DOCSLIB.ORG

Are3na Crabbé Et Al

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Are3na Crabbé Et Al ARe3NA Crabbé et al. (2014) AAA for Data and Services (D1.1.2 & D1.2.2): Analysing Standards &Technologies for AAA ISA Action 1.17: A Reusable INSPIRE Reference Platform (ARE3NA) Authentication, Authorization & Accounting for Data and Services in EU Public Administrations D1.1.2 & D1.2.2– Analysing standards and technologies for AAA Ann Crabbé Danny Vandenbroucke Andreas Matheus Dirk Frigne Frank Maes Reijer Copier 0 ARe3NA Crabbé et al. (2014) AAA for Data and Services (D1.1.2 & D1.2.2): Analysing Standards &Technologies for AAA This publication is a Deliverable of Action 1.17 of the Interoperability Solutions for European Public Admin- istrations (ISA) Programme of the European Union, A Reusable INSPIRE Reference Platform (ARE3NA), managed by the Joint Research Centre, the European Commission’s in-house science service. Disclaimer The scientific output expressed does not imply a policy position of the European Commission. Neither the European Commission nor any person acting on behalf of the Commission is responsible for the use which might be made of this publication. Copyright notice © European Union, 2014. Reuse is authorised, provided the source is acknowledged. The reuse policy of the European Commission is implemented by the Decision on the reuse of Commission documents of 12 December 2011. Bibliographic Information: Ann Crabbé, Danny Vandenbroucke, Andreas Matheus, Dirk Frigne, Frank Maes and Reijer Copier Authenti- cation, Authorization and Accounting for Data and Services in EU Public Administrations: D1.1.2 & D1.2.2 – Analysing standards and technologies for AAA. European Commission; 2014. JRC92555 1 ARe3NA Crabbé et al. (2014) AAA for Data and Services (D1.1.2 & D1.2.2): Analysing Standards &Technologies for AAA Contents 1. INTRODUCTION ........................................................................................................................................... 7 2. INSPIRE AND SECURE ACCESS MECHANISMS ................................................................................................. 7 2.1 Limiting public access ...................................................................................................................... 7 2.2 AAA in the ISA Programme ............................................................................................................. 9 3. AAA: AUTHENTICATION, AUTHORIZATION AND ACCOUNTING ...................................................................... 11 3.1 Access Management Federation [2] [3] ....................................................................................... 11 3.2 Authentication and Authorization Standards .............................................................................. 14 3.2.1 Secure communication ............................................................................................................ 14 3.2.2 Authentication ......................................................................................................................... 14 3.2.3 Authorization ........................................................................................................................... 16 3.2.4 Other standards ....................................................................................................................... 17 3.3 Authentication and Authorization Technologies ........................................................................ 18 3.3.1 Tools for implementing SAML and other AAA standards ........................................................ 18 3.3.2 Shibboleth ................................................................................................................................ 33 4. ACCESS MANAGEMENT FEDERATION INFRASTRUCTURE: HOW IT WORKS ...................................................... 34 4.1 Secure access to resources .............................................................................................................. 34 4.2 Organisational issues ....................................................................................................................... 35 5. ISA PROGRAMME: INTEROPERABILITY SOLUTIONS FOR EUROPEAN PUBLIC ADMINISTRATIONS ...................... 39 5.1 ISA action 1.4: EU-wide interoperability of electronic identities (ECAS-STORK integration) [12]... 39 5.2 ISA action 1.18: Federated Authorization Across European Public Administrations [14] ............... 39 6. CONCLUSIONS ........................................................................................................................................... 42 7 REFERENCES ............................................................................................................................................. 43 8 Annex 1: Security Standards Overview ................................................................................................... 44 8.1 Standards for securing Communication ................................................................................... 44 8.1.1 Standards associated with the Network Layer ........................................................................ 44 8.1.2 Standards associated with the Binding Layer .......................................................................... 45 8.1.3 Standards associated to Message Security ............................................................................. 45 8.1.4 Standards associated to Message Content Security ............................................................... 46 8.2 Standards for Authentication .......................................................................................................... 