CA SiteMinder Solution Requirements Specification

Transcription

1 CA SiteMinder Solution Requirements Specification CA Services 2009 CA Document Title Customer Project CA SiteMinder Solution Requirements Specification University of Illinois Last Saved Date 12-Apr-2012 Version 1.3 SiteMinder Federation Web Services Architecture for University of Illinois

2 Document Properties Attribute Customer Name: Project Name: Project ID: Document Name: Document Number: Value University of Illinois SiteMinder Federation Web Services Architecture for University of Illinois Project # S CA SiteMinder Solution Requirements Specification XXX0002 Document Version: 1.3 Version Date: Document Status: Authors 08-Mar-2012 Released CA Services Copyright 2009 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. This document is for your informational purposes only. To the extent permitted by applicable law, CA provides this document As Is without warranty of any kind, including, without limitation, any implied warranties of merchantability or fitness for a particular purpose, or non-infringement. In no event will CA be liable for any loss or damage, direct or indirect, from the use of this document including, without limitation, lost profits, business interruption, goodwill or lost data, even if CA is expressly advised of such damages. Document Overview Item Document Objective: Description This document gathers the requirements for a particular CA Service project deploying CA SiteMinder Web Access Manager Specification v1.0 Page 2 of 51

3 Item Description (defined by a Statement of Work). It contains the functional requirements, quality attributes and constraints. Audience: Modified by: Architects, Project Manager, Customer, Testing Manager This document must be modified by an Architect It will also require input by the Customer and CA Project Manager. Project Stage Document Owner: This document is linked to the Stage 2 Solution Requirements Definition This document is owned by CA Services Global Practices. If any areas of this document require clarification please contact the document s owner. Project Complexity: Effort to Modify: (Hours) Notes: All projects (mandatory document) 1-10 days, depending on project scope and complexity and the availability of an HLD. Usually 5-10 days. The SiteMinder Web Access Manager Reference SRS is modeled around a common scenario of an enterprise deploying a web access management and Single Sign-On application for internal and external facing users. Review & Approval Review Date 12-Apr Action Name Company, Organizational Position Author Mahendran Jayaraman CA, Architect Consultant 12-Apr Apr Apr- Reviewer Sidney Knight Reviewer Sheheryar Muftee Reviewer Daryl Fritchey CA, Services Program Manager University of Illinois, Deployment Coordinator University of Illinois, Senior Project Coordinator Specification v1.0 Page 3 of 51

4 Review Date Apr Action Name Company, Organizational Position Approver Amin Kassem University of Illinois, Assoc Dir. For Enterprise Architecture Change History Date Version Author Description of Change 11-Jan Mahendran Jayaraman 27-Feb Mahendran Jayaraman 02-Mar Mahendran Jayaraman/Sid Knight 08-Mar Mahendran Jayaraman Document Creation Corrections based on client s feedback Updated scalability numbers Updates accepted from University of Illinois, version Released Distribution List Date Version Name Company, Organizational Position Referenced Documents Related Project Documents SiteMinder Federation Web Services Architecture for University of Illinois - Requirements Gathering Questionnaire SiteMinder Federation Web Services Architecture for University of Illinois - SOW SiteMinder Documentation Specification v1.0 Page 4 of 51

5 Table of Contents GLOSSARY... 7 EXECUTIVE SUMMARY BUSINESS DRIVERS AND SOLUTION OUTCOMES BUSINESS DRIVERS EXPECTED SOLUTION OUTCOMES SOLUTION SCOPE BUSINESS MODEL CURRENT PROBLEM STATEMENTS PLANNED END STATE SOLUTION ACTORS INTERACTIONS OF ACTORS FUNCTIONAL REQUIREMENTS SUMMARY OF USE CASES USE CASES UC-01 Authorize Access UC-02 Authenticate User UC-03 Authenticate via Single Sign-On UC-04 Single Session Termination UC-05 Maintain Session State UC-06 Log Off Web UC-07 Define Web Security Policy UC-08 Delegate Policy Control UC-09 Access Web UC-10 Access Partner QUALITY ATTRIBUTES RELIABILITY Response Times Average Throughput Peak Throughput Scalability Concurrent Usage AVAILABILITY Specification v1.0 Page 5 of 51

6 4.2.1 Uptime Business Continuity Backup and Restore SERVICEABILITY Migration Model Maintenance SECURITY User Roles, Functions and Scope Authentication / Authorization User Management Data and Communications Security Audit Tracking and Access Logs Data Retention SOLUTION CONSTRAINTS EXTERNAL INTERFACES SOLUTION ENVIRONMENT CONSTRAINTS Server Platforms End User Platforms Infrastructure Data Stores Network Context APPENDIX A ADDITIONAL QUALITY ATTRIBUTES ERROR! BOOKMARK NOT DEFINED. USER INTERFACE... ERROR! BOOKMARK NOT DEFINED. LOCALIZATION... ERROR! BOOKMARK NOT DEFINED. APPENDIX B - ADDITIONAL SOLUTION CONSTRAINTS Specification v1.0 Page 6 of 51

