dive, Part 1Exchange Server 2013 Architecture Deep Dive, Part 1
Exchange Server 2013 Architecture Deep Dive, Part 1
Microsoft TechNet - Belgium and Luxembourg
 
Plongée en eaux profondes dans l'architecture du nouvel Exchange 2013
Plongée en eaux profondes dans l'architecture du nouvel Exchange 2013Plongée en eaux profondes dans l'architecture du nouvel Exchange 2013
Plongée en eaux profondes dans l'architecture du nouvel Exchange 2013
Microsoft Décideurs IT
 

Recommended

SOA for PL/SQL Developer (OPP 2010)
SOA for PL/SQL Developer (OPP 2010)SOA for PL/SQL Developer (OPP 2010)
SOA for PL/SQL Developer (OPP 2010)
Lucas Jellema
 
Introducing SOA and Oracle SOA Suite 11g for Database Professionals
Introducing SOA and Oracle SOA Suite 11g for Database ProfessionalsIntroducing SOA and Oracle SOA Suite 11g for Database Professionals
Introducing SOA and Oracle SOA Suite 11g for Database Professionals
Lucas Jellema
 
Where and when to use the Oracle Service Bus (OSB)
Where and when to use the Oracle Service Bus (OSB)Where and when to use the Oracle Service Bus (OSB)
Where and when to use the Oracle Service Bus (OSB)
Guido Schmutz
 
oracle-osb
oracle-osboracle-osb
oracle-osb
AbrarMoiz
 
SOA_BPM_12c_launch_event_SOA_track_deepdive_developerproductivityandperforman...
SOA_BPM_12c_launch_event_SOA_track_deepdive_developerproductivityandperforman...SOA_BPM_12c_launch_event_SOA_track_deepdive_developerproductivityandperforman...
SOA_BPM_12c_launch_event_SOA_track_deepdive_developerproductivityandperforman...
Getting value from IoT, Integration and Data Analytics
 
SOA Suite 12c - Service Bus new features summary
SOA Suite 12c - Service Bus new features summarySOA Suite 12c - Service Bus new features summary
SOA Suite 12c - Service Bus new features summary
Lucas Jellema
 
Exchange Server 2013 Architecture Deep Dive, Part 1
Exchange Server 2013 Architecture Deep Dive, Part 1Exchange Server 2013 Architecture Deep Dive, Part 1
Exchange Server 2013 Architecture Deep Dive, Part 1
Microsoft TechNet - Belgium and Luxembourg
 
Plongée en eaux profondes dans l'architecture du nouvel Exchange 2013
Plongée en eaux profondes dans l'architecture du nouvel Exchange 2013Plongée en eaux profondes dans l'architecture du nouvel Exchange 2013
Plongée en eaux profondes dans l'architecture du nouvel Exchange 2013
Microsoft Décideurs IT
 
Axis2 architecture and implementation
Axis2 architecture and implementationAxis2 architecture and implementation
Axis2 architecture and implementation
Sreeni I
 
Five Cool Use Cases for the Spring Component of the SOA Suite 11g
Five Cool Use Cases for the Spring Component of the SOA Suite 11gFive Cool Use Cases for the Spring Component of the SOA Suite 11g
Five Cool Use Cases for the Spring Component of the SOA Suite 11g
Guido Schmutz
 
Reusing Existing Java EE Applications from SOA Suite 11g
Reusing Existing Java EE Applications from SOA Suite 11gReusing Existing Java EE Applications from SOA Suite 11g
Reusing Existing Java EE Applications from SOA Suite 11g
Guido Schmutz
 
Oracle Service Bus vs. Oracle Enterprise Service Bus vs. BPEL
Oracle Service Bus vs. Oracle Enterprise Service Bus vs. BPELOracle Service Bus vs. Oracle Enterprise Service Bus vs. BPEL
Oracle Service Bus vs. Oracle Enterprise Service Bus vs. BPEL
Guido Schmutz
 
An Unbiased Look: Oracle SOA Suite 12c
An Unbiased Look: Oracle SOA Suite 12cAn Unbiased Look: Oracle SOA Suite 12c
An Unbiased Look: Oracle SOA Suite 12c
Revelation Technologies
 
(ATS3-PLAT01) Recent developments in Pipeline Pilot
(ATS3-PLAT01) Recent developments in Pipeline Pilot(ATS3-PLAT01) Recent developments in Pipeline Pilot
(ATS3-PLAT01) Recent developments in Pipeline Pilot
BIOVIA
 
Architecture and tools
Architecture and toolsArchitecture and tools
Architecture and tools
sanjay_jha
 
