Presentation is loading. Please wait.

Presentation is loading. Please wait.

In Vivo Imaging Middleware — Phase 6 Ashish Sharma, Tony Pan, Y. Nadir Saghar.

Published byJewel Norman Modified over 7 years ago

Similar presentations

Presentation on theme: "In Vivo Imaging Middleware — Phase 6 Ashish Sharma, Tony Pan, Y. Nadir Saghar."— Presentation transcript:

1 In Vivo Imaging Middleware — Phase 6 Ashish Sharma, Tony Pan, Y. Nadir Saghar

2 Scope  Operation and Maintenance  caGrid 1.4 compatibility  AIME 4.0  Security  Secure Token Service 1.0  Data Authorization Support  https://tracker.nci.nih.gov/browse/IVIM

3 caGrid 1.4 support  PACSDataService  VirtualPACS  AIME  Integrated with STS

4 Security Encryption Authentication Method Level Authorization Secure Token Service WS-Security * & WS-Trust * compliant

5 WS-Security  The client embeds it’s credential in the request  The service validates the credential  The service processes the request if the credentials are valid Problems:  Client and Service must agree to common authentication mechanism (implicit trust)  Federation is hard Client 1. Request + credentials 2. Response Web Service

6 WS-Trust Security Token Service Client Identity Provider 1. Request Token 2. Auth using user/pas s 3. Token 4. Token + request 5. Validate Token 6. response Service Provider

7 STS backed by caGrid security Infrastructure Security Token Service Frontend / Client App Service Provider(Web Service) Dorian Permissions/G roup Membership 1. Request Token 2. Auth using user/pass 3. Get permission s bound with the subject 4. Credential + permissions = Token 5. Token + request 6. Validate Token

8 caGrid clients/services integration Security Token Service Cagrid Client Cagrid service Dorian 1. Request Token 2. Auth using user/pas s 4. Token = Proxy Cert 5. Grid Credentials ( Proxy Certificate ) 3. Proxy Certifica te

9 Notes  The token contains user credentials and group membership/permissions information.  The user credential present in the token can be used to interact with grid services.  The token itself is independent of caGrid infrastructure and can be used in other applications.  The REST API for the STS provides a simple yet powerful way of interacting with it.  The transactions are based on WS-Trust and WS-Security. The token format is also a standard one : SAML2.  The interactions between the entities involved are IHE’s XUA ( Cross Application User Assertion ) profile compliant.

10 Generic Use case Security Token Service Frontend / Client App Identity Provider Dorian LDAP OpenID Custom 1. Request Token 2a. Auth using user/pass 3. Token 4. Token + request 5. Validate Token 6. response Service Provider Service Providers Permissions/G roup Membership 2b. Get permissions bound with the subject

11 Authorization  XACML Support

Download ppt "In Vivo Imaging Middleware — Phase 6 Ashish Sharma, Tony Pan, Y. Nadir Saghar."

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
PASSPrivacy, Security and Access Services Don Jorgenson Introduction to Security and Privacy Educational Session HL7 WG Meeting- Sept. 2012.

PASSPrivacy, Security and Access Services Don Jorgenson Introduction to Security and Privacy Educational Session HL7 WG Meeting- Sept
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
CS 5511 Introduction to WS Authorization Brian P. Barrett.

CS 5511 Introduction to WS Authorization Brian P. Barrett.
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number 09-017 Norman F. Brickman, Roger.

© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number Norman F. Brickman, Roger.
An Introduction to Information Card Barry Dorrans Charteris plc

An Introduction to Information Card Barry Dorrans Charteris plc
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.

Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston.

Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston.
18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are.

18 th TF-EMC2. WebEx, June 2011 Diego R. Lopez, RedIRIS On the Many Ways to Identity Exchange (Again) Digital identities are more valuable as they are.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
Distributed Web Security for Science Gateways Jim Basney In collaboration with: Rion Dooley Jeff Gaynor

Distributed Web Security for Science Gateways Jim Basney In collaboration with: Rion Dooley Jeff Gaynor
Survey of Identity Repository Security Models JSR 351, Sep 2012.

Survey of Identity Repository Security Models JSR 351, Sep 2012.
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!

1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
Enterprise Identity Steve Plank – Microsoft Ivor Bright – Charteris Dave Nesbitt – Oxford Computer Group.

Enterprise Identity Steve Plank – Microsoft Ivor Bright – Charteris Dave Nesbitt – Oxford Computer Group.

Similar presentations

Ads by Google