Security Requirement and Implementation Solution for e-Gov System - - PowerPoint PPT Presentation

security requirement and implementation solution for e
SMART_READER_LITE
LIVE PREVIEW

Security Requirement and Implementation Solution for e-Gov System - - PowerPoint PPT Presentation

Dec 10, 2023 519 likes •751 views

Security Requirement and Implementation Solution for e-Gov System Chuan Liu liuchuan@tongtech.com TongTech Co., Ltd 2006-11 Agenda Introduction of E-Gov (Platform) Requirement of Identity Management & Authorization

slide-1
SLIDE 1

Security Requirement and Implementation Solution for e-Gov System

Chuan Liu liuchuan@tongtech.com TongTech Co., Ltd 2006-11

slide-2
SLIDE 2

Agenda

  • Introduction of E-Gov (Platform)
  • Requirement of Identity Management &

Authorization

  • Implementation Solution
slide-3
SLIDE 3

The Functions of e-Gov platform

  • Objects

– Service support for e-Gov application

  • Functions——Support Data Sharing and

Exchanging

– Data Exchanging – Uniform Portal – Basic business services: Authentication & Authorization & Resource navigation – Connect to Sharing Database, Database of Government Agencies, and Application System

  • Two-level Structure of Municipal and County
  • Service Platform compliant with SOA

– Single business services – Composite services – Business process services

slide-4
SLIDE 4

E-Gov Service Platform Architecture

Share Database Database Application Data Exchange Platform Portal

navigation

Service Service Service WS-Gateway Other Platform

authorization authentication

Provider Application Consumer Consumer

slide-5
SLIDE 5

E-Gov Service Platform Architecture

DEP DEP DEP

Municipal Platform

HTTP/SOAP

Country Platform

slide-6
SLIDE 6

Existing Foundation for Security

  • Releasing certification from uniform CA

centre, providing authorization service

  • Security functions in existing applications

– No Uniform Security Solutions – Providing Username/Password authorization – Providing Role-based Right Management

slide-7
SLIDE 7

Requirements of Authentication & Authorization

  • Existing Security Management Services should be

integrated into the Service Platform

– Personal certification released by Authentication center – Adopt existing Authentication & Authorization Mechanism

  • Single Sign-On(SSO)

– Log in Only Once on Portal – Log in with Certification or Username/Password – Same Log-in Mechanism for County and Municipal Level Platform

  • Providing Organization Structure Management and Role

Management

  • Providing Federal Authentication Management

– Access authorization service once when log-in – Authorization information used by different service provider

slide-8
SLIDE 8

Functions Implemented

  • Base on SAML standards
  • Realize uniform log-in management and

authorization management services

– Support SSO, simplifying authentication and authorization management.

  • Supporting Dual Username/Password and

Digital Certification Identity Management Mechanism

– Digital Certification Signed and Authorized by authentication Centre – Cross authorization based on digital certification for IM in two-level Security Zone

  • Mapping uniform authorization to existing right

management information, supporting Right Management in Legacy system

slide-9
SLIDE 9

Features of SAML

  • XML-based framework

– Describing and exchanging security information between on-line business partners. – Security information is expressed in the form

  • f portable SAML assertions that applications

working across security domain boundaries can trust. – The OASIS SAML standard defines precise syntax and rules for requesting, creating, communicating, and using these SAML assertions.

slide-10
SLIDE 10

SAML usage scenario

  • Single Sign-On

– Within platform – Between platform

  • Federated identity

– Single service in platform – Process in platform – Services between platforms

slide-11
SLIDE 11

Key of the Implementation

  • Different implementations for in a platform

and between platforms/partners

– A SAML-like (simplified) approach to address the requirements – SSO and Federal Authentication in the platform. – Real SAML compliant implementation to support the Authentication & Authorization across platforms and/or partners.

  • No Authorization decision statement in

SAML.

– Just authentication assertions involved in current (primary) phase. – Artifact Resolution Protocol not supported.

slide-12
SLIDE 12

The Architecture

Portal

authorization authentication Login & authorization

1 2 Service

Verify signature Access check Service

3 Data Exchange Platform WS-Gateway Other Platform 4 HTTP/SOAP

slide-13
SLIDE 13

The Architecture

Portal

authorization authentication Login & authorization

1 2 Service 3 Data Exchange Platform WS-Gateway Other Platform 4 HTTP/SOAP

Verify signature information translate Access check Service

slide-14
SLIDE 14

Preliminary Preparing

  • Service defines open and limited roles and right

information

  • Release security certificate to officials and

platform

  • Mutual authorization between county and

municipal platform ( exchange public key)

  • Definition of role and right information on

platform

– Simplify right management – Objects includes single service and process service

  • Authorization for officials
slide-15
SLIDE 15

Scenario 1

  • Officials/enterprise users in county platform use

services in the platform

Portal

authorization authentication Login & authorization

Service1 1 Service2

KEY

Data Exchange Platform

slide-16
SLIDE 16

Scenario 1

  • Officials/enterprise users in county platform use

services in the platform

Portal

authorization authentication Login & authorization

Service1 1 Service2

KEY

Data Exchange Platform

SAML MSG SAML MSG

Service1

Verify signature Access check Service

2

slide-17
SLIDE 17

Scenario 1

  • Officials/enterprise users in county platform use

services in the platform

Portal

authorization authentication Login & authorization

Service1 1 Service2

KEY

Data Exchange Platform

SAML MSG SAML MSG

Service1

Verify signature Access check Service

2 Service2

Verify signature Business Service2

3

SAML MSG + DATA SAML MSG + DATA

slide-18
SLIDE 18

Scenario 1

  • Officials/enterprise users in county platform use

services in the platform

Portal

authorization authentication Login & authorization

Service1 1 Service2

KEY

Data Exchange Platform

SAML MSG SAML MSG

Service1

Verify signature Access check Service

2 Service2 3

SAML MSG + DATA SAML MSG + DATA Verify signature information translate Access check Business Service2 AUTH MSG + DATA AUTH MSG + DATA

slide-19
SLIDE 19

Scenario 2

  • Authentication information be transferred by

process service automatically

Data Exchange Platform Portal

authorization authentication Login & authorization

2 1

KEY

SAML MSG SAML MSG

Service2

Verify signature information translate Access check Business Service2 AUTH MSG + DATA AUTH MSG + DATA SAML MSG + DATA SAML MSG + DATA

4 Service

Verify signature Access check Service

3

slide-20
SLIDE 20

Scenario 3

  • Usage of services in different platforms

Portal

authorization authentication Login & authorization

2 1

KEY

SAML MSG SAML MSG SAML MSG + DATA SAML MSG + DATA

DEP WS-Gateway Service1

Verify signature information translate Access check Business Service1 AUTH MSG + DATA AUTH MSG + DATA

Service 2 Partner’s Web Service 4 3 Other Platform

SAML MSG DATA SAML MSG DATA

5

slide-21
SLIDE 21