Rest API and Client OM for Developer
Rest API and Client OM for DeveloperRest API and Client OM for Developer
Rest API and Client OM for Developer
InnoTech
 
Microsoft Exchange Technology Overview
Microsoft Exchange Technology OverviewMicrosoft Exchange Technology Overview
Microsoft Exchange Technology Overview
Mike Pruett
 
Where to use OSB
Where to use OSBWhere to use OSB
Where to use OSB
Edwin Biemond
 
Annex A Project Summary
Annex A Project SummaryAnnex A Project Summary
Annex A Project Summary
Engr K A Sheikh ITIL, OCS-DB, Exadata
 
Sakai Technical (Chinese)
Sakai Technical (Chinese)Sakai Technical (Chinese)
Sakai Technical (Chinese)
jiali zhang
 
Oracle Service Bus (OSB) for the Busy IT Professonial
Oracle Service Bus (OSB) for the Busy IT Professonial Oracle Service Bus (OSB) for the Busy IT Professonial
Oracle Service Bus (OSB) for the Busy IT Professonial
Frank Munz
 
SQL Azure Federation and Scalability
SQL Azure Federation and ScalabilitySQL Azure Federation and Scalability
SQL Azure Federation and Scalability
Eduardo Castro
 
PaaS enabling Java EE applications through service meta-data and policies - J...
PaaS enabling Java EE applications through service meta-data and policies - J...PaaS enabling Java EE applications through service meta-data and policies - J...
PaaS enabling Java EE applications through service meta-data and policies - J...
Jagadish Prasath
 
SPS Belgium 2012 - End to End Security for SharePoint Farms - Michael Noel
SPS Belgium 2012 - End to End Security for SharePoint Farms - Michael NoelSPS Belgium 2012 - End to End Security for SharePoint Farms - Michael Noel
SPS Belgium 2012 - End to End Security for SharePoint Farms - Michael Noel
Michael Noel
 
Saml v2-OpenAM
Saml v2-OpenAMSaml v2-OpenAM
Saml v2-OpenAM
Pascal Flamand
 
SOA Security
SOA Security SOA Security
SOA Security
Pauli Kauppila
 
REST - Why, When and How? at AMIS25
REST - Why, When and How? at AMIS25REST - Why, When and How? at AMIS25
REST - Why, When and How? at AMIS25
Jon Petter Hjulstad
 
Otm 2013 c13_e-13b-hagan-mark-otm-soa
Otm 2013 c13_e-13b-hagan-mark-otm-soaOtm 2013 c13_e-13b-hagan-mark-otm-soa
Otm 2013 c13_e-13b-hagan-mark-otm-soa
jucaab
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Kenneth Peeples
 
Scim2012 q1update chrisphillips
Scim2012 q1update chrisphillipsScim2012 q1update chrisphillips
Scim2012 q1update chrisphillips
Chris Phillips
 

More Related Content

What's hot

Axis2 architecture and implementation
Axis2 architecture and implementationAxis2 architecture and implementation
Axis2 architecture and implementation
Sreeni I
 
Five Cool Use Cases for the Spring Component of the SOA Suite 11g
Five Cool Use Cases for the Spring Component of the SOA Suite 11gFive Cool Use Cases for the Spring Component of the SOA Suite 11g
Five Cool Use Cases for the Spring Component of the SOA Suite 11g
Guido Schmutz
 
Reusing Existing Java EE Applications from SOA Suite 11g
Reusing Existing Java EE Applications from SOA Suite 11gReusing Existing Java EE Applications from SOA Suite 11g
Reusing Existing Java EE Applications from SOA Suite 11g
Guido Schmutz
 
Oracle Service Bus vs. Oracle Enterprise Service Bus vs. BPEL
Oracle Service Bus vs. Oracle Enterprise Service Bus vs. BPELOracle Service Bus vs. Oracle Enterprise Service Bus vs. BPEL
Oracle Service Bus vs. Oracle Enterprise Service Bus vs. BPEL
Guido Schmutz
 
An Unbiased Look: Oracle SOA Suite 12c
An Unbiased Look: Oracle SOA Suite 12cAn Unbiased Look: Oracle SOA Suite 12c
An Unbiased Look: Oracle SOA Suite 12c
Revelation Technologies
 
(ATS3-PLAT01) Recent developments in Pipeline Pilot
(ATS3-PLAT01) Recent developments in Pipeline Pilot(ATS3-PLAT01) Recent developments in Pipeline Pilot
(ATS3-PLAT01) Recent developments in Pipeline Pilot
BIOVIA
 
