NATO Communications and Information Agency Agence OTAN d ... ¢â‚¬¢1c1 NATO...

download NATO Communications and Information Agency Agence OTAN d ... ¢â‚¬¢1c1 NATO UNCLASSIFIED A G E N C Y INSTR

of 24

  • date post

    09-Oct-2020
  • Category

    Documents

  • view

    0
  • download

    0

Embed Size (px)

Transcript of NATO Communications and Information Agency Agence OTAN d ... ¢â‚¬¢1c1 NATO...

  • NATO UNCLASSIFIED

    A N C Y NATO Communications and Information Agency

    Agence OTAN d'information et de communication

    AGENCY INSTRUCTION

    INSTR TECH 06.02.04

    NCIA Registry

    ·O 4 FEB 2015 The Hague

    SERVICE INTERFACE PROFILE FOR POLICY ENFORCEMENT POINTS

    Effective date:

    Revision No: Original

    - Issued by: Chief, Core Enterprise Services _v_?!_~_;:L_· "-_·· ~-------

    Approved by: 1f!!J41~

    Director Service Strat egy ___ v=--Yf'....;........:.//_ l _ _ ___ _ _

    NATO UNCLASSIFIED

    D E

    C LA

    SS IF

    IE D

    - PU

    B LI

    C LY

    D IS

    C LO

    SE D

    - P

    D N

    (2 01

    5) 00

    18 -

    D É

    C LA

    SS IF

    IÉ -

    M IS

    E N

    L E

    C T

    U R

    E P

    U B

    LI Q

    U E

  • -$- •1c1 AGENCY

    Amendment No

    Organization

    NCI Agency

    NCI Agency

    NCI Agency

    NCI Agency

    NCI Agency

    R. Fiske

    M. Lehmann

    R. Malewicz

    L. Schenkels

    D. Gujral

    NATO UNCLASSIFIED

    INSTR TECH 06.02.04

    Table of Amendments

    Date issued Remarks

    Author Details

    Name Contact Email/Phone

    rui .fiske@ncia.nato.int

    marek.lehmann@ncia.nato.int

    robert.ma lwicz@ncia.nato.int

    leon.schenkels@ncia.nato.int

    davinder.gujral@ncia.nato.int

    Page 2 of 24

    NATO UNCLASSIFIED

    D E

    C LA

    SS IF

    IE D

    - PU

    B LI

    C LY

    D IS

    C LO

    SE D

    - P

    D N

    (2 01

    5) 00

    18 -

    D É

    C LA

    SS IF

    IÉ -

    M IS

    E N

    L E

    C T

    U R

    E P

    U B

    LI Q

    U E

  • -$ - 4\JCI AGENCY

    NATO UNCLASSIFIED

    Table of Contents

    INSTR TECH 06.02.04

    PAGE

    0 PRELIMINARY INFORMATION ...... ............................................................................................. 4

    0 .1 Ref ere n ce s ----------------------------------------------------------------------------------------------------------4 O . 2 P u r pose--------------------------------------------------------------------------------------------------------------4 0 .3 App Ii ca bi I ity --------------------------------------------------------------------------------------------------------4

    1 SIP INTRODUCTION ............................... ........................ ......................... .. ................................ 4

    1.1 Notation a I Con ve nti on s -----------------------------------------------------------------------------------------5 1. 2 Te rm in o Io gy--------------------------------------------------------------------------------------------------------5 1. 3 Re la ti o ns hips to Other Profiles and Specifications -------------------------------------------------------7

    2 SIP DEFINITION ......................................... ......................................... .................... ................... 7

    2 .1 Subject---------------------------------------------------------------------------------------------------------------7 2. 2 Service In te rfa ce --------------------------------------------------------------------------------------------------7 2. 3 0 pe rations----------------------------------------------------------------------------------------------------------7 2 .4 Message St ru ctu re------------------------------------------------------------------------------------------------7

    3 REFERENCES ........................... ................... ............... ................................... ........................... 13

    4 ABBREVIATIONS ........ ............... ....... .. ............................... ........................... ........................... 14

    List of Annexes

    ANNEX 1- XML SAMPLES ................................... ............... ...................................................... ...... 15

