200 likes | 299 Views
SWIM Laboratory Update. Demonstrations and Prototypes TIM 7. SPF (SWIM Prototype Facility). SIF (SWIM Integration Facility). SWIM Laboratory. Consists of 2 facilities:. SWIM Integration Facility. SPF (SWIM Prototype Facility). SIF (SWIM Integration Facility).
E N D
SWIM Laboratory Update Demonstrations and Prototypes TIM 7
SPF (SWIM Prototype Facility) SIF (SWIM Integration Facility) SWIM Laboratory • Consists of 2 facilities:
SWIM Integration Facility SPF (SWIM Prototype Facility) SIF (SWIM Integration Facility) • SWIM COTS Products Repository • SWIM COTS & FOSS Working Group • NAS Services Registry Repository (NSRR) • Other: • SWIM Wiki • Security & Vulnerability Analysis of SWIM Products • Support Segment 2 User prototypes
Product Inventory – Functional * Products being used by SIPs • Available from COTS Repository (https://swimrepo.faa.gov) • Available on SWIM ftp (ftp://swimftp.tc.faa.gov)
SWIM COTS & FOSS Working Group System Wide Information Management (SWIM) Commercial Off The Shelf and Open Source Products Status Report • WG is the vehicle to: • Select Fuse product versions that SWIM supports • Facilitate Fuse issue info exchange & resolution • Decide need for Fuse improvements • Disseminate product info and track SIP use of SWIM products • Facilitate monthly meetings • Generate and Maintain: • SWIM FUSE Issue Tracker (weekly updates to SWIM wiki) • SWIM COTS Products Status Report (monthly) • COTS Products Management Plan (annually) April 27, 2011
NAS Services Registry Repository • Administer & Maintain HP SOA Systinet Application • Support users • User documentation • Publishers Guide • Consumers Guide • Administrators Guide • Work with SWIM Governance to assure NSRR compliant with SWIM policies
NSRR The NAS Services Registry Repository provides a wide range of functionality
SWIM Service Lifecycle Management The SWIM Registry/Repository accommodates a custom lifecycle management process
SWIM Registry Service Creation The SWIM Registry/Repository business service consists of many artifacts
Other Implementation Tasks • Administer & Maintain SWIM Wiki • Security & Vulnerability Analysis of SWIM Products using Veracode – initial trial scan of Fuse Message Broker executable • Work with SWIM Test & COTSWG & AWG to add SIP-related tests to FUSE verification activity • Support Segment 2 User prototypes (AIM Common Status and Structure Data Program) • Provide facility for SWIM Test
SWIM Security Reference Implementation (SSRI) • Demonstrate securing Web Services at multiple levels • Transport (securing communication) • Endpoint (securing access to service) • Message (provide integrity, non-repudiation, etc. ) • Business Logic (ex: restricted access to service operation) • Data (securing data, meta-data) • Demonstrate integration with enterprise level components and appropriate technologies • Authentication & Authorization (LDAP, X.509 certificates, SAML) • Key management (PKI, X.509 certificates) • Java Authentication & Authorization Service (JAAS) • Spring Security • Provide secure Web Service example (code, configurations), client, and example components
oAuth Prototype • Single Sign On / UI • Evaluate use of OAuth 2.0 for common login infrastructure (contrast with SAML, etc) for applications that reside within the NAS • Messaging • Evaluate use of ‘two-legged’ OAuth for message level security (REST only) • Evaluate interplay with WS-Security, ‘boundary-crossings’ • Common (SSO + Messaging) • Develop/adopt standard format for user attribute exchange (e.g., openid connect) • Evaluate OAuth-based representation of NAS internal attribute authority
Recent Work • Segment 2 Prototypes • SWIM Security Reference Implementation • Updated to include FUSE ESB 4.2 • Implemented Binary Security Token (BST) security profile • Implemented Username Token security profile • Implemented Transport Layer Security (TLS) • Updated Build Guide documentation • oAuth Prototypes • Completed Sprint 1 and 2 • Design/Develop screens to set up target applications • Design/Develop user registration screens
Messaging Prototype • Pub/Sub & Send/Receive Semantics • Reliable Messaging • Enterprise Routing • Content-based Routing • Message Mediation • Message Transport • Message Security • Service and Destination Authorization • Message-Level Integrity and Confidentiality
Recent Work • Messaging Prototype • Prototype Plan • Implement JMS broker network • Implement SAN-based clustering and persistence • Implement simulated SIP clients • Document broker cluster and network configuration
Recent Work • IKM • XML Gateway Requirements • XML Gateway • Mutual TLS configuration for incoming connections using self-signed certificates • Authentication of incoming messages via Username Token • Authentication of incoming messages via Binary Security Token • Authentication of incoming messages via SAML Authentication • Insertion of SAML AuthN Assertions into outgoing messages • Developed draft IKM Requirements • Developed rough draft of IKM CONOPs
Conformance Test Kit – (CTK) • Measure and report on conformance against: • The four security profiles defined in SWIM WS-Security Specification • WS-I Basic Security Profile • Measure conformance across a set of test scenarios • Support stateful evaluation of messages • Recognize replay scenarios • Evaluate the response in the context of the request • Allow the CTK to participate both actively and passively • As a web-service proxy • As a web service provider • As a web service client • As a web service intermediary
Future - Security Prototype for Segment 2 • Prototype combination of: • DNS – Seg 1+ • NTP – Seg 1+ • IKM – Seg 2, phase 1 • SWIM Enterprise Messaging System (a.k.a. DEX) – Seg 2, phase 1 • In planning stages • Drafted plan • Setting up lab connectivity with FTI