7 Glossary Term Actors Availability Business Driver CA SiteMinder Component Definition of Term User roles or systems that directly interact with the Solution. The backup/restore and failover characteristics of the Solution. The initial action that drives the need for a Solution CA SiteMinder is a centralized Web access management system that enables user authentication and single sign-on, policy-based authorization, identity federation, and auditing of access to Web applications and portals. An instance of installable software which may contain executable(s) and/or data. The Solution Architecture Model will list the CA software, customer environment and project-developed components (if any) which are required for this Solution. Environment An Environment refers to all of the servers and supporting systems network, firewalls and other hardware and applications utilized to house the Solution. Environments can be build on physical or Virtual machines and different Environments will be required for different stages of a Solution s delivery e.g. development, test, staging, production Failover Federation Federation FIPS FSS Failover refers to the ability to recover a failed component in real-time, such as the SiteMinder Policy Server. A federation consists of one Asserting Party (Identity Provider/IdP) and one or more relying parties (Service Provider/SP). A federation provides a means for these partner services to agree on and establish a common, shared name identifier to refer to the user in order to share information about the user across the organizational boundaries. Single sign-on that works across the Internet. It allows users with Web browsers to securely and easily access multiple Web applications while only logging in once, even though the applications are most likely managed by different organizations. Federal Information Processing Standards Federation Security Services Specification v1.0 Page 7 of 51

8 Term HLD IAM Identity Provider (IdP) Definition of Term High Level Design - a work product delivered by CA Personnel for a customer to aid the production of a high level Solution design. The HLD is used to help the customer articulate requirements and project outcomes covering functions, Solution Metrics, and scope. The HLD proposes an architecture, deployment, and validation approach for how CA products can help support the project outcomes. In the event of any conflict between a Project Statement of Work and a HLD, the Statement of Work takes precedence over the HLD. Identity and Access Management The Asserting Party (SAML 2.0). The IdP generates SAML assertions to be used by the Service Provider. Key Store LOB Malware OOTB PAP PDP PEP Physical Architecture Entity used by the SiteMinder Policy Server to store encryption keys used by the Policy Server when communicating with SiteMinder Web Agents. Line of Business From the words Malicious and software, Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. Types of malware are virus, worm, Trojan Out of the Box Policy Administration Point - provides centralized administration, management and monitoring of entitlement policies. The CA SiteMinder WAM UI is an example of a policy administration point. Policy Decision Point logical entity or place on a server that makes admission control and policy decisions in response to a request from a user wanting to access a resource on a computer or network server. The CA SiteMinder Web Access Manager policy server is an example of a policy decision point. Policy Enforcement Point logical entity or place on a server that enforces policies for admission control and policy decisions in response to a request from a user wanting to access a resource on a computer or network server. The CA SiteMinder Web Access Manager web agent is a policy enforcement point. The structure that defines how product components are deployed to achieve the proposed Solution. Specification v1.0 Page 8 of 51

9 Term Policy Server QoS Reliability Requirements ROI SAML Secure Proxy Server Serviceability Service Provider (SP) Session Store Definition of Term CA SiteMinder software component that provides a platform for managed key operations, authentication, authorization, and security management. The Policy Server provides the SAML authentication scheme at the Relying Party. It also provides the SAML assertion generator used by a producing federated entity. Quality of Service Performance and throughput characteristics of the Solution. Identified desires of the customer which the Solution needs to address Return on Investment Security Assertion Markup Language - OASIS standard for exchanging authentication and authorization data between security domains. The SiteMinder Secure Proxy Server (SPS) is a high-performance proxy gateway that extends the reach of the SiteMinder security architecture by providing a set of deployment options that allow for greater centralization of administration and enable alternative sessioning models. A description of the Solution s administration and maintenance. The Relying Party (SAML 2.0) The session store is the database that stores user sessions, SAML attributes and SAML assertions. It is accessed by the Policy Server. SharePoint Agent The CA SiteMinder Agent for SharePoint integrates SharePoint into your SiteMinder Web access management environment. In doing so, it improves the end-user experience through single sign-on, allows you to extend access to new internal and external groups and simplifies web security administration and compliance Smkeydatabase The smkeydatabase is a key and certificate database used for signing, verification, encryption, and decryption between a SiteMinder consuming authority and a SiteMinder producing authority. The database is made up of multiple files. Administrators manage and retrieve keys and certificates in this database using the SiteMinder tool called smkeytool. Solution The proposed CA software deployment for the customer environment, which is detailed within this document. Specification v1.0 Page 9 of 51

