Restful Security Requirements

•

0 likes•826 views

The document discusses requirements for securing web services used by the SensorWeb project. It defines web services and notes a preference for RESTful services. The scope includes making services accessible over open networks while protecting data. Services may need to communicate with multiple communities and exchange some public or time-limited data. User profiles and service profiles are proposed to help manage access and transactions securely across administrative domains. The goal is to make security easy to implement for many users, including those with limited technical skills.

Technology

Web Services Security
1 SensorWeb Requirements
Pat Cappelaere
NASA EO-1 Team

2 Deﬁnitions
Web Service:
From Wikipedia, the free encyclopedia
It is deﬁned by the W3C as quot;a software system designed to support
interoperable machine-to-machine interaction over a network
It communicates over the HTTP protocol used on the Web. Such services tend
to fall into one of two camps: SOAP/WSDL and RESTful Web Services.
Both need to be supported [But our preference is to RESTful WEb Services to
reduce cost of implementations/operations]

4 Scope
Web Services Need To Be Accessible From An Open Network BUT Are Not
(necessarily) On The NASA Network
They Are Used To Access Data And/or Assets In A Bi-directional Manner
They May Need To Communicate With Many Communities On A Permanent
Or Temporary Basis (Disaster Management)
Some Data To Be Exchanged May Be:
Mostly Public

Some Data May Be For Restricted Dissemination For Some Time Period (60days)
TBD License Agreements

Outside Of Scope
Direct Access To NASA Satellite Assets Or Sensitive Data

6 User Scope: Web 2.0
Web Security Protocol Needs To Be Easy To Implement (Many Users Will
Have Low-IT Capabilities)
Target: Web 2.0 Mass Market Accessible
Implementable in Less Than Half a Day By Neo-Geographer

Leverage Existing Web 2.0 Standards As Possible To Lower Cost And Speed
Up Acceptance

SERVIR/CATHALAC
Red Cross

NGIT

USGS IKHANA
MODIS

NASA
DOD
SPOT
GMU SensorWeb
Collaboration
JPL
Challenge
AFRICOM
GEOSS

RCMRD

7
Hubs

NOAA Users

CA Fireﬁghters Services

Sensors

8 Federated Approach
Trust Relationships Between Communities Can Be
Permanent
Temporary (Under Admin Control)

[Permission Policies May Need To Be Exchanged Across Domains]
Local Trust Relationship Must Be Easiliy Discoverable By Local Service
Providers

9 Federated Management
Each Community Needs to Manage its Users and Services In a Satisifactory
Manner (But Not Necessarily Identitical)
Provide a Recognizable Handle for a User or a Service (passport-like, openid...)
Provide An Accessable Proﬁle for User/Service Attributes
Some attributes may be read-write
User Privacy Issue? User Consent May Be Required To Release Info

10 User Proﬁle
Standard Organizational Proﬁle
Example: http://www.axschema.org/types/

Plus:
One or More Notiﬁcation URI (SMS, XMPP...)
Roles/Permissions Granted By Organization

Some User Proﬁle Attributes May Need To Be Writeable By Outside Services
DRM/License Agreements...

11 Service Proﬁle
Name / Description...
Main URL Web Page End Point
RSA Public Key

12 Secure Transactions
Data Providers Need To Make Sure That:
Message Transaction Has Not Been Tampered With
Message Has Not Been Playedback
Message Is In The Clear
Message Comes From Valid Service Consumer
Message Comes From Valid User

User Has Proper Permission To Access Speciﬁed Security Realm
User Has Delegated Authority To Consumer (Conﬁrmation May be Necessary)
User Has Agreed To Access/License Agreement

1: User SSO
2: Secure Transactions
First Responder
Dispatch Ofﬁce
3: Delegation
NOAA NGIT

3
(FRDO)
GFS Model Weather WPS (Plume)

Problems
Orchestrating SPS WPS
Worﬂow

Consumer SOS

13
Firewall

First Responder: Andy
NASA

14 User Security Management
User Needs To Have One Place To Go To:
Manage Authorized Sites
Manage Grants
Access/Manage Proﬁle Access (Some of the Attributes Only)
Access/Manage Services

