Governance and SecuritySolution PatternsGillian Dass and Dakshitha Ratnayake
About WSO2•  Providing the only complete open source componentized cloud platform•  Dedicated to removing all the stumblin...
150+ globally positioned support customers
•  Introduction to Patterns•  Why Service Oriented Architecture?•  What is Governance?•  Governance Business Problems and ...
•  Expose legacy system components as services•  Loose Coupling•  Interoperability•  Flexibility•  Business Process Compos...
A generic solution for a common recurring problem•  Used it before•  Error proof•  Catalog to pick oneImage Source: http:/...
Managing the three Ps of Governance•  People roles & responsibilities•  Process design, execution and monitoring•  Policy ...
An organization has metadata related to different data types. Theyneed to capture relationships such as associations andde...
•  Model custom data types in a data repository•  Artifact governancePattern
Implementation
Implementation
An artifact is deployed across different environments: Dev, QA, Prod.This artifact references some external resources, whe...
/_...Implementation
- Manage service quality- Manage business transactions- Monitor and analyze transaction data- Create dashboard and reports...
An online travel reservation application allows users tocreate/edit and cancel bookings.- If >5 cancellations within 24 ho...
- Real time events monitoring and notifications- Data analysis and presentationSolution Pattern
Implementation
PatternsSecurity PatternsImage Source - http://www.coresecuritypatterns.com/blogs/?tag=ws-security
•  Business assets exposed to the outside as services tobe discovered•  Should facilitate interoperability and flexibility...
After identifying the need for security in SOA, determinethe security requirements.Security Requirements can fall under ma...
Image Source - http://www.mikeeckman.com/2013/02/how-much-do-you-think-about-privacy-on-the-internet/Identification and Au...
•  Services need to identify and verify the claimed identity of internalusers of the organization.•  Services need to iden...
Requirement - Identify and verify the claimed identity ofinternal users of the organization.Authentication Pattern:Direct ...
Implementation: Direct Authentication Pattern
Configuring a Secured Proxy in ESB
Configuring a Secured Proxy in ESB
Requirement - Identify and verify the claimed identity ofexternal users – from external organizations.Authentication Patte...
Implementation: Brokered Authentication Pattern
Requirement - Facilitate communication between clients andservices which talk in different authentication mechanisms.Resou...
Implementation: Protocol Transition Pattern
Requirement - Avoid user credentials to be passed to backendservice and avoid user bypassing security processing.Resource ...
Image Source - http://www.toolsjournal.com/integrations-articles/item/274-direct-and-brokered-authenticationUser Credentia...
Implementation: Trusted Sub System Pattern
Image Source - http://onlinebusiness.volusion.com/articles/volusion-authorizenet-partnership/Authorization
•  Control access based on privileges of the users•  Control access based on user’s claims, in a fine grainedmanner•  Dele...
Requirement - Control access based on privileges of the users.e.g. Users in role ‘Teacher’ can update students’ reports wh...
Configuring Role Based Access Control Pattern
Requirement - Control access based on user’s claims, in a finegrained manner.e.g. Reports of Art students could only be ac...
Implementation: Claim Based Authorization Pattern
Requirement - Delegated access.e.g. An application in a teacher’s mobile device needs to retrievethe time table for the da...
Implementation: Constrained Delegation Pattern
Questions?
Engage with WSO2•  Helping you get the most out of your deployments•  From project evaluation and inception to development...
Upcoming SlideShare
Loading in …5
×

Governance and Security Solution Patterns

904 views

Published on

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
904
On SlideShare
0
From Embeds
0
Number of Embeds
220
Actions
Shares
0
Downloads
51
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Governance and Security Solution Patterns

  1. 1. Governance and SecuritySolution PatternsGillian Dass and Dakshitha Ratnayake
  2. 2. About WSO2•  Providing the only complete open source componentized cloud platform•  Dedicated to removing all the stumbling blocks to enterprise agility•  Enabling you to focus on business logic and business value•  Recognized by leading analyst firms as visionaries and leaders•  Gartner cites WSO2 as visionaries in all 3 categories of applicationinfrastructure•  Forrester places WSO2 in top 2 for API Management•  Global corporation with offices in USA, UK & Sri Lanka•  200+ employees and growing•  Business model of selling comprehensive support & maintenance for our products
  3. 3. 150+ globally positioned support customers
  4. 4. •  Introduction to Patterns•  Why Service Oriented Architecture?•  What is Governance?•  Governance Business Problems and Patterns•  Need for Security in SOA•  Security Requirements and Solution PatternsAgenda
  5. 5. •  Expose legacy system components as services•  Loose Coupling•  Interoperability•  Flexibility•  Business Process CompositionWhy SOA?
  6. 6. A generic solution for a common recurring problem•  Used it before•  Error proof•  Catalog to pick oneImage Source: http://www.forbes.com/fdc/welcome_mjx.shtmlA Pattern
  7. 7. Managing the three Ps of Governance•  People roles & responsibilities•  Process design, execution and monitoring•  Policy definition and enforcementsImage Source: http://www.governanceinnovation.org/?pageID=whatisWhat is Governance?
  8. 8. An organization has metadata related to different data types. Theyneed to capture relationships such as associations anddependencies.Business Scenario
  9. 9. •  Model custom data types in a data repository•  Artifact governancePattern
  10. 10. Implementation
  11. 11. Implementation
  12. 12. An artifact is deployed across different environments: Dev, QA, Prod.This artifact references some external resources, where the resourceneed to change for each environment.Business Scenario
  13. 13. /_...Implementation
  14. 14. - Manage service quality- Manage business transactions- Monitor and analyze transaction data- Create dashboard and reportsWhy Runtime Governance
  15. 15. An online travel reservation application allows users tocreate/edit and cancel bookings.- If >5 cancellations within 24 hours from a single user senda notification to administrators- Create dashboards and reports for MI purposesBusiness Scenario
  16. 16. - Real time events monitoring and notifications- Data analysis and presentationSolution Pattern
  17. 17. Implementation
  18. 18. PatternsSecurity PatternsImage Source - http://www.coresecuritypatterns.com/blogs/?tag=ws-security
  19. 19. •  Business assets exposed to the outside as services tobe discovered•  Should facilitate interoperability and flexibilityWhy Security in SOA?
  20. 20. After identifying the need for security in SOA, determinethe security requirements.Security Requirements can fall under many categories.A few examples:•  Identification and Authentication•  AuthorizationSecurity Requirements
  21. 21. Image Source - http://www.mikeeckman.com/2013/02/how-much-do-you-think-about-privacy-on-the-internet/Identification and Authentication
  22. 22. •  Services need to identify and verify the claimed identity of internalusers of the organization.•  Services need to identify and verify the claimed identity of externalusers from external organizations.•  Facilitate communication between clients and services which talk indifferent authentication mechanisms.•  Avoid user credentials to be passed to backend services and avoiduser bypassing security processing.Identification and Authentication Requirements
  23. 23. Requirement - Identify and verify the claimed identity ofinternal users of the organization.Authentication Pattern:Direct Authentication•  Authenticating users with credentials stored internally.•  Credentials can be :§  Username/password§  Username token§  X.509 certificatesIdentification and Authentication Requirements
  24. 24. Implementation: Direct Authentication Pattern
  25. 25. Configuring a Secured Proxy in ESB
  26. 26. Configuring a Secured Proxy in ESB
  27. 27. Requirement - Identify and verify the claimed identity ofexternal users – from external organizations.Authentication Pattern:Brokered Authentication•  Authenticating users outside the organization boundary.•  Trusting a token issued by a trusted party in partner organization.•  Brokered authentication based on WS-Trust with SAML.Identification and Authentication Requirements
  28. 28. Implementation: Brokered Authentication Pattern
  29. 29. Requirement - Facilitate communication between clients andservices which talk in different authentication mechanisms.Resource Access Pattern:Protocol Transition•  ESB authenticates clients with the authenticationmechanism that they understand – e.g. Username Token•  Transform credentials to the form that service understandse.g. Basic AuthIdentification and Authentication Requirements
  30. 30. Implementation: Protocol Transition Pattern
  31. 31. Requirement - Avoid user credentials to be passed to backendservice and avoid user bypassing security processing.Resource Access Pattern:Trusted Sub System•  User authenticates to ESB with his/her credentials.•  Backend service trusts ESB.•  ESB accesses backend service on behalf of authenticateduser.Identification and Authentication Requirements
  32. 32. Image Source - http://www.toolsjournal.com/integrations-articles/item/274-direct-and-brokered-authenticationUser Credentials Submitted to Service + Bypassing SecurityProcessing
  33. 33. Implementation: Trusted Sub System Pattern
  34. 34. Image Source - http://onlinebusiness.volusion.com/articles/volusion-authorizenet-partnership/Authorization
  35. 35. •  Control access based on privileges of the users•  Control access based on user’s claims, in a fine grainedmanner•  Delegated accessAuthorization Requirements
  36. 36. Requirement - Control access based on privileges of the users.e.g. Users in role ‘Teacher’ can update students’ reports while users inrole ‘Temporary Teacher’ can only view reports.Authorization pattern:Role Based Access ControlAssign users to roles.Grant privileges to roles.This is a coarse grained authorization model.Authorization
  37. 37. Configuring Role Based Access Control Pattern
  38. 38. Requirement - Control access based on user’s claims, in a finegrained manner.e.g. Reports of Art students could only be accessed by Teacherswith job title “Art Teacher”.Authorization pattern:Claim Based Authorization•  Provides fine grained authorization•  Policy based access control with XACML – providesflexibilityAuthorization
  39. 39. Implementation: Claim Based Authorization Pattern
  40. 40. Requirement - Delegated access.e.g. An application in a teacher’s mobile device needs to retrievethe time table for the day from his account in the school’sinformation system.Authorization pattern:Constrained Delegation•  Using OAuthAuthorization
  41. 41. Implementation: Constrained Delegation Pattern
  42. 42. Questions?
  43. 43. Engage with WSO2•  Helping you get the most out of your deployments•  From project evaluation and inception to developmentand going into production, WSO2 is your partner inensuring 100% project success

×