10 Term Solution Calculator Definition of Term A spreadsheet which, when completed by an Architect, will calculate work effort estimates for the deployment of CA Solutions in a customer environment. It contains provisions for those circumstances where there is a good HLD, an incomplete HLD or, worst case, where there is no HLD. The output from a Calculator will give the most accurate project effort (time) requirements possible, dependant on the information available. It contains calculations for parameters, estimates of the requirements for customer-specific modifications, plus required hours for the project team. Solution Metric Solution Metric Test Solution Requirement Solution Run Book Use Case Use Case Test User Store WS-Federation Web Agent A quantifiable measure of the project outcome. A test that helps validate that a Solution Metric has been achieved. One of the proposed functional outcomes of the Solution. Details the Solution's routing maintenance procedures, key administrative functions, security and monitoring information. It also provides a troubleshooting guide for administrators and operations staff. A functional goal that an Actor can have of the Solution. Each Solution Requirement will have one or more corresponding Use Cases. A test which helps to validate that a Use Case goal has been met. A user store in SiteMinder is an object that contains details for connecting to an existing user store that resides outside of SiteMinder. Defines mechanisms for allowing disparate security realms to broker information on identities, identity attributes and authentication. A Web Agent is installed on a Web server to secure access to resources. Table 1 - Glossary Specification v1.0 Page 10 of 51

11 Executive Summary The Solution Requirements Specification documents the requirements for the University of Illinois Solution. This document has been produced with input from the University of Illinois (U of IL). Customer identified requirements for the Solutions are enumerated in the Solution Requirements Specification. Briefly, the Solution aligns with the following Business Drivers: Create and Deploy CA SiteMinder Web Access Manager in the University of Illinois environment. Configure University-wide Single Sign-On Authentication that covers applications and users in multiple domains. Deploy CA Federation for SiteMinder in the University of Illinois environment to support the federation requirements and to enable configuration of SAML based security policies. This engagement includes architecting the SiteMinder Federation security Services which will enable University of Illinois to Single-sign-on to its affiliates and partners. Once this Solution is deployed the University of Illinois (U of IL) should receive the following outcomes: Enhanced business processes Closer alignment with recognized Industry best practices available through application updates Increase in customer satisfaction Increased flexibility in operations Increase in available resources Lower start-up time for new or expanded operations Business continuity is enhanced Employee experience enhancement Consistency in service experience Specification v1.0 Page 11 of 51

12 1 Business Drivers and Solution Outcomes 1.1 Business Drivers University of Illinois s (U of IL) needs the centralized security infrastructure to cater to the Single Sign On and Federation requirements from various application groups. The SiteMinder Federation Security services will be deployed in order to enable this. The key Business Initiatives which drive this Solution are summarized in the following table: Identifier BD-01 Infrastructure BD-02 - Improve Web User Experience BD-03 Reduce Risk of Unauthorized Access BD-04 Provide Cross domain single sign on BD -05 Federation with partners Business Drivers Create SiteMinder Federation Security Service infrastructure for U of IL. Improve the experience of Employees, Non-Employees, students, internal users and business partners that interact with U of IL through online applications. Reduce risk arising from unprotected or poorly protected web applications and from non-compliance with published security policies and standards. Compliance currently varies from application to application. U of IL will be able to single sign on illinois.edu, uic.edu, uis.edu, uiuc.edu and uillinois.edu domains. Implement SiteMinder Federation Security Service to enable U of IL to SSO with its partners/affiliates. Table 2 Business Drivers Note that these Business Drivers define the context for the expected Solution Outcomes defined in the following section (1.2). Deployment of the overall Business Drivers is beyond the scope of this document. 1.2 Expected Solution Outcomes The expected outcomes for this project are summarized in the following table: Identifier SO-01 Create a standalone SiteMinder infrastructure Expected Solution Outcome Create a new SiteMinder infrastructure to support Single Sign on and Federation Business Driver Cross- Reference BD-01 Infrastructure BD -05 Federation with partners Specification v1.0 Page 12 of 51

13 Identifier SO-02 - Provide Single Sign-On Across Web s SO-03 - Simplify Web Security Development SO-04 - Improved Web Protection SO-05 Provide Centralized Policy Management Expected Solution Outcome Allow the user to access multiple websites without having to authenticate to each website individually. Reduce the number of credentials a user must remember /possess. Provide central control of a user s web session across multiple web applications and websites, covering timeouts, redirects and injection of personalization information. U of IL will be able to single sign on illinois.edu, uic.edu, uis.edu, uiuc.edu and uillinois.edu domains. Simplify development by creating a framework that will be used to provide security services that can be applied to and reused across multiple web applications. Reuse will decrease development time for applications and timeto-market, especially for customer-facing web applications. A proven web security framework with industry standard components (policy enforcement points (PEP), policy decision points (PDP) and policy administration points (PAP)) will be deployed to protect web applications. This will result in moving security functions away from individual applications and using a known, trusted security platform. Support of multiple authentication technologies beyond simple usernames and passwords will provide stronger authentication options for the web application environment. Security policies for multiple applications will be controlled from a single system, which enables policies to be applied more uniformly across all applications. Business Driver Cross- Reference BD-01 Infrastructure BD-03 - Improve Web User Experience BD-04 Provide Cross domain single sign on BD-02 Reduce Costs of Securing Web s BD-04 Reduce Risk of Unauthorized Access BD-01 Infrastructure Specification v1.0 Page 13 of 51