47 8.3 Standards for Authorization (Attribute Based Access Control) ....................................................... 51 2 ARe3NA Crabbé et al. (2014) AAA for Data and Services (D1.1.2 & D1.2.2): Analysing Standards &Technologies for AAA 8.4 Standards for Licensing.................................................................................................................... 52 8.5 Standards for Web Services ............................................................................................................. 53 8.6 Draft Standards for Web Services ................................................................................................... 57 8.7 Standards for eBusiness .................................................................................................................. 59 8.8 ISO Standard for Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) ............................................................................................................................... 61 8.9 Standards for Security Techniques .................................................................................................. 62 8.10 Standards for Open Systems Interconnection ................................................................................. 63 8.11 Other Literature ............................................................................................................................... 64 3 ARe3NA Crabbé et al. (2014) AAA for Data and Services (D1.1.2 & D1.2.2): Analysing Standards &Technologies for AAA 1 TABLE OF FIGURES Figure 1: The Three-Tier INSPIRE Architecture ................................................................................................................................. 9 Figure 2: Access Management Federation [2] ............................................................................................................................... 12 Figure 3: Schematic overview of AAA and related standards ......................................................................................................... 18 Figure 4: Schematic overview of the access management federation. .......................................................................................... 34 Figure 5: Example of secure access to a resource by a user (Max) ................................................................................................. 35 Table 1: Conditions under which public access to data and services can be limited (Directive 2007/2/EC Art.13) ......................... 8 Table 2: Comparison of different authentication standards (based on Chadwick, [13]) ................................................................ 15 Table 3: Comparison of different authorization standards ............................................................................................................ 17 Table 4: Tools for the implementation of security standards (adapted and updated from the Kantara Initiative, 2011) .............. 20 Table 5: number of data and service providers in INSPIRE ............................................................................................................. 37 Table 6: Issues addressed by STORK 2 as compared to STORK 1 .................................................................................................... 40 4 ARe3NA Crabbé et al. (2014) AAA for Data and Services (D1.1.2 & D1.2.2): Analysing Standards &Technologies for AAA 2 GLOSSARY AAA Authentication, Authorization and Accounting ARE3NA A Reusable INSPIRE Reference Platform AMF Access Management Federation BKG Bundesamt für Kartographie und Geodäsie CC Coordination Centre CIRCABC Communication and Information Resource Centre for Administrations, Businesses and Citizens DRM Digital Rights Management DSS Digital Signature Software ECAS European Citizen Action Service
Load more

Recommended publications
  • Google Cloud Platform Integration
    Solidatus FACTSHEET Google Cloud Platform Integration The Solidatus Google Cloud Platform (GCP) integration suite helps to discover data structures and lineage in GCP and automatically create and maintain Solidatus models describing these assets when they are added to GCP and when they are changed. As of January 2019, the GCP integration supports the following scenarios: • Through the Solidatus UI: – Load BigQuery dataset schemas as Solidatus objects on-demand. • Automatically using a Solidatus Agent: – Detect new BigQuery schemas and add to a Solidatus model. – Detect changes to BigQuery schemas and update a Solidatus model. – Detect new files in Google Cloud Storage (GCS) and add to a Solidatus model. – Automatically detect changes to files in GCS and update a Solidatus model. • Automatically at build time: – Extract structure and lineage from a Google Cloud Dataflow and create or update a Solidatus model. FEATURES BigQuery Loader Apache Beam (GCP Dataflow) Lineage A user can import a BigQuery table definition, directly Mapper from Google, as an object into a Solidatus model. A developer can visualise their Apache Beam job’s The import supports both nested and flat structures, pipeline in a Solidatus model. The model helps both and also includes meta data about the table and developers and analysts to see that data from sources dataset. Objects created via the BigQuery Loader is correctly mapped through transforms to their sinks, can be easily updated by a right-clicking on an providing a data lineage model of the pipeline. object in Solidatus. Updating models using this Generating the models can be ad-hoc (on-demand by feature provides the ability to visualise differences in the developer) or built into a CI/CD process.
    [Show full text]
  • Google's Mission
    & Big Data & Rocket Fuel Dr Raj Subramani, HSBC Reza Rokni, Google Cloud, Solutions Architect Adrian Poole, Google Cloud, Google’s Mission Organize the world’s information and make it universally accessible and useful Eight cloud products with ONE BILLION Users Increasing Marginal Cost of Change $ Traditional Architectures Prohibitively Expensive change Marginal cost of 18 years of Google R&D / Investment Google Cloud Native Architectures (GCP) Increasing complexity of systems and processes Containers at Google Number of running jobs Enabled Google to grow our fleet over 10x faster than we grew our ops team Core Ops Team 2004 2016 4 Google’s innovation in data Millwheel F1 Spanner TensorFlow MapReduce Dremel Flume GFS Bigtable Colossus Megastore Pub/Sub Dataflow 2002 2004 2006 2008 2010 2012 2013 2016 Proprietary + Confidential5 Google’s innovation in data Dataflow Spanner NoSQL Spanner Cloud ML Dataproc BigQuery Dataflow GCS Bigtable GCS Datastore Pub/Sub Dataflow 2002 2004 2006 2008 2010 2012 2013 2016 Proprietary + Confidential6 Now available on Google Cloud Platform Compute Storage & Databases App Engine Container Compute Storage Bigtable Spanner Cloud SQL Datastore Engine Engine Big Data Machine Learning BigQuery Pub/Sub Dataflow Dataproc Datalab Vision API Machine Speech API Translate API Learning Lesson of the last 10 years... ● Democratise ML ● Big datasets beat fancy algorithms ● Good Models ● Lots of compute Google BigQuery BigQuery is Google's fully managed, petabyte scale, low cost enterprise data warehouse for analytics. BigQuery is serverless. There is no infrastructure to manage and you don't need a database administrator, so you can focus on analyzing data to find meaningful insights using familiar SQL.
    [Show full text]
  • Knihovna Pro Prístup K Federacím Identit
    MASARYKOVA UNIVERZITA F}w¡¢£¤¥¦§¨ AKULTA INFORMATIKY !"#$%&'()+,-./012345<yA| Knihovna pro pˇrístup k federacím identit BAKALÁRSKÁˇ PRÁCE Marcel Poul Brno, 2011 Prohlášení Prohlašuji, že tato bakaláˇrskápráce je mým p ˚uvodnímautorským dílem, které jsem vypracoval samostatnˇe.Všechny zdroje, prameny a literaturu, které jsem pˇrivypracování používal nebo z nich ˇcerpal,v práci ˇrádnˇecituji s uvedením úplného odkazu na pˇríslušnýzdroj. Marcel Poul Vedoucí práce: RNDr. Daniel Kouˇril iii Podˇekování Tímto dˇekujivedoucímu mé bakaláˇrsképráce RNDr. Danielu Kouˇriloviza cenné rady a ˇcas,který mi vˇenovalpˇriˇrešenídané problematiky. v Shrnutí Tato práce se vˇenujenávrhu knihovny pro pˇrístupk federacím identit a její implementaci pomocí jakyka C. V práci je pˇredstavenprincip federací iden- tit a popsán návrh a implementace knihovny. vii Klíˇcováslova Federace identit, poskytovatel služeb, poskytovatel identit, SAML, Shibbo- leth ix Obsah 1 Úvod ................................... 3 2 Federace identit ............................. 5 2.1 Struktura federací ......................... 5 2.2 Security Assertion Markup Language (SAML) . 7 2.3 Shibboleth ............................. 7 2.4 Federace eduID.cz ......................... 8 2.5 SWITCHaai ............................ 9 2.6 eduroam .............................. 9 2.7 OpenID ............................... 10 2.8 MojeID ............................... 11 3 Návrh knihovny pro pˇrístupk federacím identit . 13 3.1 Analýza proces ˚upˇripˇrístupuk federacím identit . 13 3.2 Požadavky na ˇrešení
    [Show full text]
  • CIAM Platforms LEADERSHIP COMPASS
    KuppingerCole Report LEADERSHIP COMPASS by John Tolbert December 2018 CIAM Platforms This report provides an overview of the market for Consumer Identity and AcCess Management and provides you with a Compass to help you to find the Consumer Identity and ACCess Management produCt that best meets your needs. We examine the market segment, vendor product and service functionality, relative market share, and innovative approaChes to providing CIAM solutions. by John Tolbert [email protected] December 2018 Leadership Compass CIAM Platforms KuppingerCole Leadership Compass CIAM Platforms By KuppingerCole Report No.: 79059 Content 1 Introduction .................................................................................................................................... 6 1.1 Market Segment ...................................................................................................................... 7 1.2 Delivery models ....................................................................................................................... 9 1.3 Required Capabilities .............................................................................................................. 9 2 Leadership .................................................................................................................................... 12 3 Correlated View ............................................................................................................................ 20 3.1 The Market/Product Matrix .................................................................................................
    [Show full text]
  • Game Taskification for Crowdsourcing
    Game taskification for crowdsourcing A design framework to integrate tasks into digital games. Anna Quecke Master of Science Digital and Interaction design Author Anna Quecke 895915 Academic year 2019-20 Supervisor Ilaria Mariani Table of Contents 1 Moving crowds to achieve valuable social 2.2.2 Target matters. A discussion on user groups innovation through games 11 in game-based crowdsourcing 102 1.1 From participatory culture to citizen science 2.2.3 Understanding players motivation through and game-based crowdsourcing systems 14 Self-Determination Theory 108 1.2 Analyzing the nature of crowdsourcing 17 2.3 Converging players to new activities: research aim 112 1.2.1 The relevance of fun and enjoyment 3 Research methodology 117 in crowdsourcing 20 3.1 Research question and hypothesis 120 1.2.2 The rise of Games with a Purpose 25 3.2 Iterative process 122 1.3 Games as productive systems 32 4 Testing and results 127 1.3.1 Evidence of the positive effects of gamifying a crowdsourcing system 37 4.1 Defining a framework for game 1.4 Design between social innovation taskification for crowdsourcing 131 and game-based crowdsourcing 42 4.1.1 Simperl’s framework for crowdsourcing design 132 1.4.1 Which impact deserves recognition? 4.1.2 MDA, a game design framework 137 Disputes on Game for Impact definition 46 4.1.3 Diegetic connectivity 139 1.4.2 Ethical implications of game-based 4.1.4 Guidelines Review 142 crowdsourcing systems 48 T 4.1.5 The framework 153 1.4.3 For a better collaboration 4.2 Testing through pilots 160 between practice and
    [Show full text]
  • Economic and Social Impacts of Google Cloud September 2018 Economic and Social Impacts of Google Cloud |
    Economic and social impacts of Google Cloud September 2018 Economic and social impacts of Google Cloud | Contents Executive Summary 03 Introduction 10 Productivity impacts 15 Social and other impacts 29 Barriers to Cloud adoption and use 38 Policy actions to support Cloud adoption 42 Appendix 1. Country Sections 48 Appendix 2. Methodology 105 This final report (the “Final Report”) has been prepared by Deloitte Financial Advisory, S.L.U. (“Deloitte”) for Google in accordance with the contract with them dated 23rd February 2018 (“the Contract”) and on the basis of the scope and limitations set out below. The Final Report has been prepared solely for the purposes of assessment of the economic and social impacts of Google Cloud as set out in the Contract. It should not be used for any other purposes or in any other context, and Deloitte accepts no responsibility for its use in either regard. The Final Report is provided exclusively for Google’s use under the terms of the Contract. No party other than Google is entitled to rely on the Final Report for any purpose whatsoever and Deloitte accepts no responsibility or liability or duty of care to any party other than Google in respect of the Final Report and any of its contents. As set out in the Contract, the scope of our work has been limited by the time, information and explanations made available to us. The information contained in the Final Report has been obtained from Google and third party sources that are clearly referenced in the appropriate sections of the Final Report.
    [Show full text]
  • The Horizon Report
    T H E H O R I Z O N R E P O R T 2 0 0 8 E D I T I O N a collaboration between The NEW MEDIA CONSORTIUM and the EDUCAUSE Learning Initiative An EDUCAUSE Program The 2008 Horizon Report is a collaboration between The NEW MEDIA CONSORTIUM and the EDUCAUSE Learning Initiative An EDUCAUSE Program © 2008, The New Media Consortium. Permission is granted under a Creative Commons Attribution-NonCommercial-NoDerivs license to replicate and distribute this report freely for noncommercial purposes provided that it is distributed only in its entirety. To view a copy of this license, visit creativecommons.org/licenses/by-nc-nd/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. ISBN 0-9765087-6-1 TA B L E O F C O N T E N T S Executive Summary ....................................................................................................................................... 3 O Key Emerging Technologies O Critical Challenges O Signi!cant Trends O After Five Years: The Metatrends O About the Horizon Project Time-to-Adoption: One Year or Less Grassroots Video ..................................................................................................................................... 10 O Overview O Relevance for Teaching, Learning, and Creative Expression O Examples O For Further Reading Collaboration Webs ................................................................................................................................. 13 O Overview O Relevance for Teaching, Learning, and Creative
    [Show full text]
  • IHE IT Infrastructure Technical Framework White Paper 2006-2007 Cross-Enterprise User Authentication (XUA)
    ACC, HIMSS and RSNA Integrating the Healthcare Enterprise 5 IHE IT Infrastructure Technical Framework White Paper 2006-2007 For Public Comment 10 Cross-Enterprise User Authentication (XUA) 15 IHE ITI Technical Committee Editor: John F. Moehrke 20 Version 2.0 2006-08-15 IHE ITI White Paper Cross-Enterprise User Authentication ______________________________________________________________________________ 25 Contents 1 Introduction............................................................................................................................ 4 2 Background............................................................................................................................ 5 2.1 Identity Enabled Services ................................................................................................ 5 2.2 SAML Assertion.............................................................................................................. 6 30 3 Healthcare Use cases ............................................................................................................. 7 3.1 Assumptions .................................................................................................................... 7 3.2 Use Case Categories......................................................................................................... 8 3.2.1 User Authentication (0a/b/c)............................................................................................................................... 8 3.2.2 HL7 Export/Import (1a)......................................................................................................................................
    [Show full text]
  • Eidas-Node and SAML
    eIDAS-Node and SAML Version 1.0 eIDAS-Node and SAML Version 1.0 Document history Version Date Modification reason Modified by 1.0 06/10/2017 Origination DIGIT Disclaimer This document is for informational purposes only and the Commission cannot be held responsible for any use which may be made of the information contained therein. References to legal acts or documentation of the European Union (EU) cannot be perceived as amending legislation in force or other EU documentation. The document contains a brief overview of technical nature and is not supplementing or amending terms and conditions of any procurement procedure; therefore, no compensation claim can be based on the contents of the present document. Copyright European Commission — DIGIT Page 2 of 59 eIDAS-Node and SAML Version 1.0 Table of contents DOCUMENT HISTORY ...................................................................................... 2 TABLE OF CONTENTS ...................................................................................... 3 LIST OF FIGURES ........................................................................................... 5 LIST OF TABLES ............................................................................................. 6 1. INTRODUCTION ....................................................................................... 7 1.1. Document aims ............................................................................... 7 1.2. Document structure ......................................................................... 7 1.3.
    [Show full text]
  • Google Cloud Dataflow – an Insight
    International Journal of Science and Research (IJSR) ISSN (Online): 2319-7064 Index Copernicus Value (2015): 78.96 | Impact Factor (2015): 6.391 Google Cloud Dataflow – An Insight Eashani Deorukhkar1 Department of Information Technology, RamraoAdik Institute of Technology, Mumbai, India Abstract: The massive explosion of data and the need for its processing has become an area of interest with many companies vying to occupy a significant share of this market. The processing of streaming data i.e. data generated by multiple sources simultaneously and continuously is an ability that some widely used data processing technologies lack. This paper discusses the “Cloud Data Flow” technology offered by Google as a possible solution to this problem and also a few of its overall pros and cons. Keywords: Data processing, streaming data, Google, Cloud Dataflow 1. Introduction To examine a real-time stream of events for significant [2] patterns and activities The processing of large datasets to generate new insights and To implement advanced, multi-step processing pipelines to relationships from it is quite a common activity in numerous extract deep insight from datasets of any size[2] companies today. However, this process is quite difficult and resource intensive even for experts[1]. Traditionally, this 3. Technical aspects processing has been performed on static datasets wherein the information is stored for a while before being processed. 3.1 Overview This method was not scalable when it came to processing of data streams. The huge amounts of data being generated by This model is specifically intended to make data processing streams like real-time data from sensors or from social on a large scale easier.
    [Show full text]
  • Implementation Experiences on IHE XUA and BPPC1 December 5, 2006
    Implementation Experiences On IHE XUA and BPPC1 December 5, 2006 Tuncay Namlı and Asuman Dogac Software Research and Development Center Middle East Technical University Ankara, Turkey The most up-to-date version of this document is available from http://www.srdc.metu.edu.tr/publications 1 This work is supported in part by the European Commission, eHealth Unit (http://ec.europa.eu/information_society/activities/health/index_en.htm) through the 027074 Saphire Project (http://www.srdc.metu.edu.tr/webpage/projects/saphire/) and by the Scientific and Technical Research Council of Turkey (TUBITAK) through the Project No. EEEAG 105E133. LIST OF FIGURES.......................................................................................................................................2 LIST OF ACRONYMS.................................................................................................................................3 1 OVERVIEW.........................................................................................................................................3 2 EXECUTIVE SUMMARY .................................................................................................................4 3 THE IMPLEMENTATION SCENARIO..........................................................................................5 4 TRUST MODEL..................................................................................................................................7 4.1 TRUST MODEL IN AN AFFINITY DOMAIN.......................................................................................7
    [Show full text]
  • Ebxml Registry Services and Protocols Version
    1 2 ebXML Registry Services and Protocols 3 Version 3.0 4 Committee Draft Specification 02, 15 March, 2005 5 Document identifier: 6 regrep-rs-3.0-cd-02 7 Location: 8 http://www.oasis-open.org/committees/regrep/documents/3.0/specs/regrep-rs-3.0-cd-02.pdf 9 Editors: Name Affiliation Sally Fuger Individual Farrukh Najmi Sun Microsystems Nikola Stojanovic RosettaNet 10 11 Contributors: Name Affiliation Diego Ballve Individual Ivan Bedini France Telecom Kathryn Breininger The Boeing Company Joseph Chiusano Booz Allen Hamilton Peter Kacandes Adobe Systems Paul Macias LMI Government Consulting Carl Mattocks CHECKMi Matthew MacKenzie Adobe Systems Monica Martin Sun Microsystems Richard Martell Galdos Systems Inc Duane Nickull Adobe Systems Goran Zugic ebXMLsoft Inc. 12 13 Abstract: 14 This document defines the services and protocols for an ebXML Registry 15 A separate document, ebXML Registry: Information Model [ebRIM], defines the types of metadata 16 and content that can be stored in an ebXML Registry. 17 Status: 18 This document is an OASIS ebXML Registry Technical Committee Approved Draft Specification. 19 Committee members should send comments on this specification to the [email protected] 20 open.org list. Others should subscribe to and send comments to the [email protected] 21 open.org list. To subscribe, send an email message to [email protected] 22 open.org with the word "subscribe" as the body of the message. 23 For information on whether any patents have been disclosed that may be essential to 24 implementing this specification, and any offers of patent licensing terms, please refer to the 25 Intellectual Property Rights section of the OASIS ebXML Registry TC web page (http://www.oasis- 26 open.org/committees/regrep/).
    [Show full text]