SlideShare une entreprise Scribd logo

The Lanka Gate Initiative

Prabath Siriwardena
Prabath Siriwardena
Voyages
1  sur  33
Télécharger pour lire hors ligne
The LANKA GATE Initiative Security Aspects
Contents • Trends in user centric identities • Lanka Gate Architecture • Sri Lanka Country Portal • Identity as a Service • Securing Sri Lanka Country Portal • Securing Backend Services • Other security aspects • Thoughts, Suggestions & Discussion
Trends in user centric identities • User in the middle of the identity transaction • Governed by Seven Laws of Identity • OpenID/Information Cards
Trends in user centric identities - OpenID • Decentralized Single Sign On + • Single profile across different domains + • Easy profile maintenance + • Authenticates once at the OpenID Provider + • Phishing ??? • Different user experience • Requires HTTPS + user education
Trends in user centric identities – Information Cards • Phishing resistant authentication+ • Based on WS-* standards + • Highly cryptographic solution+ • Authenticates only at the Identity Provider + • Single user profile • Different user experience
Trends in user centric identities It’s NOT OpenID vs. Information Cards, but – OpenID with Information Cards
Contents • Trends in user centric identities • Lanka Gate Architecture • Sri Lanka Country Portal • Identity as a Service • Securing Sri Lanka Country Portal • Securing Backend Services • Other security aspects • Thoughts, Suggestions & Discussion
Lanka Gate Architecture
Contents • Trends in user centric identities • Lanka Gate Architecture • Sri Lanka Country Portal • Identity as a Service • Securing Sri Lanka Country Portal • Securing Backend Services • Other security aspects • Thoughts, Suggestions & Discussion
Sri Lanka Country Portal • Provides access to backend services through portlets [a single eService, several eServices from a specific project or transactional / mashup combination of eServices across several projects] • Users log in to the country portal and authorized functionality will be available. • How authentication takes place ??? • How authorization takes place ???
Contents • Trends in user centric identities • Lanka Gate Architecture • Sri Lanka Country Portal • Identity as a Service • Securing Sri Lanka Country Portal • Securing Backend Services • Other security aspects • Thoughts, Suggestions & Discussion
Identity as a Service • Integrates identity services into application development • Decouples identity related logic from individual application business logic • User, identity related data externalized from the applications themselves • Breaks identity silos
Identity as a Service Identity Management Service User Store
Contents • Trends in user centric identities • Lanka Gate Architecture • Securing Sri Lanka Country Portal • Identity as a Service • Securing Sri Lanka Country Portal • Securing Backend Services • Other security aspects • Thoughts, Suggestions & Discussion
Securing Sri Lanka Country Portal - Authentication Identity Provider [WSO2 Identity Solution] Identity Management IdMRealm Service Country Portal User Store
Securing Sri Lanka Country Portal - Authentication Identity Provider WS- [WSO2 Identity Security Solution] Identity HTTPS Management IdMRealm Service HTTPS Country Portal User Store HTTPS White/black listing OPs
Securing Sri Lanka Country Portal - Authentication Username/password Identity Provider Self-issued InfoCard [WSO2 Identity Solution] Client certificate
Securing Sri Lanka Country Portal - Authorization Country Portal Driving License Management Portlet Passport management Portlet EPF/ETF Management Portlet
Securing Sri Lanka Country Portal - Authorization Country Portal Driving License Management Passport management Portlet Portlet Request Driving License Request Passport Track Status Track Status EPF/ETF Management Portlet View EPF/ETF Claim EPF/ETF
Securing Sri Lanka Country Portal - Authorization Country Portal Driving License Management Passport management Portlet Portlet Request Driving License Issue Passport Track Status Reject Passport Requests EPF/ETF Management Portlet List Pending Requests View EPF/ETF Claim EPF/ETF
Securing Sri Lanka Country Portal - Authorization Country Portal Driving License Management Passport management Portlet Portlet Issue Driving License Request Passport List Pending Requests Track Status EPF/ETF Management Portlet View EPF/ETF Claim EPF/ETF
Securing Sri Lanka Country Portal - Authorization Country Portal Driving License Management Passport management Portlet Portlet Request Driving License Request Passport Track Status Track Status EPF/ETF Management Portlet List Pending Claims
Securing Sri Lanka Country Portal - Authorization • Authorization logic should be handled by the corresponding service(s) – behind the portlet. [or may be by the LIX] Driving License Management Service Passport Management Service getPortlet(user) getPortlet(user) EPF/ETF Management Service getPortlet(user)
Securing Sri Lanka Country Portal – Summary • User store will be managed centrally through Identity Management Service • Country Portal will use OpenIDs for authentication with a white-listed OpenID Provider • Once a user authenticated, his authorized functionality will be decided by evaluating authorization logic at the corresponding backend service.
Securing Sri Lanka Country Portal – Handling Authorization • Each backend service needs to evaluate user rights. • Application specific authorization handling/ standard based authorization handling. • Standard based authorization with XACML
Securing Sri Lanka Country Portal – Authorization with XACML • Defining policies • “Passport service administrators can list all the pending passport requests” Policy Administration Point/PAP Define [WSO2 Identity Solution] Policy Store [WSO2 Registry]
Securing Sri Lanka Country Portal – Authorization with XACML WS- Security • Evaluating policies Identity Policy Information Management Point/PIP Service [WSO2 Identity Solution] Policy Decision Policy Retrieval Point/PDP Point/PRP Request [WSO2 Identity [WSO2 Identity Solution] Solution] Policy Store [WSO2 Registry]
Contents • Trends in user centric identities • Lanka Gate Architecture • Securing Sri Lanka Country Portal • Identity as a Service • Securing Sri Lanka Country Portal • Securing Backend Services • Other security aspects • Thoughts, Suggestions & Discussion
Securing Backend Services Lanka Interoperability Exchange WS- WS- WS- Security Security Security EPF/ETF Passport Driving License Management Management Management Service Service Service
Contents • Trends in user centric identities • Lanka Gate Architecture • Securing Sri Lanka Country Portal • Identity as a Service • Securing Sri Lanka Country Portal • Securing Backend Services • Other security aspects • Thoughts, Suggestions & Discussion
Other security aspects • Auditing – Every authentication and authorization decision has to generate an audit event – Identity Management Service / PDP – Secure logging – audit trails should preserve integrity – XDAS - OpenXDAS
Contents • Trends in user centric identities • Lanka Gate Architecture • Securing Sri Lanka Country Portal • Identity as a Service • Securing Sri Lanka Country Portal • Securing Backend Services • Other security aspects • Thoughts, Suggestions & Discussion
Thoughts, Suggestions & Discussion….. - Thank You…!

