Liberty Alliance Project: Impact on Web Services Application Architectures

Similar documents
Liberty Alliance Welcome

SERVICE ORIENTED ARCHITECTURE (SOA)

Rearden Commerce. Federation Enabling SaaS Case Study

Universal Description, Discovery and Integration (UDDI) 1.0

Utilizing Oracle Standard Functionality and other Oracle tools to comply with Sarbanes- Oxley By Olga Johnson City of Detroit

Service Oriented Architecture

ΜΑΘΗΜΑ: : ΤΕΧΝΟΛΟΓΙΕΣ & ΕΦΑΡΜΟΓΕΣ

Service Oriented Architecture

Driving XML Standards Convergence and Interoperability

CIS 8090 Intro. Setting the stage for the semester Arun Aryal & Tianjie Deng

CHAPTER 3 ENTERPRISE SYSTEMS ARCHITECTURE

ADVANCED TRAVEL ONLINE BOOKING ENGINE

Interoperable Electronic Business Messages. Steve Holbrook WS-I Board of Directors, Secretary

14. E-Commerce Applications and Infrastructures

ebxml Registry 3.0: An Overview

Technology and Electronic Commerce The Possibilities and the Challenges. Areas of Importance to Keep in Mind

SOA Concepts. Service Oriented Architecture Johns-Hopkins University

In Pursuit of Agility -

IBM Sterling B2B Integrator

CHAPTER 9 Electronic Commerce Software

e-prior Facilitating interoperable electronic procurement across Europe Technical Overview

CHAPTER I: WEB SERVICES BASICS

JOURNAL OF OBJECT TECHNOLOGY

Accelerate OSS/BSS Agility Using XML and Web Services

BIAN with BPS Design Methodology

Patrick F. Carey Bernard W. Gleason. May 2005

About Contract Management

TABLE OF CONTENTS DOCUMENT HISTORY

Zero Touch Partnering (ZTP) Guide and ZTP API Component Suite

A Service-Oriented Architecture for Design and Development of Middleware

Enterprise Services Repository

WHITE PAPER GOOGLE AND SALESFORCE

PERFORMANCE ANALYSIS TO SUPPORT B2C SYSTEM IN AIRLINE INDONESIA BASED ON SOA USING ENTERPRISE SERVICE BUS

Integration Through A Service Oriented Architecture

Introduction to the. OpenTravel Alliance OpenTravel Alliance

Transition to SOA. Oracle SOA Suite. Martin Jäkle Solution Architect TSBU Fusion Middleware Oracle Deutschland

TCMOAUG Implementing Oracle Apps December 6, 2005

An Introduction to Oracle Identity Management. An Oracle White Paper June 2008

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

Cloud OS Customer-Ready Services

Dynamic and Mobile Federated Business Process Execution. A WebV2 Whitepaper

Understanding Your Enterprise API Requirements

IN the inaugural issue of the IEEE Transactions on Services Computing (TSC), I used SOA, service-oriented consulting

Decision Resource Management and Scheduling on the Grid

Online Travel Technology Solutions. Software As A Service Model. Offline Travel Agencies. Online Travel Agencies

Payment Exchange. An introduction. 26-May-15. In Commercial Confidence

Deploying A Citizen Service Platform. A roadmap for local government

CUSTOMER ENGAGEMENT STARTS WITH SINGLE SIGN-ON

MANAGE THE LIFECYCLE OF EVERY DIGITAL USER

How APIs Fast-Track IoT Opportunities Across Industries

Neustar Partner Programs At-A-Glance

Improving the Security Levels of E-government Processes within Public Administration through the Establishment of Improved Security Systems

Oracle s Integration Strategy

An Introduction to Integration. tion and Interoperability

Cloud Computing Lectures SOA

Interorganizational and Global Information Systems

CREATE AN API PROGRAM TO DRIVE DIGITAL TRANSFORMATION

When the hard-to-reach become your preferred customers. Finc / the offering which addresses financial inclusion challenges

Oracle s Service-Oriented Architecture Strategy

FINACLE SERVICES: API MANAGEMENT USING CA API GATEWAY

Architecting Web Service Applications for the Enterprise

SMS BASED MONEY TRANSACTION USING SOA

SAVVION PROGRESS BPM SERVER PROGRESS SAVVION BPM SERVER OVERVIEW

Building a Foundation for Effective Service Delivery and Process Automation

Unified Communications Are We There Yet?

