Abstract:
SAP is a worldwide leader in providing big scale enterprise applications.
The current market trends shift the focus SAP and its competitors toward a
comprehensive web based integration platform for all of its functional
solutions providing the ease-of-use and user interface experience of World
Wide Web. Unfortunately the original Internet technology standards have not
been designed with security in mind. Trying to design web based enterprise
applications poses particular challenges because of the inherent nature of
the information distributed in the context of enterprise applications.
SAP NetWeaver is an application and integration technology platform which
includes an enterprise portal, data warehouse, integration broker and
application server. The purpose of the platform is to provide the underlying
infrastructure for SAP enterprise applications including ERP, CRM, SCM but
also to facilitate integration with third party applications.
The lecture will provide an overview of the following security aspects
involved in designing secure web based applications:
- user authentication (X.509, SecurID)
- public key infrastructure (PKI)
- digital signatures (PKCS #7)
- directory services (LDAP)
- role based access to portal content
- single sign-on (SSO)
- logging and security audit
- network protocol security (SSL, SNC)
- clustering, load-balancing
Additionally, a specific theoretical problem will be discussed in more
depth. This the problem of the concurrent use of the Secure Sockets Layer
(SSL) protocol for authentication and the so-called reverse proxy server for
content filtering. The analysis will uncover some of the real-life problems
that software engineers are facing today. The lecture will be supplemented
by examples of how various security aspects are implemented in the context
of SAP NetWeaver platform.