Recommandé

Securing Microservices in Hybrid Cloud
Securing Microservices in Hybrid CloudSecuring Microservices in Hybrid Cloud
Securing Microservices in Hybrid CloudVMware Tanzu
 
xyzmo Company Overview
xyzmo Company Overviewxyzmo Company Overview
xyzmo Company OverviewNamirial GmbH
 
IETF meeting - SIP OAuth use cases
IETF meeting - SIP OAuth use casesIETF meeting - SIP OAuth use cases
IETF meeting - SIP OAuth use casesVictor Pascual Ávila
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 
ISOC Sri Lanka Way Forward
ISOC Sri Lanka Way ForwardISOC Sri Lanka Way Forward
ISOC Sri Lanka Way ForwardAPNIC
 
The Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsThe Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsScalar Decisions
 
Computer Network Security
Computer Network SecurityComputer Network Security
Computer Network SecuritySachithra Gayan
 
IGF Sri Lanka
IGF Sri LankaIGF Sri Lanka
IGF Sri LankaAPNIC
 

Recommandé

Securing Microservices in Hybrid Cloud
Securing Microservices in Hybrid CloudSecuring Microservices in Hybrid Cloud
Securing Microservices in Hybrid CloudVMware Tanzu
 
xyzmo Company Overview
xyzmo Company Overviewxyzmo Company Overview
xyzmo Company OverviewNamirial GmbH
 
IETF meeting - SIP OAuth use cases
IETF meeting - SIP OAuth use casesIETF meeting - SIP OAuth use cases
IETF meeting - SIP OAuth use casesVictor Pascual Ávila
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 
ISOC Sri Lanka Way Forward
ISOC Sri Lanka Way ForwardISOC Sri Lanka Way Forward
ISOC Sri Lanka Way ForwardAPNIC
 
The Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsThe Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsScalar Decisions
 
Computer Network Security
Computer Network SecurityComputer Network Security
Computer Network SecuritySachithra Gayan
 
IGF Sri Lanka
IGF Sri LankaIGF Sri Lanka
IGF Sri LankaAPNIC
 
HRM RELATED USE OF ICT IN JUDICIARY
HRM RELATED USE OF ICT IN JUDICIARYHRM RELATED USE OF ICT IN JUDICIARY
HRM RELATED USE OF ICT IN JUDICIARYTalwant Singh
 
ION Sri Lanka - DANE: The Future of TLS
ION Sri Lanka - DANE: The Future of TLSION Sri Lanka - DANE: The Future of TLS
ION Sri Lanka - DANE: The Future of TLSDeploy360 Programme (Internet Society)
 
Introduction to ICTA - Org Study Presentation
Introduction to ICTA - Org Study Presentation Introduction to ICTA - Org Study Presentation
Introduction to ICTA - Org Study Presentation Jackseen Jeyaluck
 
[Challenge:Future] Rallying Youth Against Cyber Crime
[Challenge:Future] Rallying Youth Against Cyber Crime[Challenge:Future] Rallying Youth Against Cyber Crime
[Challenge:Future] Rallying Youth Against Cyber CrimeChallenge:Future
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
 
Intellectual Property in Sri Lanka
Intellectual Property in Sri LankaIntellectual Property in Sri Lanka
Intellectual Property in Sri LankaSLINTEC
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risksParakum Pathirana
 
Sri Lankan Context for Electronic Commerce
Sri Lankan Context for Electronic CommerceSri Lankan Context for Electronic Commerce
Sri Lankan Context for Electronic CommerceUpekha Vandebona
 
Intellectual Property, Sri Lanka and Copyrights
Intellectual Property, Sri Lanka and CopyrightsIntellectual Property, Sri Lanka and Copyrights
Intellectual Property, Sri Lanka and CopyrightsUpekha Vandebona
 
Ict act in sri lanka
Ict act in sri lankaIct act in sri lanka
Ict act in sri lankaThilini munasinghe
 
2016 Scalar Security Study Roadshow
2016 Scalar Security Study Roadshow2016 Scalar Security Study Roadshow
2016 Scalar Security Study RoadshowScalar Decisions
 
SRI LANKA, CHINA MARITIME INFRASTRUCTURE
SRI LANKA, CHINA MARITIME INFRASTRUCTURESRI LANKA, CHINA MARITIME INFRASTRUCTURE
SRI LANKA, CHINA MARITIME INFRASTRUCTUREHansani Sampath
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernandosegughana
 
Social security on employment in sri lanka
Social security on employment in sri lankaSocial security on employment in sri lanka
Social security on employment in sri lankaArjun Ariaratnam
 
