Web Portal Security from A to Z As Developed for Shands Healthcare at The University of Florida Copyright Ward Wilson 2003. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author. The Agenda About us What is a Web Portal Web Security Specifics single signon session state management context sharing role based application security (RBAC) Speakers Ward Wilson Alan Cook About us Shands Healthcare is a multi facility non-profit hospital organization that includes both teaching and community hospitals Shands UF and Shands Jax are the teaching hospitals for UF About us Shands primary computing environment is an IBM mainframe OS/390 environment our major sources of data are in mainframe DB2 databases and our major HIS application is a mainframe CICS product from Siemens About us so our portal and our portal development environment are mainframe OS/390 based as well EAGLE is a patented application development environment written here at UF and it runs in CICS on the mainframe OS/390 The EAGLE Environment OS/390 Web Device DB2 HTML/XML/EDI HTML/XML/EDI Web Server RACF Unix/Win Third party SERVLET JAVA SERVLET CICS EAGLE Legacy Data EAGLE EAGLE is now installed at several institutions see Illinois State presentation for EAGLE and JASIG portal integration to find out more about EAGLE look for several EAGLE presentations over the course of this week What is a Web Portal? a portal pushes business applications to users over the internet (our model) one portal for users must integrate many products and applications target devices include traditional browsers, handheld devices, tablets, and cell phones application access (what gets pushed) is controlled by roles •Hidden Frame •Contexts •Menu FRAME PIC •WELL It’s all about security Authentication and single signon Session state management Context sharing Application security Web Security Authentication and single signon Authentication and single signon beyond IP: getting beyond IP restriction to user-based authentication is a must single signon: authenticating once and accessing applications from many vendors is critical for user acceptance Authentication - beyond IP OS/390 Web Device Encrypted EDI DB2 HTML/XML/EDI Web Server RACF Unix/Win Third party Widget JAVA SERVLET CICS EAGLE Siemens HIS Single signon to many products A user’s ‘needs’ for access spans many applications and vendor products. Siemens Level of security needed for patient applications - gift shop, online payment, online pharmacy, consult a physician IDX Citrix Others medic.shands.org myMedIC (locked) Portal - most secure; manages state gateway from public to private acts as firewall Shands.org public, anonymous, unrestricted access APPS1 stores databases intranet.shands.org MedIC (unlocked) secure/private, limited by IP restriction, lacks consistent security methodology, functions as a content server Single signon - work with vendors Done Siemens: GSM, IDE, our pages or yours Citrix: save the id and password IDX: super id, XML queries, portal Magic: super id, SQL queries, portal Chris: trusted partner id handoff MSO: super id, SQL queries, portal To do Peoplesoft: accept our signon pass user id Stentor: tbd Single signon - Siemens example Role of Health care provider keys GSM process OS/390 DB2 RACF Siemens GSM CICS EAGLE Siemens HIS •Hidden Frame •Contexts •Menu FRAME PIC •WELL Single signon summary requires a multi-talented team, working with vendors, and a willingness to pay fees to get things done (don’t take no as an answer) storing encrypted ids and passwords is an alternative - use it when you have to but it too has a cost Web Security Session state management Session state management A session is a sequence of service requests by a single user using a single client to access a server. The information maintained in the session across requests is called session state. Session state may include both information visible to the user (shopping cart contents, for example) and invisible application control information (such as user preferences) JAVA SUN.COM Session state management methodologies for the web client cookies embedded session key URL re-write other (see JAVA SUN, Microsoft etc.) sharing session with other products custom ccow other? •Hidden Frame •WELL •Menu EMBEDED SESSION KEY <form method="POST" name=”EAGLE"> <input type="hidden" name="NEXTPAGE"> <input TYPE="hidden" NAME="STATE" VALUE="2480 <input TYPE="hidden" NAME="SESSION" VALUE="6 <input TYPE="hidden" NAME="CACH" VALUE="0000 ….. ….. </form> Patented session state management OS/390 Web Server Unix/Win JAVA SERVLET Encrypted session key embedded in web form, XML or custom EDI CICS EAGLE Global session data SYMQ application data Session state management the basics: session state info posted back to EAGLE, checked for validity matched encrypted key check timeout friendly: just ask for password and continue unfriendly: lose data sign in again check other embedded values handle the back button on browser Session state management pluses: scalability, server side resources are minimized (no active process) ubiquitous, works even if cookies are disabled secure, critical data never sent to browser Session state management challenges: keeping partner sessions alive (tickling the GSM) sharing key information (context sharing) handling the back button Session state management limitations: fat client or non participating browser activity may not keep session alive (ccow) other products may use cookies so you will have to deal with them Session state management summary If you are integrating many products you must provide it or use a vendor provided solution such as ccow each solution has its positives and negatives choose based upon your business requirements and ability to control browser client sharing session state and context with multiple products will be very important Web Security Context sharing Context sharing simply put it is sharing keys between applications; for example passing the student id within your applications across applications across vendor products and applications Context sharing typical implementations within applications: add key data to the posted web data or save as session data within application or across applications: include key data in the url (the get method) across applications: pass key data through a shared data store or common application (ccow) Context sharing surprising complexities key data is application specific don’t pass student id to payroll application reestablish last student id on student screens and payroll id in payroll screens EAGLE key stack save as session data keys can get quite large protecting key data Web Security Role based access control (RBAC) Role based access control (RBAC) a roles database is a mechanism used to assign a user access to data or applications access control information for an enterprise should be hosted centrally, and made available to remote applications as needed Role based access control (RBAC) transactions users access rights resources Role based access control (RBAC) Security administrative costs continue to increase Need for distributed security administration, but with central control The audit group is unable to verify consistent security to meet HIPAA regs Role based access control (RBAC) Group Users User Group Role Group Role Role Group Role Perm Permission The UF Shands data model. Role based access control (RBAC) ROLE a role defines a functional entity– e.g., “Health care provider”. Role based access control (RBAC) Group a group defines an organizational entity or facility– e.g., “Shands at AGH”. Role based access control (RBAC) Group Group ROLE ROLE A group and role are combined to provide very granular security across a distributed enterprise Role based access control (RBAC) a person can be assigned to one or more group roles. changes to a group role are distributed to all individuals assigned to it. audibility requires retaining the link between users and group roles Role based access control (RBAC) Group ROLE Perm The Group Role Permissions table stores access control rules Role based access control (RBAC) Permissions group and roles enforce corporate security policy permissions are connected to group roles it is possible to implement group role hierarchies. Role based access control (RBAC) challenges identifying group roles centralized control decentralized administration automate as much as possible HR feeds feeds from other sources feedback loop for exceptions Summary: It’s all about security Authentication and single signon a must, critical for user acceptance Session state management many ways, choose based on business needs Context sharing increasing importance Application security rbac Questions?
© Copyright 2026 Paperzz