14 Identifier SR-06 Implement SiteMinder Federation Security Service Expected Solution Outcome Implement SiteMinder Federation Security Service to enable U of IL to SSO with its partners/affiliates. Business Driver Cross- Reference BD -06 Federation with partners 1.3 Solution Scope Table 3 Expected Solution Outcomes The scope for this Solution is summarized in the following table: Solution Scope General In Scope Out of Scope Locations: Chicago All other data center locations Which geographies? Which location types? Urbana People: Which groups? Approximately how many people? s: Which Business s? Internal users (Employee, Non-Employee and more than 80 different affiliates), with identities in the Active Directory/LDAP user repository Five applications to be integrated with Siteminder Banner/Luminis CA Service Desk Manager Users with identities not listed in the supported user repositories; users that do not access an application in the list of in-scope applications. Any other applications are out of scope. Note: SOW states two different applications. U of IL to provide names of the simple and complex applications. SharePoint Internal Developed application - One simple and one complex Specification v1.0 Page 14 of 51

15 Solution Scope General In Scope Out of Scope Federated Two applications to be integrated with Siteminder Federation Security services. Any other applications are out of scope. Shibboleth Google Apps / Box Environment: Development PostTest Dev / Test / QA / Production Test Production Language: Installed Language English No other languages or localization are in scope Solution Outcome Cross-Reference SO-01 Create a standalone SiteMinder infrastructure In Scope Installation in Dev, Test and Production Out of Scope PostTest Specification v1.0 Page 15 of 51

16 Solution Outcome Cross-Reference SO-02 - Provide Single Sign-On Across Web s In Scope The following web applications are in scope for single sign-on with complex integration: Banner/Luminis Out of Scope Other web apps Other types of session control CA Service Desk Manager SharePoint Internal Developed application - One simple/moderately complex integration using Web Agent Idle and session timeouts; redirects as required by application security requirements The following user repositories are in-scope for providing authentication and authorization information: Active Directory (internal users) LDAP SO-03 - Simplify Web Security Development All protected applications. s outside of the secure web business enablement security framework. Specification v1.0 Page 16 of 51

17 Solution Outcome Cross-Reference SO-04 - Improved Web Protection In Scope Injection of personalization information to a web application from the user store The following authentication methods will be supported: User ID and passwords Integrated Windows Authentication Federation SAML 2.0 Out of Scope Other authentication types (onetime passwords, token) Password management scenarios: password synchronization across user stores; certificate and smart card management; s for password changes; Password policies that are not supported out of the box SO-05 Provide Centralized Policy Management Configuration of authentication and authorization policies for accessing resources Fine-grained authorization control using JAAS Security for web applications SO-06 Implement SiteMinder Federation Security Service Federation using SAML 2.0 with partner U of IL where Shibboleth and Box/Google Apps are acting as SP or trusting party and U of IL is acting as IDP or asserting party. The following Federated applications are in scope for U of IL to single sign-on with its SP or trusting party: All other Federating Partners Single Logout Session Synchronization with Federated applications Custom Assertion Response Shibboleth Google/Box Specification v1.0 Page 17 of 51

18 Solution Outcome Cross-Reference SO-07 - Provide Single Sign-On Across Web s using Siteminder Secure Proxy Agent In Scope The Internal Developed application - One simple / moderately complex integration using Secure proxy Agent Idle and session timeouts; redirects as required by application security requirements The following user repositories are in-scope for providing authentication and authorization information: Active Directory (internal users) LDAP Out of Scope Other web apps Other types of session control Table 4 Solution Scope Specification v1.0 Page 18 of 51

19 2 Business Model 2.1 Current Problem Statements The current situation is summarized in the following table: Solution Outcome Cross- Reference SO-01 Create a standalone SiteMinder infrastructure Gap / Issue with Current Situation There is no single sign on capability between any of the applications. Users must log in each time they access a different web application. No session control across web applications exists today. Session timeouts and idle timeouts are independently controlled across applications. Users may time out in one web session and be prompted for re-authentication while another web session continues. There is no Access manager solution in place. Currently users need to login every time when access different applications. SO-02 - Provide Single Sign-On Across Web s SO-07 - Provide Single Sign-On Across Web s using Siteminder Secure Proxy Agent SO-03 - Simplify Web Security Development There is no single sign on capability between any of the applications. Users must log in each time they access a different web application. Since users may access three or four different applications per session, that translates to a loss of productivity and frustration for the user. No session control across web applications exists today. Session timeouts and idle timeouts are independently controlled across applications. Users may time out in one web session and be prompted for re-authentication while another web session continues. Each web based application at U of IL developed its own authentication and authorization system. Each application team deployed different feature sets and capabilities into the applications. Specification v1.0 Page 19 of 51