Cyber security , an Analysis of State Security in Sri Lanka
Cyber security , an Analysis of State Security in Sri LankaCyber security , an Analysis of State Security in Sri Lanka
Cyber security , an Analysis of State Security in Sri LankaEvan Pathiratne
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 
Cyber security
Cyber securityCyber security
Cyber securitySiblu28
 
eSmartLock CER 2005 show Brussels
eSmartLock CER 2005 show BrusselseSmartLock CER 2005 show Brussels
eSmartLock CER 2005 show BrusselsYiannis Hatzopoulos
 
RPKI Certification Tutorial
RPKI Certification TutorialRPKI Certification Tutorial
RPKI Certification TutorialRIPE NCC
 
Oracle Blockchain Platform
Oracle Blockchain PlatformOracle Blockchain Platform
Oracle Blockchain PlatformJuarez Junior
 
FIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Iftikhar Ali Iqbal
 

Contenu connexe

En vedette

HRM RELATED USE OF ICT IN JUDICIARY
HRM RELATED USE OF ICT IN JUDICIARYHRM RELATED USE OF ICT IN JUDICIARY
HRM RELATED USE OF ICT IN JUDICIARYTalwant Singh
 
Introduction to ICTA - Org Study Presentation
Introduction to ICTA - Org Study Presentation Introduction to ICTA - Org Study Presentation
Introduction to ICTA - Org Study Presentation Jackseen Jeyaluck
 
[Challenge:Future] Rallying Youth Against Cyber Crime
[Challenge:Future] Rallying Youth Against Cyber Crime[Challenge:Future] Rallying Youth Against Cyber Crime
[Challenge:Future] Rallying Youth Against Cyber CrimeChallenge:Future
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
 
Intellectual Property in Sri Lanka
Intellectual Property in Sri LankaIntellectual Property in Sri Lanka
Intellectual Property in Sri LankaSLINTEC
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risksParakum Pathirana
 
Sri Lankan Context for Electronic Commerce
Sri Lankan Context for Electronic CommerceSri Lankan Context for Electronic Commerce
Sri Lankan Context for Electronic CommerceUpekha Vandebona
 
Intellectual Property, Sri Lanka and Copyrights
Intellectual Property, Sri Lanka and CopyrightsIntellectual Property, Sri Lanka and Copyrights
Intellectual Property, Sri Lanka and CopyrightsUpekha Vandebona
 
2016 Scalar Security Study Roadshow
2016 Scalar Security Study Roadshow2016 Scalar Security Study Roadshow
2016 Scalar Security Study RoadshowScalar Decisions
 
SRI LANKA, CHINA MARITIME INFRASTRUCTURE
SRI LANKA, CHINA MARITIME INFRASTRUCTURESRI LANKA, CHINA MARITIME INFRASTRUCTURE
SRI LANKA, CHINA MARITIME INFRASTRUCTUREHansani Sampath
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernandosegughana
 
Social security on employment in sri lanka
Social security on employment in sri lankaSocial security on employment in sri lanka
Social security on employment in sri lankaArjun Ariaratnam
 
Cyber security , an Analysis of State Security in Sri Lanka
Cyber security , an Analysis of State Security in Sri LankaCyber security , an Analysis of State Security in Sri Lanka
Cyber security , an Analysis of State Security in Sri LankaEvan Pathiratne
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 
Cyber security
Cyber securityCyber security
Cyber securitySiblu28
 

En vedette (17)

HRM RELATED USE OF ICT IN JUDICIARY
HRM RELATED USE OF ICT IN JUDICIARYHRM RELATED USE OF ICT IN JUDICIARY
HRM RELATED USE OF ICT IN JUDICIARY
 
ION Sri Lanka - DANE: The Future of TLS
ION Sri Lanka - DANE: The Future of TLSION Sri Lanka - DANE: The Future of TLS
ION Sri Lanka - DANE: The Future of TLS
 
Introduction to ICTA - Org Study Presentation
Introduction to ICTA - Org Study Presentation Introduction to ICTA - Org Study Presentation
Introduction to ICTA - Org Study Presentation
 
[Challenge:Future] Rallying Youth Against Cyber Crime
[Challenge:Future] Rallying Youth Against Cyber Crime[Challenge:Future] Rallying Youth Against Cyber Crime
[Challenge:Future] Rallying Youth Against Cyber Crime
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security Study
 
Intellectual Property in Sri Lanka
Intellectual Property in Sri LankaIntellectual Property in Sri Lanka
Intellectual Property in Sri Lanka
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risks
 
Sri Lankan Context for Electronic Commerce
Sri Lankan Context for Electronic CommerceSri Lankan Context for Electronic Commerce
Sri Lankan Context for Electronic Commerce
 
Intellectual Property, Sri Lanka and Copyrights
Intellectual Property, Sri Lanka and CopyrightsIntellectual Property, Sri Lanka and Copyrights
Intellectual Property, Sri Lanka and Copyrights
 
Ict act in sri lanka
Ict act in sri lankaIct act in sri lanka
Ict act in sri lanka
 
2016 Scalar Security Study Roadshow
2016 Scalar Security Study Roadshow2016 Scalar Security Study Roadshow
2016 Scalar Security Study Roadshow
 
SRI LANKA, CHINA MARITIME INFRASTRUCTURE
SRI LANKA, CHINA MARITIME INFRASTRUCTURESRI LANKA, CHINA MARITIME INFRASTRUCTURE
SRI LANKA, CHINA MARITIME INFRASTRUCTURE
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernando
 
Social security on employment in sri lanka
Social security on employment in sri lankaSocial security on employment in sri lanka
Social security on employment in sri lanka
 
