security requirement and implementation solution for e
play

Security Requirement and Implementation Solution for e-Gov System - PowerPoint PPT Presentation

Dec 10, 2023 •519 likes •749 views

Security Requirement and Implementation Solution for e-Gov System Chuan Liu liuchuan@tongtech.com TongTech Co., Ltd 2006-11 Agenda Introduction of E-Gov (Platform) Requirement of Identity Management & Authorization

  1. Security Requirement and Implementation Solution for e-Gov System Chuan Liu liuchuan@tongtech.com TongTech Co., Ltd 2006-11

  2. Agenda • Introduction of E-Gov (Platform) • Requirement of Identity Management & Authorization • Implementation Solution

  3. The Functions of e-Gov platform • Objects – Service support for e-Gov application • Functions——Support Data Sharing and Exchanging – Data Exchanging – Uniform Portal – Basic business services: Authentication & Authorization & Resource navigation – Connect to Sharing Database, Database of Government Agencies, and Application System • Two-level Structure of Municipal and County • Service Platform compliant with SOA – Single business services – Composite services – Business process services

  4. E-Gov Service Platform Architecture Consumer Portal authentication navigation authorization Service Service Service Other Platform WS-Gateway Data Exchange Platform Provider Share Database Application Application Database Consumer

  5. Municipal Platform E-Gov Service Platform Architecture DEP HTTP/SOAP Country Platform DEP DEP

  6. Existing Foundation for Security • Releasing certification from uniform CA centre, providing authorization service • Security functions in existing applications – No Uniform Security Solutions – Providing Username/Password authorization – Providing Role-based Right Management

  7. Requirements of Authentication & Authorization • Existing Security Management Services should be integrated into the Service Platform – Personal certification released by Authentication center – Adopt existing Authentication & Authorization Mechanism • Single Sign-On(SSO) – Log in Only Once on Portal – Log in with Certification or Username/Password – Same Log-in Mechanism for County and Municipal Level Platform • Providing Organization Structure Management and Role Management • Providing Federal Authentication Management – Access authorization service once when log-in – Authorization information used by different service provider

  8. Functions Implemented • Base on SAML standards • Realize uniform log-in management and authorization management services – Support SSO, simplifying authentication and authorization management. • Supporting Dual Username/Password and Digital Certification Identity Management Mechanism – Digital Certification Signed and Authorized by authentication Centre – Cross authorization based on digital certification for IM in two-level Security Zone • Mapping uniform authorization to existing right management information, supporting Right Management in Legacy system

  9. Features of SAML • XML-based framework – Describing and exchanging security information between on-line business partners. – Security information is expressed in the form of portable SAML assertions that applications working across security domain boundaries can trust. – The OASIS SAML standard defines precise syntax and rules for requesting, creating, communicating, and using these SAML assertions.

  10. SAML usage scenario • Single Sign-On – Within platform – Between platform • Federated identity – Single service in platform – Process in platform – Services between platforms

  11. Key of the Implementation • Different implementations for in a platform and between platforms/partners – A SAML-like (simplified) approach to address the requirements – SSO and Federal Authentication in the platform. – Real SAML compliant implementation to support the Authentication & Authorization across platforms and/or partners. • No Authorization decision statement in SAML. – Just authentication assertions involved in current (primary) phase. – Artifact Resolution Protocol not supported.