Architecture and tools
Architecture and toolsArchitecture and tools
Architecture and tools
sanjay_jha
 
Rest API and Client OM for Developer
Rest API and Client OM for DeveloperRest API and Client OM for Developer
Rest API and Client OM for Developer
InnoTech
 
Microsoft Exchange Technology Overview
Microsoft Exchange Technology OverviewMicrosoft Exchange Technology Overview
Microsoft Exchange Technology Overview
Mike Pruett
 
Where to use OSB
Where to use OSBWhere to use OSB
Where to use OSB
Edwin Biemond
 
Annex A Project Summary
Annex A Project SummaryAnnex A Project Summary
Annex A Project Summary
Engr K A Sheikh ITIL, OCS-DB, Exadata
 
Sakai Technical (Chinese)
Sakai Technical (Chinese)Sakai Technical (Chinese)
Sakai Technical (Chinese)
jiali zhang
 
Oracle Service Bus (OSB) for the Busy IT Professonial
Oracle Service Bus (OSB) for the Busy IT Professonial Oracle Service Bus (OSB) for the Busy IT Professonial
Oracle Service Bus (OSB) for the Busy IT Professonial
Frank Munz
 
SQL Azure Federation and Scalability
SQL Azure Federation and ScalabilitySQL Azure Federation and Scalability
SQL Azure Federation and Scalability
Eduardo Castro
 
PaaS enabling Java EE applications through service meta-data and policies - J...
PaaS enabling Java EE applications through service meta-data and policies - J...PaaS enabling Java EE applications through service meta-data and policies - J...
PaaS enabling Java EE applications through service meta-data and policies - J...
Jagadish Prasath
 
SPS Belgium 2012 - End to End Security for SharePoint Farms - Michael Noel
SPS Belgium 2012 - End to End Security for SharePoint Farms - Michael NoelSPS Belgium 2012 - End to End Security for SharePoint Farms - Michael Noel
SPS Belgium 2012 - End to End Security for SharePoint Farms - Michael Noel
Michael Noel
 

What's hot (16)

Axis2 architecture and implementation
Axis2 architecture and implementationAxis2 architecture and implementation
Axis2 architecture and implementation
 
Five Cool Use Cases for the Spring Component of the SOA Suite 11g
Five Cool Use Cases for the Spring Component of the SOA Suite 11gFive Cool Use Cases for the Spring Component of the SOA Suite 11g
Five Cool Use Cases for the Spring Component of the SOA Suite 11g
 
Reusing Existing Java EE Applications from SOA Suite 11g
Reusing Existing Java EE Applications from SOA Suite 11gReusing Existing Java EE Applications from SOA Suite 11g
Reusing Existing Java EE Applications from SOA Suite 11g
 
Oracle Service Bus vs. Oracle Enterprise Service Bus vs. BPEL
Oracle Service Bus vs. Oracle Enterprise Service Bus vs. BPELOracle Service Bus vs. Oracle Enterprise Service Bus vs. BPEL
Oracle Service Bus vs. Oracle Enterprise Service Bus vs. BPEL
 
An Unbiased Look: Oracle SOA Suite 12c
An Unbiased Look: Oracle SOA Suite 12cAn Unbiased Look: Oracle SOA Suite 12c
An Unbiased Look: Oracle SOA Suite 12c
 
(ATS3-PLAT01) Recent developments in Pipeline Pilot
(ATS3-PLAT01) Recent developments in Pipeline Pilot(ATS3-PLAT01) Recent developments in Pipeline Pilot
(ATS3-PLAT01) Recent developments in Pipeline Pilot
 
Architecture and tools
Architecture and toolsArchitecture and tools
Architecture and tools
 
Rest API and Client OM for Developer
Rest API and Client OM for DeveloperRest API and Client OM for Developer
Rest API and Client OM for Developer
 
Microsoft Exchange Technology Overview
Microsoft Exchange Technology OverviewMicrosoft Exchange Technology Overview
Microsoft Exchange Technology Overview
 
Where to use OSB
Where to use OSBWhere to use OSB
Where to use OSB
 
Annex A Project Summary
Annex A Project SummaryAnnex A Project Summary
Annex A Project Summary
 
Sakai Technical (Chinese)
Sakai Technical (Chinese)Sakai Technical (Chinese)
Sakai Technical (Chinese)
 
Oracle Service Bus (OSB) for the Busy IT Professonial
Oracle Service Bus (OSB) for the Busy IT Professonial Oracle Service Bus (OSB) for the Busy IT Professonial
Oracle Service Bus (OSB) for the Busy IT Professonial
 
SQL Azure Federation and Scalability
SQL Azure Federation and ScalabilitySQL Azure Federation and Scalability
SQL Azure Federation and Scalability
 
PaaS enabling Java EE applications through service meta-data and policies - J...
PaaS enabling Java EE applications through service meta-data and policies - J...PaaS enabling Java EE applications through service meta-data and policies - J...
PaaS enabling Java EE applications through service meta-data and policies - J...
 