Cyber security , an Analysis of State Security in Sri Lanka
Cyber security , an Analysis of State Security in Sri LankaCyber security , an Analysis of State Security in Sri Lanka
Cyber security , an Analysis of State Security in Sri Lanka
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Cyber security
Cyber securityCyber security
Cyber security
 

Similaire à The Lanka Gate Initiative

eSmartLock CER 2005 show Brussels
eSmartLock CER 2005 show BrusselseSmartLock CER 2005 show Brussels
eSmartLock CER 2005 show BrusselsYiannis Hatzopoulos
 
RPKI Certification Tutorial
RPKI Certification TutorialRPKI Certification Tutorial
RPKI Certification TutorialRIPE NCC
 
Oracle Blockchain Platform
Oracle Blockchain PlatformOracle Blockchain Platform
Oracle Blockchain PlatformJuarez Junior
 
FIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Iftikhar Ali Iqbal
 
SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business Jinhwan Shin
 
The care and feeding of e procurement and einvoice
The care and feeding of e procurement and einvoiceThe care and feeding of e procurement and einvoice
The care and feeding of e procurement and einvoiceUNC Charlotte
 
DevDay: Cerberus A Corda DLT Monitorin and Alerting System, CryptoBLK
DevDay: Cerberus A Corda DLT Monitorin and Alerting System, CryptoBLKDevDay: Cerberus A Corda DLT Monitorin and Alerting System, CryptoBLK
DevDay: Cerberus A Corda DLT Monitorin and Alerting System, CryptoBLKR3
 
Export Compliance Management Seminar 29 & 31 May 2012: Global Trade Managemen...
Export Compliance Management Seminar 29 & 31 May 2012: Global Trade Managemen...Export Compliance Management Seminar 29 & 31 May 2012: Global Trade Managemen...
Export Compliance Management Seminar 29 & 31 May 2012: Global Trade Managemen...EagleCompliance
 
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Digital Transformation EXPO Event Series
 
FIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE
 
Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...FIWARE
 
Bio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaBio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaFIDO Alliance
 
FIDO’s fit for Key Industries in Korea
FIDO’s fit for Key Industries in Korea FIDO’s fit for Key Industries in Korea
FIDO’s fit for Key Industries in KoreaFIDO Alliance
 
HKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itHKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itAPNIC
 
i4Trust IAM Components
i4Trust IAM Componentsi4Trust IAM Components
i4Trust IAM ComponentsFIWARE
 

Similaire à The Lanka Gate Initiative (20)

eSmartLock CER 2005 show Brussels
eSmartLock CER 2005 show BrusselseSmartLock CER 2005 show Brussels
eSmartLock CER 2005 show Brussels
 
RPKI Certification Tutorial
RPKI Certification TutorialRPKI Certification Tutorial
RPKI Certification Tutorial
 
Oracle Blockchain Platform
Oracle Blockchain PlatformOracle Blockchain Platform
Oracle Blockchain Platform
 
FIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access Control
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)
 
SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business
 
Session 1. e-ID_esign
Session 1. e-ID_esignSession 1. e-ID_esign
Session 1. e-ID_esign
 
The care and feeding of e procurement and einvoice
The care and feeding of e procurement and einvoiceThe care and feeding of e procurement and einvoice
The care and feeding of e procurement and einvoice
 
DevDay: Cerberus A Corda DLT Monitorin and Alerting System, CryptoBLK
DevDay: Cerberus A Corda DLT Monitorin and Alerting System, CryptoBLKDevDay: Cerberus A Corda DLT Monitorin and Alerting System, CryptoBLK
DevDay: Cerberus A Corda DLT Monitorin and Alerting System, CryptoBLK
 
Export Compliance Management Seminar 29 & 31 May 2012: Global Trade Managemen...
Export Compliance Management Seminar 29 & 31 May 2012: Global Trade Managemen...Export Compliance Management Seminar 29 & 31 May 2012: Global Trade Managemen...
Export Compliance Management Seminar 29 & 31 May 2012: Global Trade Managemen...
 
An Online secure ePassport Protocol
An Online secure ePassport ProtocolAn Online secure ePassport Protocol
An Online secure ePassport Protocol
 
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
Bringing Enterprise to the Blockchain - Moving from Science Experiment to Pra...
 
FIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access Control
 
Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...
 
Bio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaBio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in Korea
 
S K Sinha
S K SinhaS K Sinha
S K Sinha
 
FIDO’s fit for Key Industries in Korea
FIDO’s fit for Key Industries in Korea FIDO’s fit for Key Industries in Korea
FIDO’s fit for Key Industries in Korea
 
HKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying itHKNOG 7.0: RPKI - it's time to start deploying it
HKNOG 7.0: RPKI - it's time to start deploying it
 
EMV Credit Card Technology in Parking
EMV Credit Card Technology in ParkingEMV Credit Card Technology in Parking
EMV Credit Card Technology in Parking
 
i4Trust IAM Components
i4Trust IAM Componentsi4Trust IAM Components
i4Trust IAM Components
 

Plus de Prabath Siriwardena

Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security LandscapePrabath Siriwardena
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFEPrabath Siriwardena
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security LandscapePrabath Siriwardena
 
Blockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access ManagementBlockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access ManagementPrabath Siriwardena
 
OAuth 2.0 for Web and Native (Mobile) App Developers
OAuth 2.0 for Web and Native (Mobile) App DevelopersOAuth 2.0 for Web and Native (Mobile) App Developers
OAuth 2.0 for Web and Native (Mobile) App DevelopersPrabath Siriwardena
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application DevelopersPrabath Siriwardena
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
Open Standards in Identity Management
Open Standards in Identity ManagementOpen Standards in Identity Management
Open Standards in Identity ManagementPrabath Siriwardena
 