  12. The Architecture 2 1 Login & Portal authentication authorization authorization Other 4 Platform Data Exchange Platform WS-Gateway HTTP/SOAP Service 3 Verify signature Access Service check

  13. The Architecture 2 1 Login & Portal authentication authorization authorization Other 4 Platform Data Exchange Platform WS-Gateway HTTP/SOAP Service 3 Verify signature information Access translate check Service

  14. Preliminary Preparing • Service defines open and limited roles and right information • Release security certificate to officials and platform • Mutual authorization between county and municipal platform ( exchange public key) • Definition of role and right information on platform – Simplify right management – Objects includes single service and process service • Authorization for officials

  15. Scenario 1 • Officials/enterprise users in county platform use services in the platform KEY 1 Login & Portal authentication authorization authorization Data Exchange Platform Service1 Service2

  16. Scenario 1 • Officials/enterprise users in county platform use services in the platform KEY 1 SAML MSG SAML MSG Login & Portal authentication authorization authorization 2 Data Exchange Platform Service1 Service1 Service2 Verify signature Access Service check

  17. Scenario 1 • Officials/enterprise users in county platform use services in the platform KEY 1 SAML MSG SAML MSG Login & Portal authentication authorization authorization 2 3 SAML MSG + DATA SAML MSG + DATA Data Exchange Platform Service1 Service2 Service1 Service2 Verify Verify signature signature Business Access Service Service2 check

  18. Scenario 1 • Officials/enterprise users in county platform use services in the platform KEY 1 SAML MSG SAML MSG Login & Portal authentication authorization authorization 2 3 SAML MSG + DATA SAML MSG + DATA Data Exchange Platform Service1 Service2 Service1 Service2 Verify Verify AUTH MSG + DATA AUTH MSG + DATA signature signature information Access translate check Business Access Service Service2 check

  19. Scenario 2 • Authentication information be transferred by process service automatically KEY 1 SAML MSG SAML MSG Login & Portal authentication authorization 2 SAML MSG + DATA SAML MSG + DATA authorization Data Exchange Platform 3 4 Service2 Service Verify Verify signature AUTH MSG + DATA signature AUTH MSG + DATA information Access translate check Business Access Service Service2 check

  20. Scenario 3 • Usage of services in different platforms KEY 1 SAML MSG SAML MSG Service 2 Login & Portal authentication authorization authorization 2 SAML MSG + DATA SAML MSG + DATA DEP 5 4 WS-Gateway 3 Other Platform SAML MSG DATA Service1 SAML MSG DATA Verify signature Partner’s information Access Web Service translate check Business Service1 AUTH MSG + DATA AUTH MSG + DATA

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Retail Chain Integrated Security Solution V1.3 See Far , Go Further Contents 1 Requirement

Retail Chain Integrated Security Solution V1.3 See Far , Go Further Contents 1 Requirement

Retail Chain Integrated Security Solution V1.3 See Far , Go Further Contents 1 Requirement Analysis 2 System Architecture 3 Solution Introduction 4 Representative Cases Vertical Requirement - Current Situation Traditional retail industry

761 views • 61 slides
Commercial Building Integrated Security Solution See Far , Go Further Contents 1 Vertical

Commercial Building Integrated Security Solution See Far , Go Further Contents 1 Vertical

Commercial Building Integrated Security Solution See Far , Go Further Contents 1 Vertical Requirements Analysis 2 System Architecture 3 Solution Application 4 Successful Cases Requirement Analysis Personnel Safety Internal Management

705 views • 54 slides
Security requirements Term Secuirty requirement A need or restriction from a user, a

Security requirements Term Secuirty requirement A need or restriction from a user, a

Security requirements Term Secuirty requirement A need or restriction from a user, a stakeholder or the environment related to the goal to improve the system security. Holistic security requirement engineering, Computers & Security

216 views • 17 slides
Requirement Requirement Requirement Requirement Engineering Engineering Engineering

Requirement Requirement Requirement Requirement Engineering Engineering Engineering

Requirement Requirement Requirement Requirement Engineering Engineering Engineering Engineering Outline Stakeholders Context diagram and interfaces Types of requirements Numbering requirements Scenarios, sequence diagrams

586 views • 39 slides
Common Security Requirement Language for Procurements & Maintenance Contracts Julio

Common Security Requirement Language for Procurements & Maintenance Contracts Julio