    Page 3 of 24

    NATO UNCLASSIFIED

    D E

    C LA

    SS IF

    IE D

    - PU

    B LI

    C LY

    D IS

    C LO

    SE D

    - P

    D N

    (2 01

    5) 00

    18 -

    D É

    C LA

    SS IF

    IÉ -

    M IS

    E N

    L E

    C T

    U R

    E P

    U B

    LI Q

    U E

  • -~-

    4.\JC I A G E N C Y

    NATO UNCLASSIFIED

    INSTR TECH 06.02.04

    AGENCY INSTRUCTION 06.02.04

    SERVICE INTERFACE PROFILE FOR POLICY ENFORCEMENT POINTS

    0 PRELIMINARY INFORMATION

    0.1 References

    A. NCIA/GM/2012/235; Directive 1Revision1; dated 3 May 2013 B. NCIARECCEN-4-22852 DIRECTIVE 01.01, Agency Policy on Management and Control of

    Directives, Notices, Processes, Procedures and Instructions, dated 20 May 2014 C. NCIARECCEN-4-23297, Directive 06.00.01, Management and Control of Directives,

    Processes, Procedures and Instructions on Service Management, dated 03 June 2014

    0.2 Purpose

    This Techn ical Instruction (Tl) provides detailed information, guidance, instructions, standards and criteria to be used when planning, programming, and designing Agency products and services. In this specific case the Tl defines a Service Interface Profile (SIP) for one of NATO's Core Enterprise Services.

    Tis are living documents and will be periodically reviewed, updated, and made ava ilable to Agency staff as part of the Service Strategy responsibility as Design Authority. Technical content of these instructions is the shared responsibility of SStrat/Service Engineering and Architecture Branch and the Service Line of the discipline involved.

    Tis are primarily disseminated electronically1, and will be announced through Agency Routine Orders. Hard copies or local electronic copies should be checked against the current electronic version prior to use to assure that the latest instructions are used.

    0.3 Applicability

    This Tl app lies to all elements of the Agency, in particular to all NCI Agency staff involved in development of IT se rvices or software products. It is the responsibility of all NCI Agency Programme, Service, Product and Project Managers to ensure t he implementation of this technical instruction and to incorporate its content into relevant contractual documentation for external suppliers.

    1 SIP INTRODUCTION

    The purpose of this Service Interface Profile (SIP), which should be read along with the Agency Directive 06.05.04.02.H 2, "Service Interface Profile for Security Services" [NCIA AD 06.05.04.02.H], is to specify how services may be called that are protected by the Core Enterprise Services (CES) Security Services. This covers only the cal l from a web service consumer to a web service provider using simple object access protocol (SOAP), and the response from the service provider. This includes how the message must be structured and the elements that must be contained within the ca ll. It does not cover what happens before the call (in other words, how an extensible markup language (XML) Security Token is retrieved) or what happens at the Authorization stage of the process (contact with the Policy Decision Point (PDP}) . These will be covered by other SIPs.

    1 https://servicestrategy.nr.ncia/SitePages/Agency%20Directives%20(Technical).aspx 2 The Agency Directive 06.05.04.02.H [NCIA AD 06.05.04.02.H) is also available as the Technical Report with the title "Security Service Interface Profile {SIP)" [NCIA TR/2012/CPW007253/02, 2012)

    Page 4 of 24

    NATO UNCLASSIFIED

    D E

    C LA

    SS IF

    IE D

    - PU

    B LI

    C LY

    D IS

    C LO

    SE D

    - P

    D N

    (2 01

    5) 00

    18 -

    D É

    C LA

    SS IF

    IÉ -

    M IS

    E N

    L E

    C T

    U R

    E P

    U B

    LI Q

    U E

  • ' NATO UNCLASSIFIED -$- 'l\J C I

    A G E N C Y INSTR TECH 06.02.04

    1.1 Notational Conventions

    The following notational conventions apply to this document:

    • The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [IETF RFC 2119, 1997].

    • Words in italics indicate terms referenced in Section 1.2. • Courier font indicates syntax derived from the different open standards [OASIS WS-

    Security, 2006], [W3C WS-Addressing, 2006], [W3C XML-Signature, 2002], [OASIS SAML, 2005], [OASIS SAML Token Profile, 2006], and [WS-1 Security, 2010] .

    1.2 Terminology

    The following terminology is used in t his SIP and its annexes.

    Page 5 of 24

    NATO UNCLASSIFIED

    D E

    C LA

    SS IF

    IE D

    - PU

    B LI

    C LY

    D IS

    C LO

    SE D

    - P

    D N

    (2 01

    5) 00

    18 -

    D É

    C LA

    SS IF

    IÉ -

    M IS

    E N

    L E

    C T

    U R

    E P

    U B

    LI Q

    U E

  • ' -$ - •1c1

    NATO UNCLASSIFIED

    A G E N C Y INSTR TECH 06.02.04

    Active Client A Requestor that is able to make SOAP web service ca lls direc