DI2E PlugFest Industry Day TEM Enterprise Focus Team July 2014 Vendor’s Plugfest Participation Plugfest 2015 Dates - May 18-19 • Setup day: Monday, May 18, 2015 (times TBA) • Event Day: Tuesday, May 19, 2015 • Vendor Showcase location: GMU Dewberry Hall and DH Lobby area Industry Outreach Day: week 1 of September 2014 – day TBA Vendor Registration Opens: mid-September 2014 – day TBA July 2014 3 1 After Action Report 2 Technical Profile Review 3 Way Ahead July 2014 4 Observations During Plugfest 2014 • IdAM – Variety of vendors aligned with the current AC specification to provide REST and SOAP security. – Many vendors provided key technical feedback on emerging standards to further enhance AC & Web SSO within DI2E including OAuth, OpenID, and OpenID Connect • Service Discovery – Ozone Market Place (OMP) provided an excellent service registry to the various participants within the Plugfest eXchange – Automated service discovery of CDR search endpoints from within OMP – Continuing to explore • Collaboration – XMPP was brought forward by industry and we are currently exploring to support DI2E July 5 Observations During Plugfest 2014 • Advanced Analytics – Variety of vendors brought advanced analytics but required large amounts of BIG data to truly highlight the capability. Vendors were limited by our scenario data and we need to explore supplying more test data to vendors. • Performance Simulation – DIL is a major part of DCGS and we are exploring ways to simulate DIL connections to further demonstrate performance within the operational environment • Expanding API beyond Common Map – Looking at additional standards that promote the ability for sharing of additional MultiINT beyond geospatial data including HUMINT, COMINT, OSINT, etc. July 6 1 After Action Report 2 Technical Profile Review 3 Way Ahead July 2014 7 Technical Profile Overview • • • Set of technical profiles providing detailed guidance for a DI2E focus area Includes a test kit for objectively testing conformance to the technical profiles For each profile one or more conformant implementations may be available • PlugFest 2014 Targeted Technical Profiles – – – CDR REST Search – https://www.intelink.gov/go/zankYmq Web Service Access Control – https://www.intelink.gov/go/kcN4VyS Web Single SignOn – https://www.intelink.gov/go/jeYvHyO Technical Profile Tech. Design Documents Specs. July Reference Docs. Conf. Test Matrix Conformance Test Kit Test Proc. Conf. Checks Test Data Test Reques ts 8 IdAM Profile Updates Post Plugfest Access Control Description Sources Disposition Support WS-Addressing message routing elements in SOAP request message DMO Add to core WS-Access control specification Defer to future major version Require a WS-Addressing message id element and message issuance timestamp in SOAP request messages Additional elements help prevent message replay attacks DMO Would like to support but not strictly an access control function Consider adding an Privacy and Integrity specification to the technical profile Defer to future major version Support WS Security-Policy WS-Security Policy is an XML language that can be used to expresses the security requirements of a web service and may be used to auto-configure service clients in some web-service frameworks. DMO Consider adding SDT access control policy expressed as WS Security-Policy to technical profile Defer to future major version Support for disadvantaged network environments STS requests and response messages, security tokens can be a significant overhead in low-bandwidth network environments MC Lower overhead tokens and token exchanges may be considered in future July 2014 9 IdAM Profile Updates Post Plugfest Web Single-Sign-On Description Sources Disposition Change name to reflect true intent of document True intent is to introduce a web authentication session mediation protocol, rather than implement a user singlesign-on experience (although authentication session mediation provides this) EFT, LinkSpace Rename service specification, update introduction to reflect purpose of document Clarify ‘primary-secondary’ web application pattern Requirement to support pattern underlies need for authentication session mediation Many Reviewers Update TDD, specifications Clarify multiple identity provider pattern Requirement to support pattern underlies specification of OpenID (or SAML web SSO using OpenID model) Many Reviewers Update TDD, specifications Specify OpenID as the underlying authentication session mediation protocol Had large impact on profile, but: no current implementers, implementation of OpenId is substantially easier than SAML FW, Dtech Update TDD, specifications Defer to future major version pending analysis of JIE IdAM requirements July 2014 10 SDT JIE IdAM Alignment • JIE IdAM: • SDT Access Control: – 50,000 → 10,000 ft. – High level architecture and assertions – Deals generally with DoD enterprise wide identity, authentication and access control Deliverables: JIE -SDT IdAM Alignment Analysis • SDT assumptions vs. JIE assertions • How SDT STS concept fits into JIE IdAM Architecture July 2014 – 5,000 → 0 ft. – Deals specifically with user-level access control in chains of ‘server-to-server’ web service calls • SDT Web Single-Sign-On: – 5,000 → 0 ft. – Deals specifically with enabling ‘integration in the browser’ Proposed SDT IdAM Modifications • Changes that can be made to SDT IdAM to align with JIE architecture Identified JIE IdAM Issues • Irreconcilable issues with JIE architecture that break SDT assumptions • Initial material for JIE IdAM working group engagement 11 CD&R Next Steps: Brokered Search • Baseline for interoperability – – – – Global Source Identification Loop avoidance Query and results de-duplication Synchronous response CD&R Search CD&R Remote Broker1 CD&R Search CD&R Search Request Response CD&R Search CD&R “Local” Broker CD&R Search CD&R Search • Optional advanced features – Advanced Query Language – Cache/Filtering – Asynchronous communication CD&R Remote Broker2 CD&R Search One Request, Search Everywhere July 12 CD&R Next Steps: Describe • Service Description: – Service Description: Admin information – Search Interface Description Aggregate Description • Supported optional parameters • Default values CD&R Remote Broker1 – Query Language Capability • Basic vs. Advanced Description Aggregate Description Request Response CD&R Search – Geospatial Boundaries – Temporal Range – Trending/Popular Keywords Description CD&R Search Description CD&R Search CD&R “Local” Broker • Content Description: CD&R Search Description CD&R Search Description Aggregate Description CD&R Remote Broker2 CD&R Search Description CD&R Search One Request, Describe Everywhere July 13 1 After Action Report 2 Technical Profile Review 3 Way Ahead July 2014 14 PlugFest 2015 Targets • • • • DI2E Plugfest 2015 Already Scheduled! May 18th and 19th Hosted at GMU C4I Center Dedicated full day of integration and test at GMU May 18th Currently planning and looking for Gov participants to shape focus areas and scenarios DI2E Focus Area Possible Capability Areas Technical Profiles Impacted IdAM JIE-SDT Integration Mobile IdAM Web Single SignOn Web Service Access Control CD&R CDR Expansion Search Brokered Search Describe Retrieve Visualization Capabilities Common Map Display Common Map API PlugFest 2015 builds upon the foundation laid in PlugFest 2014 July 15 Questions? Back Up Materials Follow… 16 Spencer Brown Enterprise Focus Team EFT Chair 301-851-7417 [email protected] Mike Ko Erik Visnyak Enterprise Focus Team PlugFest Project Lead Enterprise Focus Team PlugFest Technical Lead 703-984-0260 703-377-4790 [email protected] [email protected] July 2014 17
© Copyright 2024 ExpyDoc