20 Solution Outcome Cross- Reference SO-04 - Improved Web Protection Gap / Issue with Current Situation Web applications are exposed at various levels of vulnerability, dependent upon the web and application server platforms utilized. There is no consistent protection and enforcement mechanism across all web applications. Each web application deploys its own authentication system. Some web applications utilize the shared user repository but the rest of the applications have their own user repository. Credentials, covering passwords, are managed independently by each web application. s that maintain their own user repository have disjointed processes for maintaining user authentication credentials. Audit findings and information security recommendations have indicated that some data in web applications should be protected with authentication measures stronger than standard user IDs and passwords. SO-05 Provide Centralized Policy Management Each web application manages security policies differently. The web applications have various capabilities to automatically enforce policies. Procedures vary between each application group. The IT Security Department does not have a central tool to manage or review security policy configurations across all of its web applications. developers and administrators have full control over their respective application(s). It is not possible to scope control for any particular user or group of users. Security policies and configurations for various applications must be manually transferred from one application to another, often with dissimilar lexicon for expressing the policies. S0-06 Implement Siteminder Federation Security Services There is no centralized federation solution in place. Currently, users need to login separately when accessing the partner applications. Users need to maintain accounts at U of IL as well as at the partner site. Specification v1.0 Page 20 of 51

21 2.2 Planned End State Table 5 Current Situation The Solution should address the business requirements by establishing a shared user management platform for managing all types of identities employees, Non-Employees, students, customers, internal users, business partners and more than 80 different affiliates. The planned Solution is summarized in the following table: Solution Outcome Cross-Reference SO-01 Create a standalone SiteMinder infrastructure SO-02 - Provide Single Sign-On Across Web s SO-07 - Provide Single Sign-On Across Web s using Siteminder Secure Proxy Agent SO-03 - Simplify Web Security Development SO-04 - Improved Web Protection Description of TO BE State A new, standalone SiteMinder environment for U of IL. When a user first authenticates against a protected web application, the platform will create a session. Access requests to other resources protected by the web security platform will recognize the session identity and not re-prompt the user for authentication credentials. A common security framework will provide centralized tools and a single framework for all applications to utilize. New requirements will need to be developed and deployed in one location; not in every application. Policies and security components may be copied from one application context to another, or applied across multiple applications, within a single security management framework. When a request is made to an application, the request will be processed by performing three operations and making decisions: 1. Is the resource protected by a policy? 2. Is the requestor known New / Enhanced Process Single Sign-On Single Sign-On Web Security Development Web Access Single Sign-On Specification v1.0 Page 21 of 51

22 Solution Outcome Cross-Reference Description of TO BE State (authenticated)? 3. Is the user authorized to access this resource according to a configured policy? Based on these decisions, the request will be allowed or denied. The web security infrastructure will support various types of authentication schemes, such as username/password. Customer specific authentication modules can be developed. Provide central control of a user s web session across multiple web applications and websites, covering timeouts, redirects and injection of personalization information. When the user terminates the session, it will take effect across all applications. The cookie provider will be implemented to enable cross domain single sign on. New / Enhanced Process SO-05 - Provide Centralized Policy Management A centralized policy management console will provide a single interface for describing access policies for web applications and providing security parameter information to the web applications. Web applications may use different repositories for storing authorization information (e.g. one application may use an LDAP repository while another application uses an Oracle RDBMS repository). If a primary key can be created across the repositories the security platform can retrieve authorization privileges from various repositories. Policies may be copied from one application context to another, or applied across multiple applications, within a single security management framework. Security Policy Management Specification v1.0 Page 22 of 51

23 Solution Outcome Cross-Reference SR-06 Implement SiteMinder Federation Security Service Description of TO BE State SAML and WS-Federation will be supported by the web security platform system. The platform can perform as both an Identity Provider and Service Provider. New / Enhanced Process Federated Access 2.3 Solution Actors Table 6 - Solution Actors Actor (Role) Description Current Use of the System User Employee/Non- Employee that accesses U of IL applications. User logs in separately internally and into partner application. Expected Use of the New Solution User accesses one web application protected by SiteMinder and then can access multiple federated applications through SM based single sign on. Federating user is authenticated by SiteMinder, will provide the user with SAML assertion based on the valid SiteMinder Session. IT Security Analyst Web security platform (SM) administrator Configure authentication and authorization policies for one or more web applications. Manage the infrastructure, policies. Delegate responsibility to others. Configure authentication and authorization policies for one or more web applications. Manage the infrastructure, policies. Delegate responsibility to others. Configure federation partner definitions and policies. Administrator Personnel who support and maintain applications in the production environments Maintains access control configuration for individual application through individual app. Liaisons with IT Security Analysts to solve access control problems Integrator Has functional knowledge of a particular application s external interfaces Not applicable Works with IT Security Analysts and application developer on standards for application integration into the web access security framework. Specification v1.0 Page 23 of 51