Securing Single-Page Applications with OAuth 2.0
Securing Single-Page Applications with OAuth 2.0Securing Single-Page Applications with OAuth 2.0
Securing Single-Page Applications with OAuth 2.0Prabath Siriwardena
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and PracticesPrabath Siriwardena
 
Best Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemBest Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemPrabath Siriwardena
 
Connected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity BusConnected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity BusPrabath Siriwardena
 
Connected Identity : Benefits, Risks & Challenges
Connected Identity : Benefits, Risks & ChallengesConnected Identity : Benefits, Risks & Challenges
Connected Identity : Benefits, Risks & ChallengesPrabath Siriwardena
 
The Evolution of Internet Identity
The Evolution of Internet IdentityThe Evolution of Internet Identity
The Evolution of Internet IdentityPrabath Siriwardena
 
Next-Gen Apps with IoT and Cloud
Next-Gen Apps with IoT and CloudNext-Gen Apps with IoT and Cloud
Next-Gen Apps with IoT and CloudPrabath Siriwardena
 

Plus de Prabath Siriwardena (20)

Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security Landscape
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFE
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 
Identity is Eating the World!
Identity is Eating the World!Identity is Eating the World!
Identity is Eating the World!
 
Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security Landscape
 
OAuth 2.0 Threat Landscape
OAuth 2.0 Threat LandscapeOAuth 2.0 Threat Landscape
OAuth 2.0 Threat Landscape
 
GDPR for Identity Architects
GDPR for Identity ArchitectsGDPR for Identity Architects
GDPR for Identity Architects
 
Blockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access ManagementBlockchain-based Solutions for Identity & Access Management
Blockchain-based Solutions for Identity & Access Management
 
OAuth 2.0 Threat Landscapes
OAuth 2.0 Threat LandscapesOAuth 2.0 Threat Landscapes
OAuth 2.0 Threat Landscapes
 
OAuth 2.0 for Web and Native (Mobile) App Developers
OAuth 2.0 for Web and Native (Mobile) App DevelopersOAuth 2.0 for Web and Native (Mobile) App Developers
OAuth 2.0 for Web and Native (Mobile) App Developers
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application Developers
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 
Open Standards in Identity Management
Open Standards in Identity ManagementOpen Standards in Identity Management
Open Standards in Identity Management
 
Securing Single-Page Applications with OAuth 2.0
Securing Single-Page Applications with OAuth 2.0Securing Single-Page Applications with OAuth 2.0
Securing Single-Page Applications with OAuth 2.0
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and Practices
 
Best Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemBest Practices in Building an API Security Ecosystem
Best Practices in Building an API Security Ecosystem
 
Connected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity BusConnected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity Bus
 
Connected Identity : Benefits, Risks & Challenges
Connected Identity : Benefits, Risks & ChallengesConnected Identity : Benefits, Risks & Challenges
Connected Identity : Benefits, Risks & Challenges
 
The Evolution of Internet Identity
The Evolution of Internet IdentityThe Evolution of Internet Identity
The Evolution of Internet Identity
 
Next-Gen Apps with IoT and Cloud
Next-Gen Apps with IoT and CloudNext-Gen Apps with IoT and Cloud
Next-Gen Apps with IoT and Cloud
 

Dernier

Are Vatican Museum Tickets and Private Tours Worth It
Are Vatican Museum Tickets and Private Tours Worth ItAre Vatican Museum Tickets and Private Tours Worth It
Are Vatican Museum Tickets and Private Tours Worth Itvaticanguidedtour
 
sample sample sample sample sample sample
sample sample sample sample sample samplesample sample sample sample sample sample
sample sample sample sample sample sampleCasey Keith
 
❤Personal Contact Number Mcleodganj Call Girls 8617697112💦✅.
❤Personal Contact Number Mcleodganj Call Girls 8617697112💦✅.❤Personal Contact Number Mcleodganj Call Girls 8617697112💦✅.
❤Personal Contact Number Mcleodganj Call Girls 8617697112💦✅.Nitya salvi
 
2k Shots ≽ 9205541914 ≼ Call Girls In Uttam Nagar (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Uttam Nagar (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Uttam Nagar (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Uttam Nagar (Delhi)Delhi Call girls
 
Night 7k to 12k Lahaul and Spiti Call Girls 👉👉 8617697112⭐⭐ 100% Genuine Esco...
Night 7k to 12k Lahaul and Spiti Call Girls 👉👉 8617697112⭐⭐ 100% Genuine Esco...Night 7k to 12k Lahaul and Spiti Call Girls 👉👉 8617697112⭐⭐ 100% Genuine Esco...
Night 7k to 12k Lahaul and Spiti Call Girls 👉👉 8617697112⭐⭐ 100% Genuine Esco...Nitya salvi
 
08448380779 Call Girls In Shahdara Women Seeking Men
08448380779 Call Girls In Shahdara Women Seeking Men08448380779 Call Girls In Shahdara Women Seeking Men
08448380779 Call Girls In Shahdara Women Seeking MenDelhi Call girls
 
sample sample sample sample sample sample
sample sample sample sample sample samplesample sample sample sample sample sample
sample sample sample sample sample sampleCasey Keith
 
WhatsApp Chat: 📞 8617697112 Independent Call Girls in Darjeeling
WhatsApp Chat: 📞 8617697112 Independent Call Girls in DarjeelingWhatsApp Chat: 📞 8617697112 Independent Call Girls in Darjeeling
WhatsApp Chat: 📞 8617697112 Independent Call Girls in DarjeelingNitya salvi
 