SPS Belgium 2012 - End to End Security for SharePoint Farms - Michael Noel
SPS Belgium 2012 - End to End Security for SharePoint Farms - Michael NoelSPS Belgium 2012 - End to End Security for SharePoint Farms - Michael Noel
SPS Belgium 2012 - End to End Security for SharePoint Farms - Michael Noel
 

Similar to Interoperable Provisioning in a distributed world

Saml v2-OpenAM
Saml v2-OpenAMSaml v2-OpenAM
Saml v2-OpenAM
Pascal Flamand
 
SOA Security
SOA Security SOA Security
SOA Security
Pauli Kauppila
 
REST - Why, When and How? at AMIS25
REST - Why, When and How? at AMIS25REST - Why, When and How? at AMIS25
REST - Why, When and How? at AMIS25
Jon Petter Hjulstad
 
Otm 2013 c13_e-13b-hagan-mark-otm-soa
Otm 2013 c13_e-13b-hagan-mark-otm-soaOtm 2013 c13_e-13b-hagan-mark-otm-soa
Otm 2013 c13_e-13b-hagan-mark-otm-soa
jucaab
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Kenneth Peeples
 
Scim2012 q1update chrisphillips
Scim2012 q1update chrisphillipsScim2012 q1update chrisphillips
Scim2012 q1update chrisphillips
Chris Phillips
 
OUGN 2016: Experiences with REST support on OSB/SOA Suite
OUGN 2016: Experiences with REST support on OSB/SOA SuiteOUGN 2016: Experiences with REST support on OSB/SOA Suite
OUGN 2016: Experiences with REST support on OSB/SOA Suite
Jon Petter Hjulstad
 
Web service architecture
Web service architectureWeb service architecture
Web service architecture
Muhammad Shahroz Anwar
 
Rich Services: Composable chat
Rich Services: Composable chatRich Services: Composable chat
Rich Services: Composable chat
bdemchak
 
Intorduction to Datapower
Intorduction to DatapowerIntorduction to Datapower
Intorduction to Datapower
Shilpin Pvt. Ltd.
 
Data Power Architectural Patterns - Jagadish Vemugunta
Data Power Architectural Patterns - Jagadish VemuguntaData Power Architectural Patterns - Jagadish Vemugunta
Data Power Architectural Patterns - Jagadish Vemugunta
floridawusergroup
 
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMStandardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIM
WSO2
 
Opal: Simple Web Services Wrappers for Scientific Applications
Opal: Simple Web Services Wrappers for Scientific ApplicationsOpal: Simple Web Services Wrappers for Scientific Applications
Opal: Simple Web Services Wrappers for Scientific Applications
Sriram Krishnan
 
Better IT Operations and Security through Enhanced z/OS Analytics: New Featur...
Better IT Operations and Security through Enhanced z/OS Analytics: New Featur...Better IT Operations and Security through Enhanced z/OS Analytics: New Featur...
Better IT Operations and Security through Enhanced z/OS Analytics: New Featur...
Precisely
 
SOAP WEB TECHNOLOGIES
SOAP WEB TECHNOLOGIESSOAP WEB TECHNOLOGIES
SOAP WEB TECHNOLOGIES
tamilmozhiyaltamilmo
 
Fiware - communicating with ROS robots using Fast RTPS
Fiware - communicating with ROS robots using Fast RTPSFiware - communicating with ROS robots using Fast RTPS
Fiware - communicating with ROS robots using Fast RTPS
Jaime Martin Losa
 
dist-access. access control in distributed systemspdf
dist-access. access control in distributed systemspdfdist-access. access control in distributed systemspdf
dist-access. access control in distributed systemspdf
NohaNagy5
 
Identity Management Standardization in the cloud computing
Identity Management Standardization in the cloud computingIdentity Management Standardization in the cloud computing
Identity Management Standardization in the cloud computing
OmerZia11
 
SOA Solution Patterns
SOA Solution PatternsSOA Solution Patterns
SOA Solution Patterns
WSO2
 
Data centric mls rhel ecosystem
Data centric mls rhel ecosystemData centric mls rhel ecosystem
Data centric mls rhel ecosystem
inside-BigData.com
 