24 Actor (Role) Description Current Use of the System Developer IT Security Auditor Responsible for application design and development Responsible for monitoring security polices to ensure compliance with corporate standards and security levels. Codes security functions individually for web application Not applicable Expected Use of the New Solution Writes applications to consume security parameters provided by centralized security platform Audit configurations in central policy management system; review reports from information logged in audit database. Table 7 Solution Definition 2.4 Interactions of Actors User IT Security Analyst Developer Integrator Administrator IT Security Auditor User attempts web app access Changes to platform Notified of security platform changes Notified of security platform changes Notified of security platform changes Notified of security platform changes [Unknown] Initiate change control notification Updates as required Updates as required Updates as required Update reporting as required Authentication [Known User] Changes to security platform Enforce Password Policy Authorization User able to access app Create / update security policies for application Develop new or update existing application Define application integration with security platform Deploy application Received Audit and reporting requirements Develop reports from audit logs released Reports ready for review Configure audit settings Figure 1 Interaction of Actors The interaction of actors describes how the actors (described above) will work together in the Solution. User Utilizes Solution to access protected web applications IT Security Analyst Specification v1.0 Page 24 of 51

25 Communicate security platform changes to Administrator, Integrator and Developer. Creates delegation model and informs delegated administrators (typically Administrator, Developer) of privileges. IT Security Analyst Notify IT Security Auditor about configuration changes that may affect audit reporting. Administrator Work with IT Security Analyst and Developer on integration of applications and providing requirements for application security policies. Integrator Notify IT Security Analyst when security policies must be changed to interact with application. Developer Notifies the Integrator when underlying application behavior has been modified and the integration into the security framework may be affected. Notify the Integrator and IT Security Analyst when changes to the application require additional information from the security platform. IT Security Auditor Works with Developer (reporting) and IT Security Analyst to design required audit reports. Specification v1.0 Page 25 of 51

26 3 Functional Requirements The functional requirements of the Solution are defined in terms of the Use Cases that the Solution supports which are needed to satisfy the Expected Solution Outcomes in section 1.2. If there are additional functional requirements they can be added in an Appendix. 3.1 Summary of Use Cases The Use Cases for the planned Solution are summarized in the following table: Use Case Identifier Use Case Goal Solution Outcome Cross-Reference UC-01 Authorize Access SO-02 - Provide Single Sign-On Across Web s SO-07 - Provide Single Sign-On Across Web s using Siteminder Secure Proxy Agent UC-02 Authenticate User SO-02 - Provide Single Sign-On Across Web s SO-07 - Provide Single Sign-On Across Web s using Siteminder Secure Proxy Agent UC 03 Authenticate via Single Sign-On SO-02 - Provide Single Sign-On Across Web s SO-07 - Provide Single Sign-On Across Web s using Siteminder Secure Proxy Agent UC 04 Single Session Termination None included or extended use case UC-05 Maintain Session State None included or extended use case UC-06 Log Off Web None (Parent Use Case) UC 07 Define Web Security Policy SO-05 Provide Centralized Policy Management UC 08 Delegate Policy Control SO-05 Provide Centralized Policy Management Specification v1.0 Page 26 of 51

27 Use Case Identifier Use Case Goal Solution Outcome Cross-Reference UC-09 Access Web SO-02 - Provide Single Sign-On Across Web s SO-07 - Provide Single Sign-On Across Web s using Siteminder Secure Proxy Agent UC-10 Access Partner (Outbound Federation) SO-06 Implement SiteMinder Federation Security Service Table 8 Summary of Use Cases Each of these use cases are defined in the remainder of this section. Specification v1.0 Page 27 of 51

28 Below is a combined diagram of all of the Web Access Management use cases and associated actors: Web App Web Access Manager Authenticate via Single Sign-On «extends» Access Web Authorize Access Authenticate User «extends» Change My Password Maintain Session State Authenticate via Password Enforce Password Policies User Logoff Web Single Session Termination Define Web Security Policy Delegate Policy Control Administrator Figure 2 Web Access Management Use Cases 3.2 Use Cases UC-01 Authorize Access Web App Web Access Manager Access Web Authorize Access Authenticate User User Timeout Session Figure 3 Use Case Diagram for UC-01 Authorize Access Specification v1.0 Page 28 of 51

29 Goal Actor(s) Narrative Frequency Preprocessing Postprocessing Included Use Case(s) Extended Use Case(s) Access Secure Web None Allow a user to access a resource protected by the web access management Solution. To access the resource a user must authenticate according to the selected authentication scheme and then be authorized in accordance with the defined security policies for that resource. Appropriate audit records of the access are generated as defined in the security policy. Each time a user accesses a resource in the web access management environment. Security policies defined to protect web application User accesses the protected resource. Personalization information is passed from the web access management system to the underlying resource. UC-02 - Authenticate User UC-05 Maintain Session State None Table 9 UC-01 Authorize Access UC-02 Authenticate User Web App Web Access Manager Authenticate via Single Sign-On «extends» Access Web Authorize Access Authenticate User User «extends» Authenticate via Password Specification v1.0 Page 29 of 51

