This is a real life case study about how CSS implemented the security for a customer and sales portal using a Federated Identity Provider, 2 factor SSO with SAML, and attribute based access control on the SOA mediator between portal and backend using XACML.
CSS has a well established SOA backend with Role Based Access Control: Employees are assigned to one or more roles, based upon which access to varying levels of customer data is granted. However, when opening up such an IT system to customers via an online portal, access control becomes a more delicate issue. If customers are to gain access to only their and their dependent family´s data, a new layer of security is required to protect sensitive data in the backend.
You´ll gain insight in to some of the implementation issues we had along the way and how we overcame them.