Common Security Requirement Language for Procurements & Maintenance Contracts Julio Rodriguez Idaho National Laboratory National Cyber Security Division (NCSD) Control Systems Security Program (CSSP) December 8, 2006 1 Background

682 views • 13 slides
HMDA Implementation Lessons learned along the way New regulatory requirement to expand the

HMDA Implementation Lessons learned along the way New regulatory requirement to expand the

HMDA Implementation Lessons learned along the way New regulatory requirement to expand the rule currently in force to increase data gathering for the mortgage industry. AN Dodd-Frank required the CFPB to pass these amendments. INTRO

530 views • 15 slides
Is Cable Congestion a Threat to Cable Security? What is the solution? What is the solution?

Is Cable Congestion a Threat to Cable Security? What is the solution? What is the solution?

conference & convention enabling the next generation of networks & services Is Cable Congestion a Threat to Cable Security? What is the solution? What is the solution? Phil Footman-Williams Tyco Electronics Subsea Communications

203 views • 18 slides
Implementation of SOLAS requirement for Verified Gross Mass of Packed Containers Peregrine

Implementation of SOLAS requirement for Verified Gross Mass of Packed Containers Peregrine

BIFA National Seminar, London, 26 November 2015 Implementation of SOLAS requirement for Verified Gross Mass of Packed Containers Peregrine Storrs-Fox, Risk Management Director | Insuring the supply chain | 2 established expertise 2 Quick

230 views • 9 slides
Video and Audio Convergence Solution International Product and Solution Center Contents

Video and Audio Convergence Solution International Product and Solution Center Contents

Video and Audio Convergence Solution International Product and Solution Center Contents Background Requirement Analysis Solution Introduction Product List Background Background Real-time Deterrent Current situation CCTV systems focus

495 views • 24 slides
DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security Information Assessment Brand Operation Consultancy & Security Protection Penetration Awareness Centre Testing External Networks

474 views • 44 slides
U.S. Requirement for Traceability of Drugs: The Drug Supply Chain Security Act (DSCSA)

U.S. Requirement for Traceability of Drugs: The Drug Supply Chain Security Act (DSCSA)

U.S. Requirement for Traceability of Drugs: The Drug Supply Chain Security Act (DSCSA) FDA/CDER/Office of Compliance Office of Drug Security, Integrity and Response Connie Jung, Ph.D. FDA/Office of Global Operations/India Office Jay Jariwala

660 views • 33 slides
UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE

UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE

UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE Maritime Security - Commercial Shipping Security - Cruise Liner Security - Super-Yacht Security Maritime Security Services UCP GROUP is a market

247 views • 22 slides
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 30. 20. 21. 22.

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 30. 20. 21. 22.

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 30. 20. 21. 22. Social Security Administration SSA Benefit Programs Social Security Supplemental Security Income (SSI) Based on a No work requirement;

944 views • 68 slides
Implementation Whats the Photo ID Requirement? Beginning in 2016, each voter voting in

Implementation Whats the Photo ID Requirement? Beginning in 2016, each voter voting in

Photo Identification Implementation Whats the Photo ID Requirement? Beginning in 2016, each voter voting in person must show a photo ID bearing a reasonable resemblance of that voter in order to vote a regular ballot. The photo ID

559 views • 7 slides
CASHWIZARD THE SMART SOLUTION SECURITY I N N O V A T I O N RELIABILITY 1 Who is AMSEC?

CASHWIZARD THE SMART SOLUTION SECURITY I N N O V A T I O N RELIABILITY 1 Who is AMSEC?

