NAAS 2.0 Features and Enhancements

1
NAAS 2.0 Features and Enhancements
2
Enhancements

• Incorporates the latest federal cryptographic
  standards (FIPS)
• Added XML Key Management Services version 2.0
• Integrated with the federal E-Authentication
  Initiative
• Performance Improvements

.
3
Trust Framework

• Can establish trust with other credential
  providers through token sharing and cross
  validation.
• Allow sharing of identity information with other
  identity stores securely.
• Promote Single Sign-on (SSO) across domains and
  applications.

4
Strong Authentications

• Provide many authenticate mechanisms such as
  digest auth, key auth and certificate auth.
• Support e-Authentication and government wide
  trust network.
• Validate external certificates using Certificate
  Arbitration Module (CAM).
• Promote Secure Authentication Key (SAK) for
  machine to machine authentications.

5
Authorization Policy Enhancements

• Support both role-based and entity-based access
  control rules. Subjects in policy setting can be
  either account name or group name.
• Grant rights to administrators of the same node
  to manage all accounts and policies within the
  node.
• Enforce default policies automatically if
  resource URI is provided in the Validate call.

6
XML Key Management Services

• XKMS 2.0 is now a component in NAAS 2.0.
• Support all standard XKMS methods for key and
  certificate management.
• Provide online registration of keys, issuance of
  certificates, and validation of certificates.
• XKMS services have been integrated with the Node
  Client 2007 and will be accessible through CDX in
  the future.

7
Internal Architecture Changes

• Uses FIPS-compliant security module for
  encryption and signature.
• Performance enhancement cross the board using
  latest tools.
• Denial of Service (DoS) attack detection and
  prevention.
• Protection of buffer overrun, stack overflow and
  other software exceptions.