1 / 20

SWIM Laboratory Update

SWIM Laboratory Update. Demonstrations and Prototypes TIM 7. SPF (SWIM Prototype Facility). SIF (SWIM Integration Facility). SWIM Laboratory. Consists of 2 facilities:. SWIM Integration Facility. SPF (SWIM Prototype Facility). SIF (SWIM Integration Facility).

trevet
Download Presentation

SWIM Laboratory Update

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SWIM Laboratory Update Demonstrations and Prototypes TIM 7

  2. SPF (SWIM Prototype Facility) SIF (SWIM Integration Facility) SWIM Laboratory • Consists of 2 facilities:

  3. SWIM Integration Facility SPF (SWIM Prototype Facility) SIF (SWIM Integration Facility) • SWIM COTS Products Repository • SWIM COTS & FOSS Working Group • NAS Services Registry Repository (NSRR) • Other: • SWIM Wiki • Security & Vulnerability Analysis of SWIM Products • Support Segment 2 User prototypes

  4. Product Inventory – Functional * Products being used by SIPs • Available from COTS Repository (https://swimrepo.faa.gov) • Available on SWIM ftp (ftp://swimftp.tc.faa.gov)

  5. SWIM COTS & FOSS Working Group System Wide Information Management (SWIM) Commercial Off The Shelf and Open Source Products Status Report • WG is the vehicle to: • Select Fuse product versions that SWIM supports • Facilitate Fuse issue info exchange & resolution • Decide need for Fuse improvements • Disseminate product info and track SIP use of SWIM products • Facilitate monthly meetings • Generate and Maintain: • SWIM FUSE Issue Tracker (weekly updates to SWIM wiki) • SWIM COTS Products Status Report (monthly) • COTS Products Management Plan (annually) April 27, 2011

  6. NAS Services Registry Repository • Administer & Maintain HP SOA Systinet Application • Support users • User documentation • Publishers Guide • Consumers Guide • Administrators Guide • Work with SWIM Governance to assure NSRR compliant with SWIM policies

  7. NSRR The NAS Services Registry Repository provides a wide range of functionality

  8. SWIM Service Lifecycle Management The SWIM Registry/Repository accommodates a custom lifecycle management process

  9. SWIM Registry Service Creation The SWIM Registry/Repository business service consists of many artifacts

  10. Other Implementation Tasks • Administer & Maintain SWIM Wiki • Security & Vulnerability Analysis of SWIM Products using Veracode – initial trial scan of Fuse Message Broker executable • Work with SWIM Test & COTSWG & AWG to add SIP-related tests to FUSE verification activity • Support Segment 2 User prototypes (AIM Common Status and Structure Data Program) • Provide facility for SWIM Test

  11. SWIM Prototype Facility

  12. SWIM Security Reference Implementation (SSRI) • Demonstrate securing Web Services at multiple levels • Transport (securing communication) • Endpoint (securing access to service) • Message (provide integrity, non-repudiation, etc. ) • Business Logic (ex: restricted access to service operation) • Data (securing data, meta-data) • Demonstrate integration with enterprise level components and appropriate technologies • Authentication & Authorization (LDAP, X.509 certificates, SAML) • Key management (PKI, X.509 certificates) • Java Authentication & Authorization Service (JAAS) • Spring Security • Provide secure Web Service example (code, configurations), client, and example components

  13. oAuth Prototype • Single Sign On / UI • Evaluate use of OAuth 2.0 for common login infrastructure (contrast with SAML, etc) for applications that reside within the NAS • Messaging • Evaluate use of ‘two-legged’ OAuth for message level security (REST only) • Evaluate interplay with WS-Security, ‘boundary-crossings’ • Common (SSO + Messaging) • Develop/adopt standard format for user attribute exchange (e.g., openid connect) • Evaluate OAuth-based representation of NAS internal attribute authority

  14. Recent Work • Segment 2 Prototypes • SWIM Security Reference Implementation • Updated to include FUSE ESB 4.2 • Implemented Binary Security Token (BST) security profile • Implemented Username Token security profile • Implemented Transport Layer Security (TLS) • Updated Build Guide documentation • oAuth Prototypes • Completed Sprint 1 and 2 • Design/Develop screens to set up target applications • Design/Develop user registration screens

  15. Messaging Prototype • Pub/Sub & Send/Receive Semantics • Reliable Messaging • Enterprise Routing • Content-based Routing • Message Mediation • Message Transport • Message Security • Service and Destination Authorization • Message-Level Integrity and Confidentiality

  16. Recent Work • Messaging Prototype • Prototype Plan • Implement JMS broker network • Implement SAN-based clustering and persistence • Implement simulated SIP clients • Document broker cluster and network configuration

  17. Recent Work • IKM • XML Gateway Requirements • XML Gateway • Mutual TLS configuration for incoming connections using self-signed certificates • Authentication of incoming messages via Username Token • Authentication of incoming messages via Binary Security Token • Authentication of incoming messages via SAML Authentication • Insertion of SAML AuthN Assertions into outgoing messages • Developed draft IKM Requirements • Developed rough draft of IKM CONOPs

  18. Conformance Test Kit – (CTK) • Measure and report on conformance against: • The four security profiles defined in SWIM WS-Security Specification • WS-I Basic Security Profile • Measure conformance across a set of test scenarios • Support stateful evaluation of messages • Recognize replay scenarios • Evaluate the response in the context of the request • Allow the CTK to participate both actively and passively • As a web-service proxy • As a web service provider • As a web service client • As a web service intermediary

  19. Future - Security Prototype for Segment 2 • Prototype combination of: • DNS – Seg 1+ • NTP – Seg 1+ • IKM – Seg 2, phase 1 • SWIM Enterprise Messaging System (a.k.a. DEX) – Seg 2, phase 1 • In planning stages • Drafted plan • Setting up lab connectivity with FTI

More Related