security requirement and implementation solution for e
play

Security Requirement and Implementation Solution for e-Gov System - PowerPoint PPT Presentation

Dec 10, 2023 •519 likes •749 views

Security Requirement and Implementation Solution for e-Gov System Chuan Liu liuchuan@tongtech.com TongTech Co., Ltd 2006-11 Agenda Introduction of E-Gov (Platform) Requirement of Identity Management & Authorization

  1. Security Requirement and Implementation Solution for e-Gov System Chuan Liu liuchuan@tongtech.com TongTech Co., Ltd 2006-11

  2. Agenda • Introduction of E-Gov (Platform) • Requirement of Identity Management & Authorization • Implementation Solution

  3. The Functions of e-Gov platform • Objects – Service support for e-Gov application • Functions——Support Data Sharing and Exchanging – Data Exchanging – Uniform Portal – Basic business services: Authentication & Authorization & Resource navigation – Connect to Sharing Database, Database of Government Agencies, and Application System • Two-level Structure of Municipal and County • Service Platform compliant with SOA – Single business services – Composite services – Business process services

  4. E-Gov Service Platform Architecture Consumer Portal authentication navigation authorization Service Service Service Other Platform WS-Gateway Data Exchange Platform Provider Share Database Application Application Database Consumer

  5. Municipal Platform E-Gov Service Platform Architecture DEP HTTP/SOAP Country Platform DEP DEP

  6. Existing Foundation for Security • Releasing certification from uniform CA centre, providing authorization service • Security functions in existing applications – No Uniform Security Solutions – Providing Username/Password authorization – Providing Role-based Right Management

  7. Requirements of Authentication & Authorization • Existing Security Management Services should be integrated into the Service Platform – Personal certification released by Authentication center – Adopt existing Authentication & Authorization Mechanism • Single Sign-On(SSO) – Log in Only Once on Portal – Log in with Certification or Username/Password – Same Log-in Mechanism for County and Municipal Level Platform • Providing Organization Structure Management and Role Management • Providing Federal Authentication Management – Access authorization service once when log-in – Authorization information used by different service provider

  8. Functions Implemented • Base on SAML standards • Realize uniform log-in management and authorization management services – Support SSO, simplifying authentication and authorization management. • Supporting Dual Username/Password and Digital Certification Identity Management Mechanism – Digital Certification Signed and Authorized by authentication Centre – Cross authorization based on digital certification for IM in two-level Security Zone • Mapping uniform authorization to existing right management information, supporting Right Management in Legacy system

  9. Features of SAML • XML-based framework – Describing and exchanging security information between on-line business partners. – Security information is expressed in the form of portable SAML assertions that applications working across security domain boundaries can trust. – The OASIS SAML standard defines precise syntax and rules for requesting, creating, communicating, and using these SAML assertions.

  10. SAML usage scenario • Single Sign-On – Within platform – Between platform • Federated identity – Single service in platform – Process in platform – Services between platforms

  11. Key of the Implementation • Different implementations for in a platform and between platforms/partners – A SAML-like (simplified) approach to address the requirements – SSO and Federal Authentication in the platform. – Real SAML compliant implementation to support the Authentication & Authorization across platforms and/or partners. • No Authorization decision statement in SAML. – Just authentication assertions involved in current (primary) phase. – Artifact Resolution Protocol not supported.

  12. The Architecture 2 1 Login & Portal authentication authorization authorization Other 4 Platform Data Exchange Platform WS-Gateway HTTP/SOAP Service 3 Verify signature Access Service check

  13. The Architecture 2 1 Login & Portal authentication authorization authorization Other 4 Platform Data Exchange Platform WS-Gateway HTTP/SOAP Service 3 Verify signature information Access translate check Service

  14. Preliminary Preparing • Service defines open and limited roles and right information • Release security certificate to officials and platform • Mutual authorization between county and municipal platform ( exchange public key) • Definition of role and right information on platform – Simplify right management – Objects includes single service and process service • Authorization for officials

  15. Scenario 1 • Officials/enterprise users in county platform use services in the platform KEY 1 Login & Portal authentication authorization authorization Data Exchange Platform Service1 Service2

  16. Scenario 1 • Officials/enterprise users in county platform use services in the platform KEY 1 SAML MSG SAML MSG Login & Portal authentication authorization authorization 2 Data Exchange Platform Service1 Service1 Service2 Verify signature Access Service check

  17. Scenario 1 • Officials/enterprise users in county platform use services in the platform KEY 1 SAML MSG SAML MSG Login & Portal authentication authorization authorization 2 3 SAML MSG + DATA SAML MSG + DATA Data Exchange Platform Service1 Service2 Service1 Service2 Verify Verify signature signature Business Access Service Service2 check

  18. Scenario 1 • Officials/enterprise users in county platform use services in the platform KEY 1 SAML MSG SAML MSG Login & Portal authentication authorization authorization 2 3 SAML MSG + DATA SAML MSG + DATA Data Exchange Platform Service1 Service2 Service1 Service2 Verify Verify AUTH MSG + DATA AUTH MSG + DATA signature signature information Access translate check Business Access Service Service2 check