30 Figure 4 Use Case Diagram for UC-02 Authenticate User Goal Actor(s) Narrative Frequency Preprocessing Postprocessing Authenticate User None Web access management system identifies a user s session by challenging them for authentication (usually username/password). The user s response is compared with the authentication store and an authentication decision is made. Appropriate auditing occurs as defined in the Solution s audit policies. Called on initial access to a secure web application; and on the occurrence of a session timeout. Web Access Management framework recognizes attempt to access a protected resource Web Access Management framework authorizes requested access Included Use Case(s) Extended Use Case(s) UC-03 Authenticate via Single Sign-On Table 10 UC-02 Authenticate User UC-03 Authenticate via Single Sign-On Web App Web Access Manager Authenticate via Single Sign-On «extends» Access Web Authorize Access Authenticate User User «extends» Authenticate via Password Specification v1.0 Page 30 of 51

31 Figure 5 Use Case Diagram for UC-03 Authenticate via Single Sign-On Goal Actor(s) Narrative Frequency Preprocessing Postprocessing Included Use Case(s) Extended Use Case(s) Authenticate via Single Sign-On User A user accesses protected resources on different systems/applications without being prompted for authentication on each resource. The first time a user is authenticated, an authentication token is set. Future authentication attempts recognize the authentication token and do not require additional prompts for authentication. The user s security session is carried along as the user moves across applications protected by the web access manager. Called on initial access to a different application than the original application that initiated the user s security session. WAM recognizes attempt to access a protected resource for an application where authentication has not been established User s browser session is securely identified to so that future access requests will not require re-authentication None None Table 11 UC-03 Authenticate User Specification v1.0 Page 31 of 51

32 3.2.4 UC-04 Single Session Termination Web App Access Web Web Access Manager Authorize Access Maintain Session State User Logoff Web Single Session Termination Figure 6 Use Case Diagram for UC-04 Single Session Termination Goal Actor(s) Narrative Frequency Preprocessing Postprocessing Included Use Case(s) Extended Use Case(s) Single Session Termination User A user s session, which allows for authentication across all applications in the single sign-on environment, is terminated and the user must reauthenticate and re-establish the session. As defined by policy, or per user request User has authenticated and established a web single sign-on session. Session information is removed from user s browser session and user must re-authenticate to establish a new session. None None Table 12 UC-04 Single Session Termination Specification v1.0 Page 32 of 51

33 3.2.5 UC-05 Maintain Session State Web App Access Web Web Access Manager Authorize Access Maintain Session State User Logoff Web Single Session Termination Figure 7 Use Case Diagram for UC-05 Maintain Session State Goal Actor(s) Narrative Frequency Preprocessing Postprocessing Included Use Case(s) Extended Use Case(s) Maintain Session State None When a request is received by the Solution for access to a protected web application, the Solution determines if the user s session has exceeded any timeout limitations configured in policies. If the session has exceeded a timeout limit, then the user s session is terminated and the user is prompted for authentication. Otherwise, the session information is updated and appropriate timeout values, such as idle timeout, are reset to zero. As configured in security policies Timeout values are configured for the resource that the user is accessing. User has been idle longer than allowed, or user s session has None UC-04 Single Session Termination None Specification v1.0 Page 33 of 51

34 Table 13 UC-05 Maintain Session State UC-06 Log Off Web Web App Access Web Web Access Manager Authorize Access Maintain Session State User Logoff Web Single Session Termination Figure 8 Use Case Diagram for UC-06 Log Off Web Goal Actor(s) Narrative Frequency Preprocessing Postprocessing Included Use Case(s) Extended Use Case(s) Log Off Web User User logs out of a web application to end their session and prevent another user from accessing their information. The web application manager destroys the session across the entire deployment, preventing the single sign-on session from being used in any web application. Once per session (if the user clicks a logout link) User authenticates and establishes a session with web access management system Upon next access to a protected web application, the system does not recognize the user s credentials and prompts for authentication. UC-04 Single Session Termination None Specification v1.0 Page 34 of 51

35 Table 14 UC-06 Log Off Web UC-07 Define Web Security Policy Web Access Manager Define Web Security Policy Developer Administrator Figure 9 Use Case Diagram for UC-07 Define Web Security Policy Goal Actor(s) Narrative Frequency Preprocessing Postprocessing Define Web Security Policy Administrator, Developer, Integrator, IT Security Analyst Actor accesses policy administration area of the Solution. Actor defines security policy that protects the Solution, which covers who is allowed and denied access, what types of authentication are required for access, responses that the framework will take when access is requested, session timeouts, and other configuration parameters. Frequently during application development and testing; once per deployment into each subsequent environments; as changes are made to policies (e.g. decision made to allow additional users access) The authority to administer the particular web application must be delegated to the actor by an IT Security Analyst (see UC-08 Delegate Control of Web Security Policy). None required, although best practice is to test the policies to see if they work using UC-01 Authorize Access. Specification v1.0 Page 35 of 51