15 Max Degree Of Separation

2 Two Degrees
1 2

THANK YOU
Pat G. Cappelaere

Contact Information:

=cappelaere
http://blog.geobliki.com

Cell:410-340-4868
pat@cappelaere.com

16

Single-page Applications (SPA) are all the rage these days and with them there is an avalanche of new tools, libraries and frameworks we need to know. But what does this mean for us as Spring developers? In this session we will give you an overview of the current landscape and illustrate the choices the Spring XD team has made for its user interface. What do I use to write SPA applications? How do I integrate them into existing Spring-based backends? How do I build them? Can I integrate them into my existing Gradle or Maven build processes in order to achieve complete build automation? How do I integrate realtime messaging using Spring's SockJS/WebSocket support? In this talk we will answer these and many more questions. We will cover frameworks such as AngularJS, Bootstrap, RequireJS; tools like Bower, Grunt, Gulp; and also talk about testing using Karma and Protractor.

What's New in spring-security-core 2.0

Burt Beckwith

Teaching and Learning TDD in the Coding Dojo

Emily Bache

Managing application performance for cloud apps bmcKhazret Sapenov

DSS ITSEC 2012 ForeScout Technical RIGA

Andris Soroka

Dr관련 세미나 자료 v2종필 김

Dr관련 세미나 자료 v2333종필 김

OFC/NFOEC: Software Defined Optical Networks

ADVA

Hadoop has made it into the enterprise mainstream as Big Data technology. But, what about Hadoop as a private or public cloud service on a shared infrastructure? This session looks at a Hadoop solution with virtualization, shared storage, and multi-tenancy, and discuss how service providers can use Pivotal Hadoop Distribution, Isilon, and Serengeti to offer Hadoop-as-a-Service. Objective 1: Understand Hadoop and its deployment challenges. After this session you will be able to: Objective 2: Understand the EMC HDaaS solution architecture and the use cases it addresses. Objective 3: Understand Pivotal Hadoop Distribution, Serengeti and Isilon's Hadoop features.

A recap of the JMA webinar hosted by NEDAS on December 13, 2017)

Ilissa Miller

The NEDAS Live Seminar Series 2017: Software Defined Remote Units: An Industry Game Changer was held on December 13, 2007. The event was presented by Andrew Otete, Product Line Engineer- TEKO DAS for JMA Wireless. The program provided an overview of the various requirements for assuring indoor coverage and performance including: -The leading organizations that provide specifications for network performance and testing -How the various jurisdictions are adopting and adapting these for their own use -What are the requirements and various ways they are applied -Key challenges to putting requirements in place and enforcing them -Effective solutions to overcome these challenges, including live demonstration -Case studies of successfully assuring performance This seminar was sponsored by JMA Wireless. For more information on NEDAS programs, events and sponsorship opportunities, visit www.nedas.com

Introduction to DDS

Rick Warren

The Path to SDN - How to Ensure a Successful SDN Evolution

Juniper Networks

OMG DDS: The Data Distribution Service for Real-Time Systems

Angelo Corsaro

Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...

lisaabe

GeoCENS OGC Standards and Sensor Web Enablement presented at GeoCENS Banff Se...

Cybera Inc.

State of the Union: Open Source Network Function Virtualization

Samsung Open Source Group

OMG DDS Tutorial - Part I

Angelo Corsaro

Datasheet over privileged_users

Cristian Garcia G.