CASHWIZARD THE SMART SOLUTION SECURITY I N N O V A T I O N RELIABILITY 1 Who is AMSEC? American Security Products [AMSEC] located in worlds Fontana, California is the best known provider of security safes. For over 70+ years, we

814 views • 21 slides
ENTSOG workshop AS4 as a solution provider AS4 Implementation and Tool presentation Internet

ENTSOG workshop AS4 as a solution provider AS4 Implementation and Tool presentation Internet

ENTSOG workshop AS4 as a solution provider AS4 Implementation and Tool presentation Internet Internet Mendelson AS4 Gateway - Open Source based solution - Very reactive team / use of their AS2 system (about 8000 msg / day) - Participation in

234 views • 6 slides
rt r r

rt r r

rt r r t r r tr rt r

820 views • 71 slides
Basic Communication Operations Ananth Grama, Anshul Gupta, George Karypis, and Vipin Kumar To

Basic Communication Operations Ananth Grama, Anshul Gupta, George Karypis, and Vipin Kumar To

Basic Communication Operations Ananth Grama, Anshul Gupta, George Karypis, and Vipin Kumar To accompany the text Introduction to Parallel Computing, Addison Wesley, 2003. Topic Overview One-to-All Broadcast and All-to-One Reduction

1.11k views • 71 slides
` http://distributedcomponents.net Ilya Sergey James R. Wilcox Zach Tatlock Distributed

` http://distributedcomponents.net Ilya Sergey James R. Wilcox Zach Tatlock Distributed

Programming and Proving with Distributed Protocols Disel: Distributed Separation Logic { P } c { Q } ` http://distributedcomponents.net Ilya Sergey James R. Wilcox Zach Tatlock Distributed Systems Distributed Infrastructure Distributed

727 views • 70 slides
Lab 8: Firewalls & Intrusion Detec6on Systems Fengwei Zhang Wayne State University CSC

Lab 8: Firewalls & Intrusion Detec6on Systems Fengwei Zhang Wayne State University CSC

Lab 8: Firewalls & Intrusion Detec6on Systems Fengwei Zhang Wayne State University CSC Course: Cyber Security Prac6ce 1 Firewall & IDS Firewall A device or applica6on that analyzes packet headers and enforces policy based on

496 views • 20 slides
A view into ALPC-RPC UAC Advanced features & vulnerability research Clment Rouault &

A view into ALPC-RPC UAC Advanced features & vulnerability research Clment Rouault &

A view into ALPC-RPC Introduction ALPC RPC A view into ALPC-RPC UAC Advanced features & vulnerability research Clment Rouault & Thomas Imbert CVE-2017-11783 PacSec Conclusion November 2017 Clment Rouault & Thomas

549 views • 50 slides
Typing Copyless Message Passing Viviana Bono Chiara Messa Luca Padovani Dipartimento di

Typing Copyless Message Passing Viviana Bono Chiara Messa Luca Padovani Dipartimento di

Typing Copyless Message Passing Viviana Bono Chiara Messa Luca Padovani Dipartimento di Informatica, Universit` a di Torino BTW 2011 Typing Copyless Message Passing (V. Bono) BTW 2011 1 / 25 Singularity OS: architecture Processes (SIPs)

806 views • 46 slides
Fast Data apps with Alpakka Kafka connector Sean Glover, Lightbend @seg1o Who am I? Im Sean

Fast Data apps with Alpakka Kafka connector Sean Glover, Lightbend @seg1o Who am I? Im Sean

Fast Data apps with Alpakka Kafka connector Sean Glover, Lightbend @seg1o Who am I? Im Sean Glover Senior Software Engineer at Lightbend Member of the Fast Data Platform team Organizer of Scala Toronto (scalator)

694 views • 58 slides
CORE SECURITY Breaking Out of VirtualBox through 3D Acceleration Francisco Falcon (@fdfalcon)

CORE SECURITY Breaking Out of VirtualBox through 3D Acceleration Francisco Falcon (@fdfalcon)

CORE SECURITY Breaking Out of VirtualBox through 3D Acceleration Francisco Falcon (@fdfalcon) REcon 2014 P A G E About me Exploit writer for Core Security. From Argentina. Interested in the usual stuff: reverse engineering,

1.17k views • 94 slides

More recommend