Building an e-business Ecosystem. TIBCO Software Korea

Secure Data Services and API Management: Critical for Success in the Digital Economy

1. GENERAL. 1.2 Standard Service Features

JD Edwards EnterpriseOne Mobile Solution Strategy

Uptime Maintenance and Support Services - Appendix. Dimension Data Australia Pty Limited. Uptime Support Services Agreement

The Next Generation Enterprise

SEVEN FEATURED PEGA CASE STUDIES. Different needs, different industries, tailored solutions leveraging Pega solutions

Sprint s M2M and Service Enablement Platform

Optimizing Active Directory to Better Suit a Hybrid Environment. Gary Savarino Solution Consultant Active Directory Subject Matter Expert

Scott Lowden SAP America Technical Solution Architect

Sentinel Software Monetization New Business Opportunities

Market Trends in 2003

WebSphere Business Integration Collaborations Reference guide. Integrate business processes across your company and beyond.

WARRANTYIST MOBILE & WEB APPLICATION

Viewpoint Adopt a service orientation

HP World 2001 How to build Mission-Critical Mobile ecommerce Solutions. John Mennel Vice President Products Platform Business Unit 724 Solutions

Mobile & Online Banking

Information Architecture: Leveraging Information in an SOA Environment. David McCarty IBM Software IT Architect. IBM SOA Architect Summit

BANKWORLD INTERNET Today s solution for tomorrow s self-sevice bank BANKWORLD BANK ON THE FUTURE WITH TODAY S TECHNOLOGY CR2.COM

Governance, Policies / Principles Specific Topic: ESB versus Broker

caxita Caxita Tech Solutions Pvt. Ltd. CAXITA HOTEL B2B CAXITRA CAXITA VISA EXCELLENCE CRUISE FLEXIBLE MANAGEMENT

Building Online Portals for Your Customers & Partners with Okta. An Architectural Overview OKTA WHITE PAPER

IBM Marketing Cloud introduces IBM Real Time Personalization to enable marketers to deliver optimized content, tailored to each individual

The Xenos d2e Platform: Document and Data Transformation Middleware for Electronic Bill Presentment and Payment (EBPP)

TOP 20 QUESTIONS TO ASK BEFORE SELECTING AN ENTERPRISE IAM VENDOR

Cloud: An Engine for Innovation and Productivity

Portal Design: Methodology & Technology

NEW DISTRIBUTION CAPABILITY

TREASURY. INTEGRITY SaaS

On demand operating environment solutions To support your IT objectives Transforming your business to on demand.

Hospital Management System

1. INTRODUCTION BACKGROUND ENTERPRISE SOA BENEFITS AND TECHNOLOGIES AN ENTERPRISE SOA FRAMEWORK...6

Product. Corillian Business Online Business Banking Solutions on the Industry s Leading Online Banking Platform

RAPID DELIVERY METHODS FOR ENTERPRISE ARCHITECTURE 3-DAY WORKSHOP WITH INTERACTIVE TEAM SESSIONS TO FAST-TRACK TO ENTERPRISE ARCHITECTURE MATURITY

Service-oriented architecture (SOA)

Transcription:

Liberty Alliance Project: Impact on Web Services Application Architectures Jason Rouault/Hewlett-Packard Chairman, Liberty Alliance Technology Expert Group

Today s Agenda Business Problem faced by Architects today What approaches are being used? How does Liberty Alliance address the problem? Use case: Federated Identity and Web Services in action Benefits

Web Services, Security, & Identity Trusted 3 rd Party Identity Web services represent a whole new model for integrating applications, which means organizations will have to think in an entirely new way about security in Web services App 1 App 3 App 2 User Identity Invoker Identity Domain 1 Domain 2 Intermediary Identity SOAP XML WSDL UDDI WAP HTTP SSL/TLS XML Enc XML-DSIG WSS SAML