Similar to Interoperable Provisioning in a distributed world (20)

Saml v2-OpenAM
Saml v2-OpenAMSaml v2-OpenAM
Saml v2-OpenAM
 
SOA Security
SOA Security SOA Security
SOA Security
 
REST - Why, When and How? at AMIS25
REST - Why, When and How? at AMIS25REST - Why, When and How? at AMIS25
REST - Why, When and How? at AMIS25
 
Otm 2013 c13_e-13b-hagan-mark-otm-soa
Otm 2013 c13_e-13b-hagan-mark-otm-soaOtm 2013 c13_e-13b-hagan-mark-otm-soa
Otm 2013 c13_e-13b-hagan-mark-otm-soa
 
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
Peeples authentication authorization_services_with_saml_xacml_with_jboss_eap6
 
Scim2012 q1update chrisphillips
Scim2012 q1update chrisphillipsScim2012 q1update chrisphillips
Scim2012 q1update chrisphillips
 
OUGN 2016: Experiences with REST support on OSB/SOA Suite
OUGN 2016: Experiences with REST support on OSB/SOA SuiteOUGN 2016: Experiences with REST support on OSB/SOA Suite
OUGN 2016: Experiences with REST support on OSB/SOA Suite
 
Web service architecture
Web service architectureWeb service architecture
Web service architecture
 
Rich Services: Composable chat
Rich Services: Composable chatRich Services: Composable chat
Rich Services: Composable chat
 
Intorduction to Datapower
Intorduction to DatapowerIntorduction to Datapower
Intorduction to Datapower
 
Data Power Architectural Patterns - Jagadish Vemugunta
Data Power Architectural Patterns - Jagadish VemuguntaData Power Architectural Patterns - Jagadish Vemugunta
Data Power Architectural Patterns - Jagadish Vemugunta
 
Standardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIMStandardizing Identity Provisioning with SCIM
Standardizing Identity Provisioning with SCIM
 
Opal: Simple Web Services Wrappers for Scientific Applications
Opal: Simple Web Services Wrappers for Scientific ApplicationsOpal: Simple Web Services Wrappers for Scientific Applications
Opal: Simple Web Services Wrappers for Scientific Applications
 
Better IT Operations and Security through Enhanced z/OS Analytics: New Featur...
Better IT Operations and Security through Enhanced z/OS Analytics: New Featur...Better IT Operations and Security through Enhanced z/OS Analytics: New Featur...
Better IT Operations and Security through Enhanced z/OS Analytics: New Featur...
 
SOAP WEB TECHNOLOGIES
SOAP WEB TECHNOLOGIESSOAP WEB TECHNOLOGIES
SOAP WEB TECHNOLOGIES
 
Fiware - communicating with ROS robots using Fast RTPS
Fiware - communicating with ROS robots using Fast RTPSFiware - communicating with ROS robots using Fast RTPS
Fiware - communicating with ROS robots using Fast RTPS
 
dist-access. access control in distributed systemspdf
dist-access. access control in distributed systemspdfdist-access. access control in distributed systemspdf
dist-access. access control in distributed systemspdf
 
Identity Management Standardization in the cloud computing
Identity Management Standardization in the cloud computingIdentity Management Standardization in the cloud computing
Identity Management Standardization in the cloud computing
 
SOA Solution Patterns
SOA Solution PatternsSOA Solution Patterns
SOA Solution Patterns
 
Data centric mls rhel ecosystem
Data centric mls rhel ecosystemData centric mls rhel ecosystem
Data centric mls rhel ecosystem
 

More from Ramesh Nagappan

Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewPost Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical Overview
Ramesh Nagappan
 
Biometric Authentication for J2EE applications - JavaONE 2005
Biometric Authentication for J2EE applications - JavaONE 2005Biometric Authentication for J2EE applications - JavaONE 2005
Biometric Authentication for J2EE applications - JavaONE 2005
Ramesh Nagappan
 
Secure Multitenancy on Oracle SuperCluster
Secure Multitenancy on Oracle SuperClusterSecure Multitenancy on Oracle SuperCluster
Secure Multitenancy on Oracle SuperCluster
Ramesh Nagappan
 
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Ramesh Nagappan
 
High Performance Security and Virtualization for Oracle Database and Cloud-En...
High Performance Security and Virtualization for Oracle Database and Cloud-En...High Performance Security and Virtualization for Oracle Database and Cloud-En...
High Performance Security and Virtualization for Oracle Database and Cloud-En...
Ramesh Nagappan
 