VIP Vapi Call Girls 📞 8617697112 Vapi Call Girls
VIP Vapi Call Girls 📞 8617697112 Vapi Call GirlsVIP Vapi Call Girls 📞 8617697112 Vapi Call Girls
VIP Vapi Call Girls 📞 8617697112 Vapi Call GirlsNitya salvi
 
Genuine 8250077686 Hot and Beautiful 💕 Chennai Escorts call Girls
Genuine 8250077686 Hot and Beautiful 💕 Chennai Escorts call GirlsGenuine 8250077686 Hot and Beautiful 💕 Chennai Escorts call Girls
Genuine 8250077686 Hot and Beautiful 💕 Chennai Escorts call GirlsDeiva Sain Call Girl
 
Hire 💕 8617697112 Reckong Peo Call Girls Service Call Girls Agency
Hire 💕 8617697112 Reckong Peo Call Girls Service Call Girls AgencyHire 💕 8617697112 Reckong Peo Call Girls Service Call Girls Agency
Hire 💕 8617697112 Reckong Peo Call Girls Service Call Girls AgencyNitya salvi
 
Genesis 1:6 || Meditate the Scripture daily verse by verse
Genesis 1:6 || Meditate the Scripture daily verse by verseGenesis 1:6 || Meditate the Scripture daily verse by verse
Genesis 1:6 || Meditate the Scripture daily verse by versemaricelcanoynuay
 
sample sample sample sample sample sample
sample sample sample sample sample samplesample sample sample sample sample sample
sample sample sample sample sample sampleCasey Keith
 
Hire 💕 8617697112 Chamba Call Girls Service Call Girls Agency
Hire 💕 8617697112 Chamba Call Girls Service Call Girls AgencyHire 💕 8617697112 Chamba Call Girls Service Call Girls Agency
Hire 💕 8617697112 Chamba Call Girls Service Call Girls AgencyNitya salvi
 
Hire 💕 8617697112 Champawat Call Girls Service Call Girls Agency
Hire 💕 8617697112 Champawat Call Girls Service Call Girls AgencyHire 💕 8617697112 Champawat Call Girls Service Call Girls Agency
Hire 💕 8617697112 Champawat Call Girls Service Call Girls AgencyNitya salvi
 
DEHRADUN, uttarakhand, Uttarakhand tourism .pptx
DEHRADUN, uttarakhand, Uttarakhand tourism .pptxDEHRADUN, uttarakhand, Uttarakhand tourism .pptx
DEHRADUN, uttarakhand, Uttarakhand tourism .pptxpalakdigital7
 
Kolkata Call Girls - 📞 8617697112 🔝 Top Class Call Girls Service Available
Kolkata Call Girls - 📞 8617697112 🔝 Top Class Call Girls Service AvailableKolkata Call Girls - 📞 8617697112 🔝 Top Class Call Girls Service Available
Kolkata Call Girls - 📞 8617697112 🔝 Top Class Call Girls Service AvailableNitya salvi
 
WhatsApp Chat: 📞 8617697112 Hire Call Girls Cooch Behar For a Sensual Sex Exp...
WhatsApp Chat: 📞 8617697112 Hire Call Girls Cooch Behar For a Sensual Sex Exp...WhatsApp Chat: 📞 8617697112 Hire Call Girls Cooch Behar For a Sensual Sex Exp...
WhatsApp Chat: 📞 8617697112 Hire Call Girls Cooch Behar For a Sensual Sex Exp...Nitya salvi
 
A tour of African gastronomy - World Tourism Organization
A tour of African gastronomy - World Tourism OrganizationA tour of African gastronomy - World Tourism Organization
A tour of African gastronomy - World Tourism OrganizationJuan Carlos Fonseca Mata
 
Genuine 8250077686 Hot and Beautiful 💕 Amaravati Escorts call Girls
Genuine 8250077686 Hot and Beautiful 💕 Amaravati Escorts call GirlsGenuine 8250077686 Hot and Beautiful 💕 Amaravati Escorts call Girls
Genuine 8250077686 Hot and Beautiful 💕 Amaravati Escorts call GirlsDeiva Sain Call Girl
 

Dernier (20)

Are Vatican Museum Tickets and Private Tours Worth It
Are Vatican Museum Tickets and Private Tours Worth ItAre Vatican Museum Tickets and Private Tours Worth It
Are Vatican Museum Tickets and Private Tours Worth It
 
sample sample sample sample sample sample
sample sample sample sample sample samplesample sample sample sample sample sample
sample sample sample sample sample sample
 
❤Personal Contact Number Mcleodganj Call Girls 8617697112💦✅.
❤Personal Contact Number Mcleodganj Call Girls 8617697112💦✅.❤Personal Contact Number Mcleodganj Call Girls 8617697112💦✅.
❤Personal Contact Number Mcleodganj Call Girls 8617697112💦✅.
 
2k Shots ≽ 9205541914 ≼ Call Girls In Uttam Nagar (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Uttam Nagar (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Uttam Nagar (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Uttam Nagar (Delhi)
 
Night 7k to 12k Lahaul and Spiti Call Girls 👉👉 8617697112⭐⭐ 100% Genuine Esco...
Night 7k to 12k Lahaul and Spiti Call Girls 👉👉 8617697112⭐⭐ 100% Genuine Esco...Night 7k to 12k Lahaul and Spiti Call Girls 👉👉 8617697112⭐⭐ 100% Genuine Esco...
Night 7k to 12k Lahaul and Spiti Call Girls 👉👉 8617697112⭐⭐ 100% Genuine Esco...
 