Web Services, Security, & Identity Today if companies want to offer innovative new Web services, they face several stumbling blocks: Lack of interoperability between identity management technology products Lack of technology standards and best practices regarding how companies should manage your identity, a critical component of many Web-based services Lack of a federated model for identity management that enables companies to put control of identity information into the hands of consumers and other end-users and reduce the security risks of a centralized model Lack of established industry best practices regarding how to best respect customer privacy and comply with a wide variety of privacy regulations The Liberty Alliance removes these barriers through an innovative set of frameworks that allow for secure and interoperable identity-based Web services

How many passwords and email addresses do you have? The Problem Multiple, disconnected identities scattered across isolated Internet sites Looks like this User Name: Jason Rouault Email: jrouault48@freemail PIN: wcs@foobar Credit card number Social security number Drivers license Passport Entertainment preferences Notification preferences Employee authorization Business calendar Dining preferences Education history Medical history Financial assets 1

There is a cost of maintaining all those identities Multiple, disconnected identities scattered across isolated Internet sites User acceptance Inconvenient and frustrating for users Unique to each business Distributed identityservices are difficult to develop and deploy High Maintenance Continual re-authentication to disparate systems This applies to any Enterprise managing Employees 1

The Liberty Project Approach Federated Identity Centralized Model Open Federated Model Network Centralized Single Links identity and user information in single repository control point of failure similar systems Network No No Links identity and user information in various locations centralized control single point of failure similar and disparate systems Central Provider Provider Provider Provider Provider Provider Provider

Separate Cards with Each Bank Linked Cards within Bank Networks A Lesson in Value - ATM Networks Seamless Access Across all Networks Bank A ATM Card Bank B ATM Card Bank ATM Network A Bank ATM Network B Bank A ATM Card Bank B ATM Card Bank ATM Network A Bank ATM Network B Bank C ATM Card Bank ATM Network C Bank C ATM Card Bank ATM Network C Individual Accounts with Many Web Sites Federated Accounts within Trust Domain Linkage of Trust Domains

There are a number of approaches in use today B2C Travel Industry Car Rental Hotel B2E Employee Intranet 401k 3d Party Providers Airline Partner Airlines Company Intranet Employee Purchase Plans Cruise Line Livery Health Insurance Dental Insurance B2B Financial Services B2B - Automotive Treasury Debt Suppliers Dealers Commercial Banking Equity Manufacturers Transport Agencies Clearing House Credit Fleet Financing There is Business Value in Network Identity

Federated Opt-in Security Permissions-based Schema/protocols Simplified Delegation Liberty Solution - A Phased Approach Support rapid acceptance and deployment Phases build on each other Enable incremental adoption Phase 1 (Released 15 July 2002) network identity account linking and simplified sign-on within an authentication domain created by business agreements built across all the features and specifications Phase 2 (Drafts Released 15 April 2003) attribute sharing for core identity profile service sign-on across authentication domains created in version 1.0 by business agreements of authority to federate identities/accounts Liberty is delivering on schedule www.projectliberty.org

Liberty Solution - Modular Architecture The Liberty architecture is composed of modules that can be implemented independent of each other and is based on a foundation of open industry standards foundation of open Liberty Identity Federation Framework (ID-FF) Enables identity federation and management through features such as identity/account linkage, simplified sign on, and simple session management Liberty Identity Services Interface Specifications (ID-SIS) The schema, and instantiation of the technical implementation as defined by ID-WSF, to provide for interoperable identity services such as personal identity profile service, alert service, calendar service, wallet service, contacts service, geo-location service, presence service and so on. Liberty Identity Web Services Framework (ID-WSF) This module will provide the framework for building interoperable identity services, permission based attribute sharing, identity service description and discovery, and the associated security profiles SAML HTTP WSS WSDL XML Enc WAP XML SSL/TLS SOAP XML-DSIG

