restful security requirements
DESCRIPTION
Security Requirements for RESTful Web ServicesTRANSCRIPT
![Page 1: Restful Security Requirements](https://reader034.vdocument.in/reader034/viewer/2022052505/5564ca72d8b42a565b8b5023/html5/thumbnails/1.jpg)
Web Services SecuritySensorWeb Requirements
Pat Cappelaere
NASA EO-1 Team
1
![Page 2: Restful Security Requirements](https://reader034.vdocument.in/reader034/viewer/2022052505/5564ca72d8b42a565b8b5023/html5/thumbnails/2.jpg)
Definitions
Web Service:
From Wikipedia, the free encyclopedia
It is defined by the W3C as "a software system designed to support interoperable machine-to-machine interaction over a network
It communicates over the HTTP protocol used on the Web. Such services tend to fall into one of two camps: SOAP/WSDL and RESTful Web Services.
Both need to be supported [But our preference is to RESTful WEb Services to reduce cost of implementations/operations]
2
![Page 3: Restful Security Requirements](https://reader034.vdocument.in/reader034/viewer/2022052505/5564ca72d8b42a565b8b5023/html5/thumbnails/3.jpg)
Major RequirementThe RESTFul Way 安らぎの道
3
![Page 4: Restful Security Requirements](https://reader034.vdocument.in/reader034/viewer/2022052505/5564ca72d8b42a565b8b5023/html5/thumbnails/4.jpg)
Scope
Web Services Need To Be Accessible From An Open Network BUT Are Not (necessarily) On The NASA Network
They Are Used To Access Data And/or Assets In A Bi-directional Manner
They May Need To Communicate With Many Communities On A Permanent Or Temporary Basis (Disaster Management)
Some Data To Be Exchanged May Be:
Mostly Public
Some Data May Be For Restricted Dissemination For Some Time Period (60days)
TBD License Agreements
4
![Page 5: Restful Security Requirements](https://reader034.vdocument.in/reader034/viewer/2022052505/5564ca72d8b42a565b8b5023/html5/thumbnails/5.jpg)
Outside Of Scope
Direct Access To NASA Satellite Assets Or Sensitive Data
![Page 6: Restful Security Requirements](https://reader034.vdocument.in/reader034/viewer/2022052505/5564ca72d8b42a565b8b5023/html5/thumbnails/6.jpg)
User Scope: Web 2.0
Web Security Protocol Needs To Be Easy To Implement (Many Users Will Have Low-IT Capabilities)
Target: Web 2.0 Mass Market Accessible
Implementable in Less Than Half a Day By Neo-Geographer
Leverage Existing Web 2.0 Standards As Possible To Lower Cost And Speed Up Acceptance
6
![Page 7: Restful Security Requirements](https://reader034.vdocument.in/reader034/viewer/2022052505/5564ca72d8b42a565b8b5023/html5/thumbnails/7.jpg)
NASADOD
Red CrossSERVIR/CATHALAC
IKHANA
CA Firefighters
SPOT
RCMRD
AFRICOM
NGIT
GMU
JPL
GEOSS
NOAA
USGSMODIS
Users
Services
Sensors
Hubs
SensorWebCollaboration
Challenge
7
![Page 8: Restful Security Requirements](https://reader034.vdocument.in/reader034/viewer/2022052505/5564ca72d8b42a565b8b5023/html5/thumbnails/8.jpg)
Federated Approach
Trust Relationships Between Communities Can Be
Permanent
Temporary (Under Admin Control)
[Permission Policies May Need To Be Exchanged Across Domains]
Local Trust Relationship Must Be Easiliy Discoverable By Local Service Providers
8
![Page 9: Restful Security Requirements](https://reader034.vdocument.in/reader034/viewer/2022052505/5564ca72d8b42a565b8b5023/html5/thumbnails/9.jpg)
Federated Management
Each Community Needs to Manage its Users and Services In a Satisifactory Manner (But Not Necessarily Identitical)
Provide a Recognizable Handle for a User or a Service (passport-like, openid...)
Provide An Accessable Profile for User/Service Attributes
Some attributes may be read-write
User Privacy Issue? User Consent May Be Required To Release Info
9
![Page 10: Restful Security Requirements](https://reader034.vdocument.in/reader034/viewer/2022052505/5564ca72d8b42a565b8b5023/html5/thumbnails/10.jpg)
User Profile
Standard Organizational Profile
Example: http://www.axschema.org/types/
Plus:
One or More Notification URI (SMS, XMPP...)
Roles/Permissions Granted By Organization
Some User Profile Attributes May Need To Be Writeable By Outside Services
DRM/License Agreements...
10
![Page 11: Restful Security Requirements](https://reader034.vdocument.in/reader034/viewer/2022052505/5564ca72d8b42a565b8b5023/html5/thumbnails/11.jpg)
Service Profile
Name / Description...
Main URL Web Page End Point
RSA Public Key
11
![Page 12: Restful Security Requirements](https://reader034.vdocument.in/reader034/viewer/2022052505/5564ca72d8b42a565b8b5023/html5/thumbnails/12.jpg)
Secure Transactions
Data Providers Need To Make Sure That:
Message Transaction Has Not Been Tampered With
Message Has Not Been Playedback
Message Is In The Clear
Message Comes From Valid Service Consumer
Message Comes From Valid User
User Has Proper Permission To Access Specified Security Realm
User Has Delegated Authority To Consumer (Confirmation May be Necessary)
User Has Agreed To Access/License Agreement
12
![Page 13: Restful Security Requirements](https://reader034.vdocument.in/reader034/viewer/2022052505/5564ca72d8b42a565b8b5023/html5/thumbnails/13.jpg)
Problems
NASA
SPS
SOS
WPS
First Responder Dispatch Office
(FRDO)
First Responder: Andy
Consumer
NOAA
GFS Model WeatherNGIT
WPS (Plume)
31: User SSO2: Secure Transactions3: Delegation
13Firewall
Orchestrating Worflow
![Page 14: Restful Security Requirements](https://reader034.vdocument.in/reader034/viewer/2022052505/5564ca72d8b42a565b8b5023/html5/thumbnails/14.jpg)
User Security Management
User Needs To Have One Place To Go To:
Manage Authorized Sites
Manage Grants
Access/Manage Profile Access (Some of the Attributes Only)
Access/Manage Services
14
![Page 15: Restful Security Requirements](https://reader034.vdocument.in/reader034/viewer/2022052505/5564ca72d8b42a565b8b5023/html5/thumbnails/15.jpg)
Max Degree Of Separation
2 1 2
Two Degrees
15
![Page 16: Restful Security Requirements](https://reader034.vdocument.in/reader034/viewer/2022052505/5564ca72d8b42a565b8b5023/html5/thumbnails/16.jpg)
THANK YOUPat G. Cappelaere
Contact Information:
=cappelaerehttp://blog.geobliki.com
Cell:[email protected]
16