Transcript Navigating the Information Sharing Landscape

Navigating the Standards Landscape
Andrew Owen
SEARCH
Goals
Discuss Information Sharing Standards
Describe the problems these standards
solve
Introduce proven approaches for
implementing these standards
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
1
Many ways to share
information and capabilities
VS.
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
2
Poorly or un-Planned Information
Sharing
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
3
Nicely Planned Information
Sharing
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
4
Careful Architecture is Key
Transport?
Security?
Reliable Delivery?
Data Format?
Access Control?
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
5
Global Reference Architecture
(GRA)
• Reference architecture for doing Service
Oriented Architecture (SOA)
• Based on the OASIS SOA Reference Model
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
6
GRA/SOA
…careful preparation for the future by
standardizing important decisions
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
7
SOA
…about efficiently sharing capabilities
and infrastructure
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
8
GRA/SOA Principles
Standard Service Contracts
Loose Coupling
Abstraction
Reuse
Autonomy
Statelessness
Composability
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
9
GRA makes SOA Easy
Establishes consistent
terminology
Establishes guidelines and
requirements for:
 service identification
 service description
 service interaction
Provides technology specific
conformance targets, called
Service Interaction Profiles
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
10
Web Services Service
Interaction Profile
Describes how to meet
GRA requirements with
Web Services:
 SOAP
 WSDL
 WS-Addressing
 WS-Reliable Messaging
 WS-Trust
 NIEM
 GFIPM/SAML
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
11
GRA Service Specification
Package
Service-level interoperability
Specific rules for packaging
Self-contained
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
12
National Information Exchange
Model (NIEM)
Standard vocabulary for information
exchanges
System-independent
Multi-domain (justice, public safety,
emergency management, family services,
intelligence etc.)
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
13
Information Exchange Package
Documentation (IEPD)
• Defines one or more
specific information
exchanges
• Message interoperability
• Normative and nonnormative
documentation
• Methodology for
developing IEPD
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
14
GRA and NIEM
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
15
Add a User to the mix
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
16
Global Federated Identity and
Privilege Management (GFIPM)
Makes user identity
management easier to do
 Enables single sign-on
 Eliminates the need for multiple
logins for a single user
 Keeps identity management
and user authentication local
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
17
GFIPM
Provides a standard vocabulary of
identity access attributes
Enables informed access and
authorization decisions
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
18
Service Provider
Protects a web resource
Requests user information from identity
provider
Enforces access control policies
Logs user activity
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
19
Identity Provider
Snaps on to existing user credential store
Authenticates users
Issues users assertions to service
providers
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
20
GFIPM
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
21
GFIPM and SAML
Based on the OASIS standard called
Security Assertion Markup Language
(SAML) version 2.0
 Request User Authentication (SP to IdP)
 User Authentication Statement (IdP to SP)
 User Assertion (IdP to SP)
 SP and IdP Metadata
Industry standard – you probably use
this everyday
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
22
GFIPM and Web Services
Control access when a user is behind a
web service request
SAML token is passed to the web service
GFIPM provides specific profiles for this
Still requires existence of IdP and SP
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
23
Trust
Shared IdP and SP metadata
Federation Management Function
Cryptography
IT Policy
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
24
Refresher
GRA: big picture of service design and
orientation
NIEM: message vocabulary consistency
GFIPM: user access control and identity
management
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
25
Implementation Options
Apache CXF
Apache Camel
Shibboleth IdP
Shibboleth SP
Microsoft ADFS 2.0
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
26
Next session…
SEARCH, The National Consortium for Justice Information and Statistics | www.search.org
27