Shanghai Breakout: Mobile Devices and Wi-FiAruba, a Hewlett Packard Enterprise company

PLNOG 5: Rafał Szarecki - EXPERIENCE FROM L2TP IMPLEMENTATION FOR BITSTREAM

PROIDEA

Integration Platform For JMPS Using DDS

Supreet Oberoi

unified skeleton for real time mocap

David Nahon

An Extensible Architecture for Avionics Sensor Health Assessment Using DDS

Sumant Tambe

Avionics Sensor Health Assessment is a sub-discipline of Integrated Vehicle Health Management (IVHM), which relates to the collection of sensor data, distributing it to diagnostics/prognostics algorithms, detecting run-time anomalies, and scheduling maintenance procedures. Real-time availability of the sensor health diagnostics for aircraft (manned or unmanned) subsystems allows pilots and operators to improve operational decisions. Therefore, avionics sensor health assessments are used extensively in the mil-aero domain. As avionics platforms consist of a variety of hardware and software components, standards such as Open System Architecture for Condition-Based Maintenance (OSA-CBM) have emerged to facilitate integration and interoperability. However, OSA-CBM is a platform-independent standard that provides little guidance for avionics sensor health monitoring, which requires onboard health assessment of airborne sensors in real-time. In this paper, we present a distributed architecture for avionics sensor health assessment using the Data Distribution Service (DDS), an Object Management Group (OMG) standard for developing loosely coupled high-performance real-time distributed systems. We use the data-centric publish/subscribe model supported by DDS for data acquisition, distribution, health monitoring, and presentation of diagnostics. We developed a normalized data model for exchanging the sensor and diagnostics information in a global data space in the system. Moreover, Extensible and Dynamic Topic Types (XTypes) specification allows incremental evolution of any subset of system components without disrupting the overall health monitoring system. We believe, the DDS standard and in particular RTI Connext DDS, is a viable technology for implementing OSA-CBM for avionics systems due to its real-time characteristics and extremely low resource requirements. RTI Connext DDS is being used in other major avionics programs, such as FACE™ and UCS. We evaluated our approach to sensor health assessment in a hardware-in-the-loop simulation of an Inertial Measurement Unit (IMU) onboard a simulated General Atomics MQ-9 Reaper UAV. Our proof-of-concept effectively demonstrates real-time health monitoring of avionics sensors using a Bayesian Network –based analysis running on an extremely low-power and lightweight processing unit.

Webinar: Learn How To Deploy High-Scale, Low-Latency Cost-Efficient Solutions...

BTI Systems

redGuardian DP100 large scale DDoS mitigation solution

Redge Technologies

SolarWinds Federal Webinar: Technical Update & Demo of Newest Products & Feat...

SolarWinds

SolarWinds has released a number of new versions of our products already this year, with more to come. Watch this webinar to see the latest SolarWinds products and features of most interest to our Federal customers demonstrated by our Federal Sales Engineer team. You will learn about: -Network Performance Monitor (NPM) 10.7 -Server & Application Monitor (SAM) 6.1 -AppStack Integrations between: Server & Application Monitor 6.1, Virtualization Manager, and Storage Manager -Database Performance Analyzer (DPA) -Log & Event Manager (LEM) 5.7 and 6.0 Sneak Peek -DameWare v11.0 Sneak Peek -Engineer’s Toolset (ETS) 11.0 Sneak Peek

GeoCAPE Strategies

Pat Cappelaere

Open Geo-Social API (and Screencast)

Pat Cappelaere

Similar to Restful Security Requirements

Large-Scale System Integration with DDS for SCADA, C2, and Finance

Rick Warren

OMG DDS and its Relation to Unmanned Vehicle Interoperability

Gerardo Pardo-Castellote

Building Hadoop-as-a-Service with Pivotal Hadoop Distribution, Serengeti, & I...

EMC

A recap of the JMA webinar hosted by NEDAS on December 13, 2017)

Ilissa Miller

Introduction to DDS

Rick Warren

The Path to SDN - How to Ensure a Successful SDN Evolution

Juniper Networks

OMG DDS: The Data Distribution Service for Real-Time Systems

Angelo Corsaro

Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...

lisaabe

GeoCENS OGC Standards and Sensor Web Enablement presented at GeoCENS Banff Se...

Cybera Inc.

State of the Union: Open Source Network Function Virtualization

Samsung Open Source Group

OMG DDS Tutorial - Part I

Angelo Corsaro

Datasheet over privileged_users

Cristian Garcia G.

