managing human and device identities in unified communication and SOA

1. Quantum Framework Identity and Trust Jin Peng Feb 12, 2009

3. Quantum Framework Bring people and network together through identity and trust management People Identity Network Element Identity AAA PKI Security Confidentiality, Integrity, Availability (CIA) ‏

6. Common Login and Single Sign-On Common Login page for a security domain Only login once, Single Sign-On inside the security domain Built-in RADIUS service for CLI login

7. Manage administrative user

8. Support multiple external authentication protocols

9. Role based per element type or per instance access control

10. Support different permissions (authorization model) for different type of element

11. Control security policies centrally

12. Monitor Active Sessions

13. Review Audit Log

15. Manage Network Elements network level services can be integrated dynamically into the main navigator New type of network element, new instance of elements and their web based management console can be registered dynamically.

16. Dynamic grouping of registered elements and network services You can only see links that you are granted access rights

17. Mashup with Quantum Framework Quantum: Network metadata registry: (Universal Description Discovery and Integration) ‏ what are on the network (inventory), what can they do (SOA), what are their relations, how to reach them, how to protect them (security) ‏ Quantum: Security: AAA and PKI Fault/ Performance Management Other Network services Subscriber Management Configuration Deployment Patching Quantum Framework Third party Applications Nortel Management Applications Combinations of Third party discovery and Nortel Registration Legends:

18. Launches Subscriber Manager Launches Deployment Manager Launches SNMP Profile Manager Launches NRS Manager Launches Element Manager, BCC Launches Base Manager Launches Central Patch Manager Graphical View of CS1000 Services Mashup on top of Quantum Framework

19. An example of Mashup service based on element registry: Central Deployment Management

21. Circle of Trust (Manage network elements' X.509 certificate, trusted Certificate Authority and Certificate Revocation List centrally ) ‏

22. Circle of Trust (Built-in Private Certificate Authority to bootstrap the trust and reduce cost of using commercial CA ) ‏

24. Integration options with Quantum Framework There are a number of possible integration options. From the most loosely coupled hyper link model to fully engaged with the network level mash service or even provide new network Mashup services. Level 1: Add the URL of your application as bookmark in Quantum's element table level 2: Integrate with Quantum's authentication service, achieve Single Sign-On and common login through RADIUS, (REST or SOAP )Web Service, SAML based Federation etc. Level 3: Integrate with Quantum's authorization and UDDI element registry service, declare your own element type, registered your applications as managed element or services, query access control decisions from Quantum's central PDP (Policy Decision Point) ‏ Level 4: Declare supported (Web) services in your element type definition, integrate with existing network Mashup services such as Subscriber Manager, Certificate Manager, Deployment Manager Level 5: Create new network Mashup services (alarm management, Performance management, topology management)

25. Subscriber Manager Deployment Manager Central Patch Manager IP-Sec Management SNMP Profile Manager Element Manager EM Phone Provisioning EM Node Manager NRS Manager Central User Manager Base Manager SNMP Agent in Elements UCM Framework CP for SNMP, NTP, Security SNMP Trap Server System Level Network Level Hardware CPU level Quantum in CS1000 - Network, System and Hardware View

26. CND MySQL config CS1000 System 1 Web Services xmsg ftp Quantum in CS1000: Physical Deployment view of Muti-system – network view Cust AD MySQL CS1000 System 2 MySQL config Linux UCM -m EM/BCC Call Server Linux UCM-primary SubMgr Linux UCM-back NRSM TPS GW Linux L-SLP Linux NRS/SPS UCM-m L-SLP Linux ECM-m ECM-m TPS GW Linux ECM-m MC Vxworks Vxworks SMS comp Core comp Linux UCM EM/BCC Call Server TPS GW TPS GW Linux UCM MC Vxworks VxEll L-SLP Linux UCM-m

27. Quantum Framework Evolution Path Identity Management Administrative User Subscriber Network UDDI Element Registry System Management People Unified Communication Centralized AAA,PKI SOA , MOM ( Message Oriented Middleware ) ‏ What we do now What we do next