Liberty Solution - Architecture Components Liberty Identity Federation Framework (ID-FF) ID-Personal Profile Liberty Identity Services Interface Specifications (ID-SIS) Liberty Identity Web Services Framework (ID-WSF) ID-WSF Data Services Template 1.0 Identity Services Templates ID-FF Protocols and Schemas 1.2 ID-WSF Discovery Service 1.0 ID-WSF Interaction Service 1.0 Core Identity Services Protocols ID-FF Bindings and Profiles 1.2 ID-WSF Security Profiles 1.0 ID-WSF SOAP Binding 1.0 ID-WSF Client Profiles 1.0 Web Services Bindings & Profiles SAML HTTP AuthN Context 1.2 Meta data 1.2 WSS Reverse HTTP Binding 1.0 SOAP AuthN Service 1.0 WAP XML SSL/TLS SOAP XML-DSIG XML Enc WSDL ID-WSF 1.0 Standards ID-SIS ID-FF 1.2 Future

Liberty in Action - B2C Scenario 1. User access site 3. User access site AuctionWatch service provider 5. service provider obtains handle to mobile operator MyProfile Identity service provider 2. User Validated 4. Service Provider Requests SMS ticket 6. service provider sends SMS message to mobile operator MyPortal identity provider Web Service Personal Profile Service 6. Operator sends SMS message to user PacBell service provider

Liberty in Action - B2B Scenario 1. Access Order Mgt. Portal 4. Place Order 3. Role Information Retrieved 2. User Validated OrderMgt service provider 5. Query Inventory Levels, Earmark Product partner service provider Employee Profile Service manufacturer identity provider Shipping Inventory 6. Notify & Process Order 7. Register Order, Start Invoicing Web Service Accounts Payable

Liberty s Role in the Industry Establish an open standard for federated network identity through open technical specifications that will: Support a broad range of identity-based products and services Allow for consumer choice of identity provider(s) and the ability to link accounts through account federation Provide the convenience of simplified sign-on, when using any network of connected services and devices Enable organizations to realize new revenue and cost saving opportunities Allow organizations to economically leverage relationships with customers, business partners, and employees Improve ease of use for e-commerce

How Through Shared Effort Over 160 for-profit, not-for-profit and government organizations, representing a billion customers, are currently Alliance members * Only a sample of Liberty members

Advise Liaison Consists Responsible Final Develops Develops Develops Responsible How Expertise Across Disciplines Management Board of 16 founding sponsors for overall governance and maintenance voting authority for specifications and other output Public Policy Expert Group Technology Expert Group Marketing Expert Group on privacy, security, and other public policy issues to privacy groups and government agencies technical architecture and engineering requirements technical specifications Interoperability marketing requirements and use cases for membership, press relations, and marketing communications Adoption

Why is HP investing in Liberty? Collaborate with many of our largest customers to drive the market to standardizing on a common approach Vodafone, Nokia, GM, American Express, and others HP IceWall: Responding to direct customer demand Provide guidance to our clients HPC s Worldwide Security Consulting Practice active around the world Compliment and enhance our partnerships with many of the largest security vendors Verisign, RSA, Netegrity and many others Example: Built into our Mobile Services Delivery Platform

The Opportunity is Yours today Liberty Alliance is producing the defacto technology solution for secure, private, federated identity management. Web Services application architectures will require federated identity management to be successful You have the opportunity to define your company s leadership in federated identity www.projectliberty.org

Questions For more information: jason.rouault@hp www.projectliberty.org

HP has the answer for Liberty Alliance HP has a Liberty enabled solution. It s called hp IceWall SSO. IceWall is the leading single sign-on solution, especially in large-scale financial institutions and telecommunication companies in Japan. Over 10,000,000 user licenses have already been sold. Liberty Alliance enabled version of IceWall is to be released in this April. (hp IceWall SSO is Liberty Alliance specification v1.1 enabled and commits subsequent specifications) http://www.jpn.hp/hpc/sp/icewall/eng/

Backup: What is HP s Security Product Strategy Go-to-market strategy Compliment existing best-of-breed vendors of security solutions today Collaborate in the development of standards in order to maintain first-to-market leadership with the security products market Avoid channel conflict while adding value Partnership led through HP s Partner Organization Solutions approach Engineer unique IP into HP solution platforms using customer-preferred technologies and products Example: Mobile Services Delivery Platform for the Telco/Services Operator marketplace. Responding to direct customer demand: Provide unique solution portfolios (HP IceWall)

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback