Date post: | 29-Dec-2015 |
Category: |
Documents |
Upload: | margaretmargaret-anthony |
View: | 214 times |
Download: | 0 times |
Presented to: TIM Participants
By: Dominic (Bud) Timoteo
Date: May 4, 2011
Federal AviationAdministration
SWIM Laboratory Update
Demonstrations and Prototypes TIM 7
2Federal AviationAdministration
SWIM Laboratory UpdateDemonstrations and Prototypes TIM 7 - May 4, 2011
SIF(SWIM Integration
Facility)
SPF(SWIM Prototype
Facility)
SWIM Laboratory
• Consists of 2 facilities:
3Federal AviationAdministration
SWIM Laboratory UpdateDemonstrations and Prototypes TIM 7 - May 4, 2011
SWIM Integration Facility
• SWIM COTS Products Repository• SWIM COTS & FOSS Working Group• NAS Services Registry Repository (NSRR)• Other:
– SWIM Wiki– Security & Vulnerability Analysis of SWIM Products– Support Segment 2 User prototypes
SIF(SWIM Integration
Facility)
SPF(SWIM Prototype
Facility)
4Federal AviationAdministration
SWIM Laboratory UpdateDemonstrations and Prototypes TIM 7 - May 4, 2011
Product Inventory – FunctionalSWIM Products Open Source Software Proprietary Software
WS Stack Fuse Services Framework* Artix ESB
SC Enterprise Integration Patterns (EIP) Fuse Mediation Router*Fuse ESB*
Message Oriented Middleware (MOM) Fuse Message Broker*
Enterprise Service Bus (ESB) Fuse ESB*
System Management Subsystem (SMS) Fuse HQ*,Artix Enterprise Management Plug-in
Information Grid Data eXtend Semantic Integrator (DXSI)
COTS Product Repository Nexus
OSGI runtime endpoint management ARTIX Reg/Rep (Depot)
Registry/Repository HP-soa-systinet-eclipse-plugin
HP-soa-systinet-visual-studio-plugin
HP SOA SystinetHP SOA Registry
Security Artix Connect for WCF,Artix Security
Development Tools/Environment Eclipse, Ant, Maven Fuse Integration Designer
SOA Test Tools soapUI,Actional Diagnostics
iTKO Lisa*,
Actional Team Server*
• Available from COTS Repository (https://swimrepo.faa.gov)• Available on SWIM ftp (ftp://swimftp.tc.faa.gov)
* Products being used by SIPs
5Federal AviationAdministration
SWIM Laboratory UpdateDemonstrations and Prototypes TIM 7 - May 4, 2011
SWIM COTS & FOSS Working Group• WG is the vehicle to:
– Select Fuse product versions that SWIM supports
– Facilitate Fuse issue info exchange & resolution
– Decide need for Fuse improvements– Disseminate product info and track SIP use
of SWIM products• Facilitate monthly meetings• Generate and Maintain:
– SWIM FUSE Issue Tracker (weekly updates to SWIM wiki)
– SWIM COTS Products Status Report (monthly)
– COTS Products Management Plan (annually)
System Wide Information Management (SWIM)
Commercial Off The Shelf and Open Source Products Status Report
April 27, 2011
6Federal AviationAdministration
SWIM Laboratory UpdateDemonstrations and Prototypes TIM 7 - May 4, 2011
7Federal AviationAdministration
SWIM Laboratory UpdateDemonstrations and Prototypes TIM 7 - May 4, 2011
NAS Services Registry Repository
• Administer & Maintain HP SOA Systinet Application
• Support users• User documentation
– Publishers Guide– Consumers Guide– Administrators Guide
• Work with SWIM Governance to assure NSRR compliant with SWIM policies
8Federal AviationAdministration
SWIM Laboratory UpdateDemonstrations and Prototypes TIM 7 - May 4, 2011
NSRR
The NAS Services Registry Repository provides a wide range of functionality
9Federal AviationAdministration
SWIM Laboratory UpdateDemonstrations and Prototypes TIM 7 - May 4, 2011
SWIM Service Lifecycle Management
The SWIM Registry/Repository accommodates a custom lifecycle management process
Proposed Definition Development Verification Production Deprecated Retiredap
prov
al
promotion
appr
oval
appr
oval
appr
oval
appr
oval
appr
oval
promotion promotion promotion promotion promotion
appr
oval
Working
Complete(Approved)
10Federal AviationAdministration
SWIM Laboratory UpdateDemonstrations and Prototypes TIM 7 - May 4, 2011
SWIM Registry Service CreationBusinessService
PropertiesData Model Attributes
TaxonomiesClassifications
ContactsOrganization Unit, Person
DocumentsWSDD, IRD
ImplementationWSDL
Depends OnBusiness Service, Business Process, Application, BPEL Process
Consists OfBusiness Service
RegistriesUDDI Containers
Service Level ObjectivesService Level Agreement
The SWIM Registry/Repository business service consists of many artifacts
11Federal AviationAdministration
SWIM Laboratory UpdateDemonstrations and Prototypes TIM 7 - May 4, 2011
11
Other Implementation Tasks• Administer & Maintain SWIM Wiki
• Security & Vulnerability Analysis of SWIM Products using Veracode – initial trial scan of Fuse Message Broker executable
• Work with SWIM Test & COTSWG & AWG to add SIP-related tests to FUSE verification activity
• Support Segment 2 User prototypes (AIM Common Status and Structure Data Program)
• Provide facility for SWIM Test
12Federal AviationAdministration
SWIM Laboratory UpdateDemonstrations and Prototypes TIM 7 - May 4, 2011
SWIM Prototype Facility
13Federal AviationAdministration
SWIM Laboratory UpdateDemonstrations and Prototypes TIM 7 - May 4, 2011
SWIM Security Reference Implementation (SSRI)
• Demonstrate securing Web Services at multiple levels– Transport (securing communication)– Endpoint (securing access to service)– Message (provide integrity, non-repudiation, etc. )– Business Logic (ex: restricted access to service operation)– Data (securing data, meta-data)
• Demonstrate integration with enterprise level components and appropriate technologies– Authentication & Authorization (LDAP, X.509 certificates,
SAML)– Key management (PKI, X.509 certificates)– Java Authentication & Authorization Service (JAAS)– Spring Security
• Provide secure Web Service example (code, configurations), client, and example components
14Federal AviationAdministration
SWIM Laboratory UpdateDemonstrations and Prototypes TIM 7 - May 4, 2011
oAuth Prototype• Single Sign On / UI
– Evaluate use of OAuth 2.0 for common login infrastructure (contrast with SAML, etc) for applications that reside within the NAS
• Messaging– Evaluate use of ‘two-legged’ OAuth for message level security
(REST only)– Evaluate interplay with WS-Security, ‘boundary-crossings’
• Common (SSO + Messaging)– Develop/adopt standard format for user attribute exchange
(e.g., openid connect) – Evaluate OAuth-based representation of NAS internal attribute
authority
15Federal AviationAdministration
SWIM Laboratory UpdateDemonstrations and Prototypes TIM 7 - May 4, 2011
Recent Work• Segment 2 Prototypes
– SWIM Security Reference Implementation• Updated to include FUSE ESB 4.2• Implemented Binary Security Token (BST) security profile• Implemented Username Token security profile• Implemented Transport Layer Security (TLS)• Updated Build Guide documentation
– oAuth Prototypes• Completed Sprint 1 and 2• Design/Develop screens to set up target applications• Design/Develop user registration screens
16Federal AviationAdministration
SWIM Laboratory UpdateDemonstrations and Prototypes TIM 7 - May 4, 2011
Messaging Prototype
• Pub/Sub & Send/Receive Semantics• Reliable Messaging• Enterprise Routing
– Content-based Routing
• Message Mediation• Message Transport• Message Security
– Service and Destination Authorization– Message-Level Integrity and Confidentiality
17Federal AviationAdministration
SWIM Laboratory UpdateDemonstrations and Prototypes TIM 7 - May 4, 2011
Recent Work
• Messaging Prototype– Prototype Plan– Implement JMS broker network– Implement SAN-based clustering and persistence– Implement simulated SIP clients– Document broker cluster and network configuration
18Federal AviationAdministration
SWIM Laboratory UpdateDemonstrations and Prototypes TIM 7 - May 4, 2011
Recent Work
• IKM – XML Gateway Requirements – XML Gateway
• Mutual TLS configuration for incoming connections using self-signed certificates
• Authentication of incoming messages via Username Token• Authentication of incoming messages via Binary Security
Token• Authentication of incoming messages via SAML
Authentication• Insertion of SAML AuthN Assertions into outgoing
messages – Developed draft IKM Requirements– Developed rough draft of IKM CONOPs
19Federal AviationAdministration
SWIM Laboratory UpdateDemonstrations and Prototypes TIM 7 - May 4, 2011
Conformance Test Kit – (CTK)• Measure and report on conformance against:
– The four security profiles defined in SWIM WS-Security Specification
– WS-I Basic Security Profile
• Measure conformance across a set of test scenarios
• Support stateful evaluation of messages– Recognize replay scenarios– Evaluate the response in the context of the request
• Allow the CTK to participate both actively and passively – As a web-service proxy– As a web service provider – As a web service client – As a web service intermediary
20Federal AviationAdministration
SWIM Laboratory UpdateDemonstrations and Prototypes TIM 7 - May 4, 2011
Future - Security Prototype for Segment 2
• Prototype combination of:– DNS – Seg 1+– NTP – Seg 1+– IKM – Seg 2, phase 1– SWIM Enterprise Messaging System (a.k.a. DEX) –
Seg 2, phase 1
• In planning stages– Drafted plan– Setting up lab connectivity with FTI