36 Included Use Case(s) Extended Use Case(s) None None Table 15 UC-07 Define Web Security Policy UC-08 Delegate Policy Control Web Access Manager Delegate Policy Control IT Security Analyst Administrator Figure 10 Use Case Diagram for UC-08 Delegate Policy Control Goal Actor(s) Narrative Frequency Preprocessing Postprocessing Included Use Case(s) Extended Use Case(s) Delegate Policy Control IT Security Analyst, Administrator Actor logs into administrative portion of a Solution. Actor selects an application and delegates control of that application to other actors. As required when new application administrators, application developers and application integrators are on-boarded Actor must be granted authority to delegate control of this application to other administrators, either from a specific assignment, or from super-user rights. An administrator account must be in the administrative repository so that the actor can select the administrator that rights to be delegated. Actor who is delegated defines a web security policy (UC-07 Define Web Security Policy). None None Specification v1.0 Page 36 of 51

37 Table 16 UC-08 Delegate Policy Control UC-09 Access Web Web App Access Web Web Access Manager Authorize Access User Figure 11 Use Case Diagram for UC-14 Access Web Goal Actor(s) Narrative Frequency Preprocessing Postprocessing Included Use Case(s) Extended Use Case(s) Access Web User User attempts to access a web application that is protected by the security framework. Once the framework has authenticated and authorized the user, an access session is established. Each time user s browser access the web application None User accesses web application and performs authorized actions. UC-01 Authorize Access None Specification v1.0 Page 37 of 51

38 Table 17 UC-14 Access Web UC-10 Access Partner Siteminder Web Access Manager Review Audit Log Manage Security Policies IT Security Auditor Authorize User IT Security Analyst Access Partner Authenticate User Single Sign-On User Figure 19 Use Case Diagram for UC-15 Access Partner Specification v1.0 Page 38 of 51

39 Goal Actor(s) Description Frequency Preprocessing Postprocessing Included use case Extended use case Table 18 - Use Case FSS1 Access Partner User User accesses Partner application via federation link. This use case is synonymous to SAML 2 based outbound federation. (Outbound from U of IL). SiteMinder generates the SAML 2 assertions based on the partnership agreements and include any necessary attributes as required by the federation partner. This assertion is presented to partner site which validates it and provides access to applications hosted by them. Each time a user accesses Partner application via federation link. Federation security policies defined to protect partner application. User successfully accesses the partner resource. SAML 2 assertion is generated at U of IL and is consumed by partner containing required information that is passed from the SiteMinder system to the partner site. UC-02 Authenticate User None Table 23 UC-15 Access Partner Specification v1.0 Page 39 of 51

40 4 Quality Attributes Quality attributes are also frequently referred to as non-functional requirements. 4.1 Reliability This section summarizes the performance, throughput and scalability characteristics of the Solution. Please note that CA does not guarantee any specific sizing limits and response times for the Solution as these are, to a large extent, dependent on the customer s hardware configuration, and/or interfaces with third party/customer-developed software products, and the load in the customer s environment Response Times The expected Solution performance metrics are listed below, where ms = milliseconds: Quality Attribute Identifier QA-PR-01 User Authentication QA-PR-02 User Authorization Function or Functional Requirement(s) Cross- Reference UC-02 Authenticate User UC-01 Authorize Access Performance Metric Less than 4 ms Less than 4 ms Table 19 Quality Attributes Response Times Average Throughput The average Solution throughput volume for the next five years is summarized in the table below. Quality Attribute Identifier QA-AT-01 Authentications QA-AT-02 - Authorizations Throughput Metric Description Authentications (login requests for a protected resource where the user has not been authorized) Authorizations (requests for a resource after user is authorized) Year /s 4/s 6/s 8/s 10/s 10/s 20/s 30/s 40/s 50/s Table 20 Quality Attributes Average Throughput Specification v1.0 Page 40 of 51

41 4.1.3 Peak Throughput The peak Solution throughput volumes for the next five years are summarized in the table below: Quality Attribute Identifier QA-PT-01 Authentications QA-PT-02 - Authorizations Throughput Metric Description Authentications (login requests for a protected resource where the user has not been authorized) Authorizations (requests for a resource after user is authorized) Year /s 6/s 8/s 10/s 12/s 20/s 40/s 60/s 80/s 100/s Table 21 Quality Attributes Peak Throughput Peak throughput is achieved when results can be sustained for a one (1) hour period with the following mix: 1. An authorization mix of 40% initial authorization for a resource and 60% repeated authorizations for a resource. 2. Maximum number of concurrent logins 3. User population the size of Year 3 as defined in the Scalability section Scalability The proposed Solution must be able to scale out to the expected capacities over the next five years as listed below: Quality Attribute Identifier QA-NC-DC-01 Internal Users QA-NC-DC-02 Protected s Capacity Metric Description Internal users (Employees, Non- Employees) Web applications protected that require authorization policies Year , , , , , Table 22 Quality Attributes Scalability Specification v1.0 Page 41 of 51