  19. Scenario 2 • Authentication information be transferred by process service automatically KEY 1 SAML MSG SAML MSG Login & Portal authentication authorization 2 SAML MSG + DATA SAML MSG + DATA authorization Data Exchange Platform 3 4 Service2 Service Verify Verify signature AUTH MSG + DATA signature AUTH MSG + DATA information Access translate check Business Access Service Service2 check

  20. Scenario 3 • Usage of services in different platforms KEY 1 SAML MSG SAML MSG Service 2 Login & Portal authentication authorization authorization 2 SAML MSG + DATA SAML MSG + DATA DEP 5 4 WS-Gateway 3 Other Platform SAML MSG DATA Service1 SAML MSG DATA Verify signature Partner’s information Access Web Service translate check Business Service1 AUTH MSG + DATA AUTH MSG + DATA

Recommend

Retail Chain Integrated Security Solution V1.3 See Far , Go Further Contents 1 Requirement

Retail Chain Integrated Security Solution V1.3 See Far , Go Further Contents 1 Requirement

Retail Chain Integrated Security Solution V1.3 See Far , Go Further Contents 1 Requirement Analysis 2 System Architecture 3 Solution Introduction 4 Representative Cases Vertical Requirement - Current Situation Traditional retail industry

761 views • 61 slides
Commercial Building Integrated Security Solution See Far , Go Further Contents 1 Vertical

Commercial Building Integrated Security Solution See Far , Go Further Contents 1 Vertical

Commercial Building Integrated Security Solution See Far , Go Further Contents 1 Vertical Requirements Analysis 2 System Architecture 3 Solution Application 4 Successful Cases Requirement Analysis Personnel Safety Internal Management

705 views • 54 slides
Security requirements Term Secuirty requirement A need or restriction from a user, a

Security requirements Term Secuirty requirement A need or restriction from a user, a

Security requirements Term Secuirty requirement A need or restriction from a user, a stakeholder or the environment related to the goal to improve the system security. Holistic security requirement engineering, Computers & Security

216 views • 17 slides
Requirement Requirement Requirement Requirement Engineering Engineering Engineering

Requirement Requirement Requirement Requirement Engineering Engineering Engineering

Requirement Requirement Requirement Requirement Engineering Engineering Engineering Engineering Outline Stakeholders Context diagram and interfaces Types of requirements Numbering requirements Scenarios, sequence diagrams

587 views • 39 slides
Common Security Requirement Language for Procurements & Maintenance Contracts Julio

Common Security Requirement Language for Procurements & Maintenance Contracts Julio

Common Security Requirement Language for Procurements & Maintenance Contracts Julio Rodriguez Idaho National Laboratory National Cyber Security Division (NCSD) Control Systems Security Program (CSSP) December 8, 2006 1 Background

683 views • 13 slides
HMDA Implementation Lessons learned along the way New regulatory requirement to expand the

HMDA Implementation Lessons learned along the way New regulatory requirement to expand the

HMDA Implementation Lessons learned along the way New regulatory requirement to expand the rule currently in force to increase data gathering for the mortgage industry. AN Dodd-Frank required the CFPB to pass these amendments. INTRO

530 views • 15 slides
Is Cable Congestion a Threat to Cable Security? What is the solution? What is the solution?

Is Cable Congestion a Threat to Cable Security? What is the solution? What is the solution?

conference & convention enabling the next generation of networks & services Is Cable Congestion a Threat to Cable Security? What is the solution? What is the solution? Phil Footman-Williams Tyco Electronics Subsea Communications

203 views • 18 slides
Implementation of SOLAS requirement for Verified Gross Mass of Packed Containers Peregrine

Implementation of SOLAS requirement for Verified Gross Mass of Packed Containers Peregrine

BIFA National Seminar, London, 26 November 2015 Implementation of SOLAS requirement for Verified Gross Mass of Packed Containers Peregrine Storrs-Fox, Risk Management Director | Insuring the supply chain | 2 established expertise 2 Quick

230 views • 9 slides
Video and Audio Convergence Solution International Product and Solution Center Contents

Video and Audio Convergence Solution International Product and Solution Center Contents

Video and Audio Convergence Solution International Product and Solution Center Contents Background Requirement Analysis Solution Introduction Product List Background Background Real-time Deterrent Current situation CCTV systems focus

495 views • 24 slides
DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security Information Assessment Brand Operation Consultancy & Security Protection Penetration Awareness Centre Testing External Networks

474 views • 44 slides
U.S. Requirement for Traceability of Drugs: The Drug Supply Chain Security Act (DSCSA)

U.S. Requirement for Traceability of Drugs: The Drug Supply Chain Security Act (DSCSA)

U.S. Requirement for Traceability of Drugs: The Drug Supply Chain Security Act (DSCSA) FDA/CDER/Office of Compliance Office of Drug Security, Integrity and Response Connie Jung, Ph.D. FDA/Office of Global Operations/India Office Jay Jariwala

661 views • 33 slides
UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE

UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE

UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE Maritime Security - Commercial Shipping Security - Cruise Liner Security - Super-Yacht Security Maritime Security Services UCP GROUP is a market

247 views • 22 slides
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 30. 20. 21. 22.