High Performance Security With SPARC T4 Hardware Assisted Cryptography
High Performance Security With SPARC T4 Hardware Assisted CryptographyHigh Performance Security With SPARC T4 Hardware Assisted Cryptography
High Performance Security With SPARC T4 Hardware Assisted Cryptography
Ramesh Nagappan
 
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Ramesh Nagappan
 
ICAM - Demo Architecture review
ICAM - Demo Architecture reviewICAM - Demo Architecture review
ICAM - Demo Architecture review
Ramesh Nagappan
 
Government Citizen ID using Java Card Platform
Government Citizen ID using Java Card PlatformGovernment Citizen ID using Java Card Platform
Government Citizen ID using Java Card Platform
Ramesh Nagappan
 
PIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environmentPIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environment
Ramesh Nagappan
 
Java Platform Security Architecture
Java Platform Security ArchitectureJava Platform Security Architecture
Java Platform Security Architecture
Ramesh Nagappan
 
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access ControlManaging PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Ramesh Nagappan
 
Stronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSOStronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSO
Ramesh Nagappan
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
Ramesh Nagappan
 
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityWire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Ramesh Nagappan
 

More from Ramesh Nagappan (15)

Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewPost Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical Overview
 
Biometric Authentication for J2EE applications - JavaONE 2005
Biometric Authentication for J2EE applications - JavaONE 2005Biometric Authentication for J2EE applications - JavaONE 2005
Biometric Authentication for J2EE applications - JavaONE 2005
 
Secure Multitenancy on Oracle SuperCluster
Secure Multitenancy on Oracle SuperClusterSecure Multitenancy on Oracle SuperCluster
Secure Multitenancy on Oracle SuperCluster
 
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
 
High Performance Security and Virtualization for Oracle Database and Cloud-En...
High Performance Security and Virtualization for Oracle Database and Cloud-En...High Performance Security and Virtualization for Oracle Database and Cloud-En...
High Performance Security and Virtualization for Oracle Database and Cloud-En...
 
High Performance Security With SPARC T4 Hardware Assisted Cryptography
High Performance Security With SPARC T4 Hardware Assisted CryptographyHigh Performance Security With SPARC T4 Hardware Assisted Cryptography
High Performance Security With SPARC T4 Hardware Assisted Cryptography
 
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
 
ICAM - Demo Architecture review
ICAM - Demo Architecture reviewICAM - Demo Architecture review
ICAM - Demo Architecture review
 
Government Citizen ID using Java Card Platform
Government Citizen ID using Java Card PlatformGovernment Citizen ID using Java Card Platform
Government Citizen ID using Java Card Platform
 
PIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environmentPIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environment
 
Java Platform Security Architecture
Java Platform Security ArchitectureJava Platform Security Architecture
Java Platform Security Architecture
 
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access ControlManaging PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
 
Stronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSOStronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSO
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
 
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityWire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
 

Recently uploaded

Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
saastr
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
alexjohnson7307
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
HarisZaheer8
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
Pravash Chandra Das
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 

Recently uploaded (20)

Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 

Interoperable Provisioning in a distributed world

  • 1. Interoperable Provisioning in a Distributed World Mark Diodati, Burton Group Ramesh Nagappan, Sun Microsystems Sampo Kellomaki, SymLabs 02/08/07 – IAM 302
  • 2. Contacts • Mark Diodati (mdiodati@burtongroup.com) • Ramesh Nagappan (Ramesh.Nagappan@Sun.COM) • Sampo Kellomaki (sampo@symlabs.com)
  • 3. References • OASIS PSTC SPML 2.0 Specifications — http://docs.oasis-open.org/provision/spml-2.0-cd-01/pstc-spml2-cd-01.pdf • OpenSPML 1.0 Toolkit — www.openspml.org • JAX-WS 2.0 Reference Implementation — https://jax-ws.dev.java.net/ • Identity provisioning with SPML – Patterns and Best practices. — www.coresecuritypatterns.com • Sun Java System Identity Manager (Supports SPML 2.0) — Download at http://www.sun.com/download/products.xml?id=453fe041 • SPML: Gaining Maturity (Burton Group research document) — www.burtongroup.com/spml
  • 4. Agenda • Presentation – Mark Diodati • Presentation – Ramesh Nagappan • Presentation – Sampo Kellomaki • References
  • 5. Identity Management - Provisioning Identity Data Services Identities, roles, groups Provisioning Services AccessGateway Policy Enforcement Infrastructure Identity & Policy Admin Delegated admin, self-service Federation Public Identity Services Affiliate Enterprises Subjects (Users, services) Internal Business Units Platform- or application-specific policy enforcement Federation Proxy Virtualization Directory Replication Synchronization Objects (Applications, services, resources) ManagementandAudit Authenticationandreducedsign-on Access proxy Authorization Firewalls Other
  • 6. Federated Provisioning • The federation standards and products are mature from a technology perspective — Provide good user SSO (authentication) for web applications — Possess some authorization capabilities — Lack user identity provisioning capabilities • Many (most) service provider (SP) applications require a non- ephemeral identity — The identity provider (IdP) and SP must agree upon a provisioning protocol to meet this requirement • How are identities provided to the SP?
  • 7. Batch Approach • Using an out-of-band process, the IdP sends using provisioning information (adds, changes, deletions) to the SP • Excel spreadsheet, EDI, or other • Benefits — Low technology barrier • Challenges — Slower updates can introduce service and liability issues — IdP may not have a mechanism to verify user identities status — May introduce burdensome manual processes for both the IdP and the SP
  • 8. LDAP Replication Approach Service Provider Identity Store Local LDAP StoreMaster LDAP Store (1) User information is replicated to onsite store (LDAPS) Darth Sidious Darth Sidious Service Provider Application (4) User with SAML artifact attempts access Darth Sidious (6) Application retrieves user attributes Identity Provider (IdP) (5) Application retrieves SAML assertion
  • 9. Assertion Approach Identity Provider (IdP) Service Provider Identity Store Darth Sidious Service Provider Application(1) User with SAML artifact attempts access (2) Application retrieves SAML assertion (3) Application creates user identity SAML assertion Name = Darth Sidious SSN = 555-55-5555 Group = Sith Darth Sidious
  • 10. Services Provisioning Markup Language (SPML) • SPML v1 approved in 2003 — Some “Essential” operations were not included (had to be customized) — Some errors in XML schema • SPML v2 OASIS standard approved in spring of 2006 — “Essential” functions included • Three profiles — DSML (most commonly used and existed in v1) — XSD (new in v2, from WS-Provisioning proposal) — SAML (currently in development) to provide tighter integration of user attributes • Good provisioning vendor support — Widely adopted by the provisioning vendors (Sun, CA, BMC, HP, Oracle, Siemens) • Improving target vendor support — Citrix, SAP, MaxWare
  • 11. SPML • Benefits — Interoperable provisioning (no custom connectors required) — Reliability — Some auditing and correlation • Challenges — Requires a separate channel for federated provisioning — User schema will likely require pre-agreement — Does not provide protocol security (by intent) • Authentication and confidentiality - use HTTPS and/or WS-Security 2004 • Authorization – may be achieved via certificate trust list or may require more advanced authorization features in the future Provisioning tools can provide authorization capabilities
  • 12. SPML – Federated Provisioning (2) User added
  • 13. Agenda • Presentation – Mark Diodati • Presentation – Ramesh Nagappan • Presentation – Sampo Kellomaki • References
  • 14. The State of SPML 2.0 • SPML 2.0 has been ratified as an OASIS standard. • Builds on the concepts of SPML 1.0 specifications. — Maintains the core protocol, basic roles, operations, data types and elements. — Core protocol enables interoperability among Provisioning service providers. • Defines modal mechanisms for executing provisioning synchronously or asynchronously. • Defines the notion of SPML Profiles. — Profiles define the agreement protocol between requestor and service provider. — SPML v2 XSD Profile and DSML v2 Profile • DSML v2 profile provides the backward compatibility with SPML 1.0 and to support LDAP and X.500 directory services — SPML v2 SAML 2.0 Profile is on its way ! • SPML 2.0 supports extended operations as “Capabilities”.