08448380779 Call Girls In Shahdara Women Seeking Men
08448380779 Call Girls In Shahdara Women Seeking Men08448380779 Call Girls In Shahdara Women Seeking Men
08448380779 Call Girls In Shahdara Women Seeking Men
 
sample sample sample sample sample sample
sample sample sample sample sample samplesample sample sample sample sample sample
sample sample sample sample sample sample
 
WhatsApp Chat: 📞 8617697112 Independent Call Girls in Darjeeling
WhatsApp Chat: 📞 8617697112 Independent Call Girls in DarjeelingWhatsApp Chat: 📞 8617697112 Independent Call Girls in Darjeeling
WhatsApp Chat: 📞 8617697112 Independent Call Girls in Darjeeling
 
VIP Vapi Call Girls 📞 8617697112 Vapi Call Girls
VIP Vapi Call Girls 📞 8617697112 Vapi Call GirlsVIP Vapi Call Girls 📞 8617697112 Vapi Call Girls
VIP Vapi Call Girls 📞 8617697112 Vapi Call Girls
 
Genuine 8250077686 Hot and Beautiful 💕 Chennai Escorts call Girls
Genuine 8250077686 Hot and Beautiful 💕 Chennai Escorts call GirlsGenuine 8250077686 Hot and Beautiful 💕 Chennai Escorts call Girls
Genuine 8250077686 Hot and Beautiful 💕 Chennai Escorts call Girls
 
Hire 💕 8617697112 Reckong Peo Call Girls Service Call Girls Agency
Hire 💕 8617697112 Reckong Peo Call Girls Service Call Girls AgencyHire 💕 8617697112 Reckong Peo Call Girls Service Call Girls Agency
Hire 💕 8617697112 Reckong Peo Call Girls Service Call Girls Agency
 
Genesis 1:6 || Meditate the Scripture daily verse by verse
Genesis 1:6 || Meditate the Scripture daily verse by verseGenesis 1:6 || Meditate the Scripture daily verse by verse
Genesis 1:6 || Meditate the Scripture daily verse by verse
 
sample sample sample sample sample sample
sample sample sample sample sample samplesample sample sample sample sample sample
sample sample sample sample sample sample
 
Hire 💕 8617697112 Chamba Call Girls Service Call Girls Agency
Hire 💕 8617697112 Chamba Call Girls Service Call Girls AgencyHire 💕 8617697112 Chamba Call Girls Service Call Girls Agency
Hire 💕 8617697112 Chamba Call Girls Service Call Girls Agency
 
Hire 💕 8617697112 Champawat Call Girls Service Call Girls Agency
Hire 💕 8617697112 Champawat Call Girls Service Call Girls AgencyHire 💕 8617697112 Champawat Call Girls Service Call Girls Agency
Hire 💕 8617697112 Champawat Call Girls Service Call Girls Agency
 
DEHRADUN, uttarakhand, Uttarakhand tourism .pptx
DEHRADUN, uttarakhand, Uttarakhand tourism .pptxDEHRADUN, uttarakhand, Uttarakhand tourism .pptx
DEHRADUN, uttarakhand, Uttarakhand tourism .pptx
 
Kolkata Call Girls - 📞 8617697112 🔝 Top Class Call Girls Service Available
Kolkata Call Girls - 📞 8617697112 🔝 Top Class Call Girls Service AvailableKolkata Call Girls - 📞 8617697112 🔝 Top Class Call Girls Service Available
Kolkata Call Girls - 📞 8617697112 🔝 Top Class Call Girls Service Available
 
WhatsApp Chat: 📞 8617697112 Hire Call Girls Cooch Behar For a Sensual Sex Exp...
WhatsApp Chat: 📞 8617697112 Hire Call Girls Cooch Behar For a Sensual Sex Exp...WhatsApp Chat: 📞 8617697112 Hire Call Girls Cooch Behar For a Sensual Sex Exp...
WhatsApp Chat: 📞 8617697112 Hire Call Girls Cooch Behar For a Sensual Sex Exp...
 
A tour of African gastronomy - World Tourism Organization
A tour of African gastronomy - World Tourism OrganizationA tour of African gastronomy - World Tourism Organization
A tour of African gastronomy - World Tourism Organization
 
Genuine 8250077686 Hot and Beautiful 💕 Amaravati Escorts call Girls
Genuine 8250077686 Hot and Beautiful 💕 Amaravati Escorts call GirlsGenuine 8250077686 Hot and Beautiful 💕 Amaravati Escorts call Girls
Genuine 8250077686 Hot and Beautiful 💕 Amaravati Escorts call Girls
 

