2004129 1 All Rights Reserved, Copyright FUJITSU LIMITED. 2004 All Rights Reserved, Copyright FUJITSU LIMITED. 2004 2
All Rights Reserved, Copyright FUJITSU LIMITED. 2004 3 All Rights Reserved, Copyright FUJITSU LIMITED. 2004 4
All Rights Reserved, Copyright FUJITSU LIMITED. 2004 5 XML Security XML/Web ServicesSecurity ( ) $40M(2001) $4.4B(2006) $4.4B(2006) AAA(Authentication, Authorization and Administration) Security 65% ZapThink All Rights Reserved, Copyright FUJITSU LIMITED. 2004 6
All Rights Reserved, Copyright FUJITSU LIMITED. 2004 7 SSO USB Token PKI 802.1X(EAP-TLS), etc. ( SAML Assertion Network Network Network VLAN, etc. TCG PKI Security NGSCB (Next Generation Secure Computing Base) All Rights Reserved, Copyright FUJITSU LIMITED. 2004 8
2 RADIUS PKI Network ( Network Web Web SSO Kerberos Realm All Rights Reserved, Copyright FUJITSU LIMITED. 2004 9 ( ) Web PC (VPN Firewall) Web PC VLAN Web SSLv3 All Rights Reserved, Copyright FUJITSU LIMITED. 2004 10
( ) ID ID All Rights Reserved, Copyright FUJITSU LIMITED. 2004 11 ( ) TCG(Trusted Computing Group) TPM(Trusted Platform Module) TCG(Trusted Computing Group), API 20034 AMD, HP, IBM, Intel, Microsoft 79(20049 ) PC/,,, (OS/ ),, URL : http://www.trustedcomputinggroup.org/ All Rights Reserved, Copyright FUJITSU LIMITED. 2004 12
PC All Rights Reserved, Copyright FUJITSU LIMITED. 2004 13 Security PC Network PC Network All Rights Reserved, Copyright FUJITSU LIMITED. 2004 14
All Rights Reserved, Copyright FUJITSU LIMITED. 2004 15 SSO, Kerberos, NT Domain, DCE, etc. SSO ID ID SSO SAML Liberty, eauthentication ID RBAC, XACML Rule All Rights Reserved, Copyright FUJITSU LIMITED. 2004 16
SSO Liberty Liberty Alliance Project Liberty Alliance Project Liberty Identity ID Single-Sign-On, Single-Log-Out ID Identity Identity ID-FF ID-WSF ID-SIS ID SSO Web All Rights Reserved, Copyright FUJITSU LIMITED. 2004 17 SSOWS-Federation WS-Federation Single-Sign-On Microsoft IBM Verisign 20037 Web Service Securitiy Web Service Securitiy 20024 Microsoft IBM Verisign Web Web Services Security 1 WS-Security 6 7 WS-SecureConversation WS-Federation WS-Authorization WS-Policy WS-Trust WS-Privacy Web Service Security WS-Security MS/IBM/Verisign OASIS SOAP W3C All Rights Reserved, Copyright FUJITSU LIMITED. 2004 18
RBAC Rule Base 1. 1. Basic 2. PKI in B) 3. 2 B2C 3 1. 2. 3. 4. 1. 2. 3. 4 1. 2. 3. 4. Runtime 1. 1. PEP Runtime Web SSO SAML, Liberty Attribute Provider Web PDP Runtime All Rights Reserved, Copyright FUJITSU LIMITED. 2004 19 XACML XACML XML 20032 OASIS ( ) XML XACML XACML XACML 1.0 (20032) XACML 1.1 (20038) XACML 2.0 (2004) time zone RBAC, LDAP,,, All Rights Reserved, Copyright FUJITSU LIMITED. 2004 20
Web SSO SSO (Hub Web SSO SSO e-authentication AA/CS RBAC(: Role Based Access Control) Rule base Rule base All Rights Reserved, Copyright FUJITSU LIMITED. 2004 21 All Rights Reserved, Copyright FUJITSU LIMITED. 2004 22
ID ID Life Cycle Role ID C/S, Web SSO, ID Provisioning SPML ID ID ID ID eauthentication ID SSO SAML Liberty SAML Liberty (Attribute Provider) X.500, LDAP, RDB Entitlement Management RBAC Role,Rule) XACML All Rights Reserved, Copyright FUJITSU LIMITED. 2004 23 ID (ID ) ID ID ID (Federation) ID ID (Integration) ID ID ID (Fragmentation) ID (Consolidation) ID ID ID ID ID ID OS ID ID ID ID (ID ) Computing Computing 1980 1990 1990 All Rights Reserved, Copyright FUJITSU LIMITED. 2004 24
ID OS OSDBWeb OS 3) Control-SA 4) 5) 4) Control-SA 3) 2) 1) 2) 4) 5) 3) Control-SA GUI 1) Control-SA GUI All Rights Reserved, Copyright FUJITSU LIMITED. 2004 25 SPML SPML Service Provisioning Markup Language) OASIS Provisioning Services TC(PSTC) XML SPMLOASIS 2001OASISPSTC(Provisioning Services Technical Committee) Access360, BMC, Business Layers, CA, Entrust, Netegrity, Novell, Oblix, OpenNetwork Technologies, Sun/Waveset 20037 Catalyst 10 BMC, Business Layers, Critical Path, Entrust, OpenNetwork Technologies, PeopleSoft, Sun, Thor Technologies, TruLogica, Waveset 20038 Sun/Waveset SPML 200310IBMSPML2.0 WS-Provisioning 200311 SPML1.0 2004 SPML2.0 All Rights Reserved, Copyright FUJITSU LIMITED. 2004 26
SPML SPML (A) Requesting Authority PSP SPML PSP Provisioning System One SPML (C) Provisioning System Two (B) SPML (D) PST One Resource B Resource C Resource D Resource E Resource F ARAPSPCPSP PSP BPSP PSTD PSP All Rights Reserved, Copyright FUJITSU LIMITED. 2004 27 ID ID Identity ID SSO Assertion SSO ID PDP PEP Assertion Assertion All Rights Reserved, Copyright FUJITSU LIMITED. 2004 28
e-authentication e-authentication ID (e-government ) FirstGov.gov (Federate) e-government e-authentication Identity Federation Interoperability Lab All Rights Reserved, Copyright FUJITSU LIMITED. 2004 29 (Entitlement Management) (Entitlement Management) ( ) IP All Rights Reserved, Copyright FUJITSU LIMITED. 2004 30
All Rights Reserved, Copyright FUJITSU LIMITED. 2004 31 Network SSO ID Scalability ID Provisioning, ID Entitlement management SSO e-authentication Portal All Rights Reserved, Copyright FUJITSU LIMITED. 2004 32
All Rights Reserved, Copyright FUJITSU LIMITED. 2004 33