  • 15. SPML 2.0 - Logical components • Requesting Authority (RA) — Client initiating the SPML requests to the provisioning system. • Provisioning Service Provider (PSP) — The identity provisioning system that listens, receives, processes SPML requests and returns responses. — Executes provisioning operations. • Provisioning Service Target (PST) — Actual resource where operations are performed. • Provisioning Service Object (PSO) — Represents the data entity on a PST. (ex. User account) Requesting Authority Provisioning Service Provider SPML Response SPML Request PSOPSO PSO Provisioning Service Targets
  • 16. SPML 2.0: Operations & Capabilities • Core Operations (Mandatory) — SPML 2.0 conformant providers must implement all of them — Basic Operations • addRequest • modifyRequest • deleteRequest • lookupRequest — Discovery Operation • listTargets • Optional Capabilities — Operations that apply to a specific target and supported by a provider. — SPML 2.0 defines a set of standard capabilities • Async capability • Batch capability • Bulk capability • Password capability • Search capability • Suspend capability • Updates capability — Allows PSP define custom capabilities.
  • 17. Anatomy of a SPML 2.0 Message Request Message Response Message </addRequest> </data> </dsml:attr> <dsml:value>mypasswd</dsml:value> <dsml:attr xmlns:dsml= 'urn:oasis:names:tc:DSML:2:0:core' name=‘password'> </dsml:attr> <dsml:value>JavaGuy</dsml:value> <dsml:attr xmlns:dsml= 'urn:oasis:names:tc:DSML:2:0:core' name='objectclass'> </dsml:attr> <dsml:value>mySPMLTestId</dsml:value> <dsml:attr xmlns:dsml= 'urn:oasis:names:tc:DSML:2:0:core' name='accountId'> <data> <openspml:operationalNameValuePair xmlns:openspml= 'urn:org:openspml:v2:util:xml' name='session' value='AAALPgAAYD0A'/> <addRequest xmlns='urn:oasis:names:tc:SPML:2:0' requestID='rid-spmlv2' executionMode='synchronous‘ targetID=‘xyz1`> </addResponse> </pso> </data> </dsml:attr> <dsml:value>mypasswd</dsml:value> <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name=‘password'> </dsml:attr> <dsml:value>JavaGuy</dsml:value> <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core‘ name='objectclass'> </dsml:attr> <dsml:value>mySPMLTestId</dsml:value> <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core‘ name='accountId'> <data> <psoID ID=‘mySPMLTestId'/> <pso> <openspml:operationalNameValuePair xmlns:openspml='urn:org:openspml:v2:util:xml' name='session' value='AAALPgAAYD0A'/> <addResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='success' requestID='rid-spmlv2‘ targetID=‘xyz1`>
  • 18. SPML Based Provisioning via Web Services Requesting Authority Provisioning Service Provider WSDL Provisioning Service Targets SOAP WS-Security SPML UDDI
  • 19. SPML Relationship with WS-Security and SAML • SPML recommends the use of SSL/TLS protocols and WS-Security for ensuring Transport-layer and Message-layer security. — SPML can take advantage of SOAP/HTTPS transport provisioning requests and responses. — XML Encryption and XML Digital Signature allows to ensure SPML message/element- level confidentiality and integrity. — WS-Security tokens (X.509, SAML Token) to authenticate provisioning service providers. • SPML supports the principles of using SAML 2.0 and Project Liberty Alliance standards. — SPML requests and responses can make use of SAML assertions as a authentication context between the requesting authority and provisioning systems. — SAML assertions from an Identity provider can be used to qualify a subject on a provisioning target.
  • 20. Role of SPML in Identity Federation (Liberty ID-FF) IdentityIdentity ProviderProvider Service ProvidersService Providers (Out(Out--sourced)sourced) IDID--FF: Circle of TrustFF: Circle of Trust ServiceService ProviderProvider Service providers can issue SPML requests based on a “SAML Authorization Decision” Assertion. • Helps dynamic/on-demand provisioning of roles, privileges, resources etc. ServiceService RequesterRequester InternetInternet SPML Use SAML Assertions
  • 21. Implementing SPML with Java • OpenSPML 1.0 Toolkit — Comprehensive vendor-independent Java API toolkit for SPML 2.0. — Java classes for constructing/parsing SPML requests and responses support implementing a SPML 2.0 conformant requesting authority. — Supports SPML 2.0 profiles (DSML v2 and XML Schema) and its supporting Java/XML bindings. — Web container pluggable SOAP runtime for sending/receiving SPML messages via SOAP over HTTP. • JAX-WS 2.0 — Java API toolkit for developing WS-I Basic Profile 1.1 compliant XML Web Services. — Helps to build SPML Web Services with WS-Security. • OpenSPML Toolkit can be plugged for creating SPML constructs.
  • 22. Agenda • Presentation – Mark Diodati • Presentation – Ramesh Nagappan • Presentation – Sampo Kellomaki • References
  • 23. Liberty Provisioning Initiatives • For avoidance of doubt — Trusted Module provisioning (liberty-idwsf-prov-v1.0-02.pdf) — Very specific target: Advanced Clients and Trusted Modules •Not applicable in this domain — General provisioning •Some marketing requirement floated •No specific approach chosen •SPML, enhanced with ID-WSF, could be an option
  • 25. Slide 24 MED1 If this is not a specification or a standard, we cannot discuss in detail, since it breaks interoperability. Mark Diodati, 1/26/2007