The Lanka Gate Initiative

  • 1. The LANKA GATE Initiative Security Aspects
  • 2. Contents • Trends in user centric identities • Lanka Gate Architecture • Sri Lanka Country Portal • Identity as a Service • Securing Sri Lanka Country Portal • Securing Backend Services • Other security aspects • Thoughts, Suggestions & Discussion
  • 3. Trends in user centric identities • User in the middle of the identity transaction • Governed by Seven Laws of Identity • OpenID/Information Cards
  • 4. Trends in user centric identities - OpenID • Decentralized Single Sign On + • Single profile across different domains + • Easy profile maintenance + • Authenticates once at the OpenID Provider + • Phishing ??? • Different user experience • Requires HTTPS + user education
  • 5. Trends in user centric identities – Information Cards • Phishing resistant authentication+ • Based on WS-* standards + • Highly cryptographic solution+ • Authenticates only at the Identity Provider + • Single user profile • Different user experience
  • 6. Trends in user centric identities It’s NOT OpenID vs. Information Cards, but – OpenID with Information Cards
  • 7. Contents • Trends in user centric identities • Lanka Gate Architecture • Sri Lanka Country Portal • Identity as a Service • Securing Sri Lanka Country Portal • Securing Backend Services • Other security aspects • Thoughts, Suggestions & Discussion
  • 9. Contents • Trends in user centric identities • Lanka Gate Architecture • Sri Lanka Country Portal • Identity as a Service • Securing Sri Lanka Country Portal • Securing Backend Services • Other security aspects • Thoughts, Suggestions & Discussion
  • 10. Sri Lanka Country Portal • Provides access to backend services through portlets [a single eService, several eServices from a specific project or transactional / mashup combination of eServices across several projects] • Users log in to the country portal and authorized functionality will be available. • How authentication takes place ??? • How authorization takes place ???
  • 11. Contents • Trends in user centric identities • Lanka Gate Architecture • Sri Lanka Country Portal • Identity as a Service • Securing Sri Lanka Country Portal • Securing Backend Services • Other security aspects • Thoughts, Suggestions & Discussion
  • 12. Identity as a Service • Integrates identity services into application development • Decouples identity related logic from individual application business logic • User, identity related data externalized from the applications themselves • Breaks identity silos
  • 13. Identity as a Service Identity Management Service User Store
  • 14. Contents • Trends in user centric identities • Lanka Gate Architecture • Securing Sri Lanka Country Portal • Identity as a Service • Securing Sri Lanka Country Portal • Securing Backend Services • Other security aspects • Thoughts, Suggestions & Discussion
  • 15. Securing Sri Lanka Country Portal - Authentication Identity Provider [WSO2 Identity Solution] Identity Management IdMRealm Service Country Portal User Store
  • 16. Securing Sri Lanka Country Portal - Authentication Identity Provider WS- [WSO2 Identity Security Solution] Identity HTTPS Management IdMRealm Service HTTPS Country Portal User Store HTTPS White/black listing OPs
  • 17. Securing Sri Lanka Country Portal - Authentication Username/password Identity Provider Self-issued InfoCard [WSO2 Identity Solution] Client certificate
  • 18. Securing Sri Lanka Country Portal - Authorization Country Portal Driving License Management Portlet Passport management Portlet EPF/ETF Management Portlet
  • 19. Securing Sri Lanka Country Portal - Authorization Country Portal Driving License Management Passport management Portlet Portlet Request Driving License Request Passport Track Status Track Status EPF/ETF Management Portlet View EPF/ETF Claim EPF/ETF
  • 20. Securing Sri Lanka Country Portal - Authorization Country Portal Driving License Management Passport management Portlet Portlet Request Driving License Issue Passport Track Status Reject Passport Requests EPF/ETF Management Portlet List Pending Requests View EPF/ETF Claim EPF/ETF
  • 21. Securing Sri Lanka Country Portal - Authorization Country Portal Driving License Management Passport management Portlet Portlet Issue Driving License Request Passport List Pending Requests Track Status EPF/ETF Management Portlet View EPF/ETF Claim EPF/ETF
  • 22. Securing Sri Lanka Country Portal - Authorization Country Portal Driving License Management Passport management Portlet Portlet Request Driving License Request Passport Track Status Track Status EPF/ETF Management Portlet List Pending Claims
  • 23. Securing Sri Lanka Country Portal - Authorization • Authorization logic should be handled by the corresponding service(s) – behind the portlet. [or may be by the LIX] Driving License Management Service Passport Management Service getPortlet(user) getPortlet(user) EPF/ETF Management Service getPortlet(user)
  • 24. Securing Sri Lanka Country Portal – Summary • User store will be managed centrally through Identity Management Service • Country Portal will use OpenIDs for authentication with a white-listed OpenID Provider • Once a user authenticated, his authorized functionality will be decided by evaluating authorization logic at the corresponding backend service.
  • 25. Securing Sri Lanka Country Portal – Handling Authorization • Each backend service needs to evaluate user rights. • Application specific authorization handling/ standard based authorization handling. • Standard based authorization with XACML
  • 26. Securing Sri Lanka Country Portal – Authorization with XACML • Defining policies • “Passport service administrators can list all the pending passport requests” Policy Administration Point/PAP Define [WSO2 Identity Solution] Policy Store [WSO2 Registry]
  • 27. Securing Sri Lanka Country Portal – Authorization with XACML WS- Security • Evaluating policies Identity Policy Information Management Point/PIP Service [WSO2 Identity Solution] Policy Decision Policy Retrieval Point/PDP Point/PRP Request [WSO2 Identity [WSO2 Identity Solution] Solution] Policy Store [WSO2 Registry]
  • 28. Contents • Trends in user centric identities • Lanka Gate Architecture • Securing Sri Lanka Country Portal • Identity as a Service • Securing Sri Lanka Country Portal • Securing Backend Services • Other security aspects • Thoughts, Suggestions & Discussion
  • 29. Securing Backend Services Lanka Interoperability Exchange WS- WS- WS- Security Security Security EPF/ETF Passport Driving License Management Management Management Service Service Service
  • 30. Contents • Trends in user centric identities • Lanka Gate Architecture • Securing Sri Lanka Country Portal • Identity as a Service • Securing Sri Lanka Country Portal • Securing Backend Services • Other security aspects • Thoughts, Suggestions & Discussion
  • 31. Other security aspects • Auditing – Every authentication and authorization decision has to generate an audit event – Identity Management Service / PDP – Secure logging – audit trails should preserve integrity – XDAS - OpenXDAS
  • 32. Contents • Trends in user centric identities • Lanka Gate Architecture • Securing Sri Lanka Country Portal • Identity as a Service • Securing Sri Lanka Country Portal • Securing Backend Services • Other security aspects • Thoughts, Suggestions & Discussion
  • 33. Thoughts, Suggestions & Discussion….. - Thank You…!