Shanghai Breakout: Mobile Devices and Wi-FiAruba, a Hewlett Packard Enterprise company

PLNOG 5: Rafał Szarecki - EXPERIENCE FROM L2TP IMPLEMENTATION FOR BITSTREAM

PROIDEA

Integration Platform For JMPS Using DDS

Supreet Oberoi

unified skeleton for real time mocap

David Nahon

An Extensible Architecture for Avionics Sensor Health Assessment Using DDS

Sumant Tambe

Webinar: Learn How To Deploy High-Scale, Low-Latency Cost-Efficient Solutions...

BTI Systems

redGuardian DP100 large scale DDoS mitigation solution

Redge Technologies

SolarWinds Federal Webinar: Technical Update & Demo of Newest Products & Feat...

SolarWinds

Similar to Restful Security Requirements (20)

Large-Scale System Integration with DDS for SCADA, C2, and Finance

OMG DDS and its Relation to Unmanned Vehicle Interoperability

Building Hadoop-as-a-Service with Pivotal Hadoop Distribution, Serengeti, & I...

A recap of the JMA webinar hosted by NEDAS on December 13, 2017)

Introduction to DDS

The Path to SDN - How to Ensure a Successful SDN Evolution

OMG DDS: The Data Distribution Service for Real-Time Systems

Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...

GeoCENS OGC Standards and Sensor Web Enablement presented at GeoCENS Banff Se...

State of the Union: Open Source Network Function Virtualization

OMG DDS Tutorial - Part I

Datasheet over privileged_users

Shanghai Breakout: Mobile Devices and Wi-Fi

PLNOG 5: Rafał Szarecki - EXPERIENCE FROM L2TP IMPLEMENTATION FOR BITSTREAM

Integration Platform For JMPS Using DDS

unified skeleton for real time mocap

An Extensible Architecture for Avionics Sensor Health Assessment Using DDS

Webinar: Learn How To Deploy High-Scale, Low-Latency Cost-Efficient Solutions...

redGuardian DP100 large scale DDoS mitigation solution

SolarWinds Federal Webinar: Technical Update & Demo of Newest Products & Feat...

Recently uploaded

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

UiPath Test Automation using UiPath Test Suite series, part 5

DianaGray10

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

Neo4j

Leonard Jayamohan, Partner & Generative AI Lead, Deloitte This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...

Neo4j

Dr. Sean Tan, Head of Data Science, Changi Airport Group Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process. In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds. - These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.

GridMate - End to end testing is a critical piece to ensure quality and avoid...

ThomasParaiso2

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

The Future of Platform Engineering

Jemma Hussein Allen

Video Streaming: Then, Now, and in the Future

Alpen-Adria-Universität

In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

Microsoft - Power Platform_G.Aspiotis.pdf

Uni Systems S.M.S.A.

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

SOFTTECHHUB

The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing. One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

Communications Mining Series - Zero to Hero - Session 1

DianaGray10

This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered: • Communication Mining Overview • Why is it important? • How can it help today’s business and the benefits • Phases in Communication Mining • Demo on Platform overview • Q/A

Recently uploaded (20)

National Security Agency - NSA mobile device best practices

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Elevating Tactical DDD Patterns Through Object Calisthenics

Securing your Kubernetes cluster_ a step-by-step guide to success !

UiPath Test Automation using UiPath Test Suite series, part 5

Introduction to CHERI technology - Cybersecurity

Epistemic Interaction - tuning interfaces to provide information for AI support

GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...

Removing Uninteresting Bytes in Software Fuzzing

GridMate - End to end testing is a critical piece to ensure quality and avoid...