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 30. 20. 21. 22.

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 30. 20. 21. 22. Social Security Administration SSA Benefit Programs Social Security Supplemental Security Income (SSI) Based on a No work requirement;

945 views • 68 slides
Implementation Whats the Photo ID Requirement? Beginning in 2016, each voter voting in

Implementation Whats the Photo ID Requirement? Beginning in 2016, each voter voting in

Photo Identification Implementation Whats the Photo ID Requirement? Beginning in 2016, each voter voting in person must show a photo ID bearing a reasonable resemblance of that voter in order to vote a regular ballot. The photo ID

559 views • 7 slides
CASHWIZARD THE SMART SOLUTION SECURITY I N N O V A T I O N RELIABILITY 1 Who is AMSEC?

CASHWIZARD THE SMART SOLUTION SECURITY I N N O V A T I O N RELIABILITY 1 Who is AMSEC?

CASHWIZARD THE SMART SOLUTION SECURITY I N N O V A T I O N RELIABILITY 1 Who is AMSEC? American Security Products [AMSEC] located in worlds Fontana, California is the best known provider of security safes. For over 70+ years, we

814 views • 21 slides
ENTSOG workshop AS4 as a solution provider AS4 Implementation and Tool presentation Internet

ENTSOG workshop AS4 as a solution provider AS4 Implementation and Tool presentation Internet

ENTSOG workshop AS4 as a solution provider AS4 Implementation and Tool presentation Internet Internet Mendelson AS4 Gateway - Open Source based solution - Very reactive team / use of their AS2 system (about 8000 msg / day) - Participation in

234 views • 6 slides
Dell Security Overview Eddie Chan Security Solution Consultant Dell Security Solutions Dell |

Dell Security Overview Eddie Chan Security Solution Consultant Dell Security Solutions Dell |

Dell Security Overview Eddie Chan Security Solution Consultant Dell Security Solutions Dell | Hong Kong & Taiwan Agenda Session One 2016 Threat Report Update Session Two SonicWALL C APT URE Advanced Threat Protection Service

746 views • 63 slides
Your Problem New ultra low NOX requirement Compliance deadline coming No time for

Your Problem New ultra low NOX requirement Compliance deadline coming No time for

Your Problem New ultra low NOX requirement Compliance deadline coming No time for lengthy conversion Your Solution No Flue Gas Recirculation Easy installation Fast commissioning No operational compromises Performance

366 views • 12 slides
Multicast Security: Towards a Standardized Solution Ran Canetti IBM Research In this talk:

Multicast Security: Towards a Standardized Solution Ran Canetti IBM Research In this talk:

Multicast Security: Towards a Standardized Solution Ran Canetti IBM Research In this talk: A taxonomy of multicast security issues Some outstanding algorithmic problems Work at the SMuG (IRTF): Some design principles

525 views • 23 slides
PERSONA Codeamans Outline Problem Solution Application Flow Purpose-specific

PERSONA Codeamans Outline Problem Solution Application Flow Purpose-specific

PERSONA Codeamans Outline Problem Solution Application Flow Purpose-specific Technical Aspects Scalability Accessibility Security Performance Functionality Implementation Third-Party

383 views • 16 slides
Impact of Drug Supply Chain Security Act on US Pharmaceutical Industry Under Decentralized

Impact of Drug Supply Chain Security Act on US Pharmaceutical Industry Under Decentralized

Impact of Drug Supply Chain Security Act on US Pharmaceutical Industry Under Decentralized Information Flow Meng Ying Chang, Raghavendran Mohan Agenda Drug Supply Chain Security Act (DSCSA) Implementation Solution Design Physical Flow

665 views • 22 slides
REQUIREMENT Requirement specification SPECIFICATION motivation and basics Today:

REQUIREMENT Requirement specification SPECIFICATION motivation and basics Today:

REQUIREMENT Requirement specification SPECIFICATION motivation and basics Today: Requirements Specification Requirement specification is generally a crucial phase of an Jyrki Nummenmaa University of Tampere, CS Department Jyrki

244 views • 3 slides
Handling Is A Requirement For Security C. Matthew Curtin, CISSP Interhack Corporation Conflict

Handling Is A Requirement For Security C. Matthew Curtin, CISSP Interhack Corporation Conflict

Effective Incident Handling Is A Requirement For Security C. Matthew Curtin, CISSP Interhack Corporation Conflict of Interest C. Matthew Curtin, CISSP has no real or apparent conflicts of interest to report. What We Hope to Learn Today 1

294 views • 17 slides
13 - Computer Security Hashing 1 Solution : hash

13 - Computer Security Hashing 1 Solution : hash

13 - Computer Security Hashing 1 Solution : hash function 0 1 n - h x 0 1 - h x is the hash/digest of x Context Goal - Represent large/sensitive message by a smaller one - Numerous

1.14k views • 68 slides

More recommend