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

The Future of Platform Engineering

Video Streaming: Then, Now, and in the Future

PCI PIN Basics Webinar from the Controlcase Team

Microsoft - Power Platform_G.Aspiotis.pdf

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

Monitoring Java Application Security with JDK Tools and JFR Events

Communications Mining Series - Zero to Hero - Session 1

Restful Security Requirements

1. Web Services Security 1 SensorWeb Requirements Pat Cappelaere NASA EO-1 Team

2. 2 Deﬁnitions Web Service: From Wikipedia, the free encyclopedia It is deﬁned by the W3C as quot;a software system designed to support interoperable machine-to-machine interaction over a network It communicates over the HTTP protocol used on the Web. Such services tend to fall into one of two camps: SOAP/WSDL and RESTful Web Services. Both need to be supported [But our preference is to RESTful WEb Services to reduce cost of implementations/operations]

3. Major Requirement The RESTFul Way 3

4. 4 Scope Web Services Need To Be Accessible From An Open Network BUT Are Not (necessarily) On The NASA Network They Are Used To Access Data And/or Assets In A Bi-directional Manner They May Need To Communicate With Many Communities On A Permanent Or Temporary Basis (Disaster Management) Some Data To Be Exchanged May Be: Mostly Public Some Data May Be For Restricted Dissemination For Some Time Period (60days) TBD License Agreements

5. Outside Of Scope Direct Access To NASA Satellite Assets Or Sensitive Data

6. 6 User Scope: Web 2.0 Web Security Protocol Needs To Be Easy To Implement (Many Users Will Have Low-IT Capabilities) Target: Web 2.0 Mass Market Accessible Implementable in Less Than Half a Day By Neo-Geographer Leverage Existing Web 2.0 Standards As Possible To Lower Cost And Speed Up Acceptance

7. SERVIR/CATHALAC Red Cross NGIT USGS IKHANA MODIS NASA DOD SPOT GMU SensorWeb Collaboration JPL Challenge AFRICOM GEOSS RCMRD 7 Hubs NOAA Users CA Fireﬁghters Services Sensors

8. 8 Federated Approach Trust Relationships Between Communities Can Be Permanent Temporary (Under Admin Control) [Permission Policies May Need To Be Exchanged Across Domains] Local Trust Relationship Must Be Easiliy Discoverable By Local Service Providers

9. 9 Federated Management Each Community Needs to Manage its Users and Services In a Satisifactory Manner (But Not Necessarily Identitical) Provide a Recognizable Handle for a User or a Service (passport-like, openid...) Provide An Accessable Proﬁle for User/Service Attributes Some attributes may be read-write User Privacy Issue? User Consent May Be Required To Release Info

10. 10 User Profile Standard Organizational Profile Example: http://www.axschema.org/types/ Plus: One or More Notification URI (SMS, XMPP...) Roles/Permissions Granted By Organization Some User Profile Attributes May Need To Be Writeable By Outside Services DRM/License Agreements...

11. 11 Service Proﬁle Name / Description... Main URL Web Page End Point RSA Public Key

12. 12 Secure Transactions Data Providers Need To Make Sure That: Message Transaction Has Not Been Tampered With Message Has Not Been Playedback Message Is In The Clear Message Comes From Valid Service Consumer Message Comes From Valid User User Has Proper Permission To Access Speciﬁed Security Realm User Has Delegated Authority To Consumer (Conﬁrmation May be Necessary) User Has Agreed To Access/License Agreement

13. 1: User SSO 2: Secure Transactions First Responder Dispatch Ofﬁce 3: Delegation NOAA NGIT 3 (FRDO) GFS Model Weather WPS (Plume) Problems Orchestrating SPS WPS Worﬂow Consumer SOS 13 Firewall First Responder: Andy NASA

14. 14 User Security Management User Needs To Have One Place To Go To: Manage Authorized Sites Manage Grants Access/Manage Proﬁle Access (Some of the Attributes Only) Access/Manage Services

15. 15 Max Degree Of Separation 2 Two Degrees 1 2

16. THANK YOU Pat G. Cappelaere Contact Information: =cappelaere http://blog.geobliki.com Cell:410-340-4868 pat@cappelaere.com 16

Restful Security Requirements

Recommended

Recommended

More Related Content

Similar to Restful Security Requirements

Similar to Restful Security Requirements (20)

More from Pat Cappelaere

More from Pat Cappelaere (20)

Recently uploaded

Recently uploaded (20)

Restful Security Requirements