Web Service Security

Post on 10-Dec-2014

1.795 views 1 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

description

@ApacheCon 2011

Transcript of Web Service Security

Prabath  Siriwardena  –  Software  Architect,  WSO2  

Patterns

Standards

Implementations

Plan for the session

Recurring Problems

Patterns

Authentication Patterns

Confidentiality Patterns

Authorization Patterns

1995 1997

1999

2004

2005

SAML2 Web SSO

2008/May

Authentication Patterns

Direct Authentication

Brokered Authentication

Basic Authentication

Mutual Authentication

2-legged OAuth

Direct Authentication for Web Services

Tran

sport  L

evel  

UsernameToken Profile with WS-Security

Signing – X.509 Token Profile with WS-Security

Direct Authentication for Web Services

Message

 Lev

el  

Mutual Authentication

2-legged OAuth

Brokered Authentication for Web Services

Tran

sport  L

evel  

WS-Trust / STS

WS-Federation

Brokered Authentication for Web Services

Message

 Lev

el  

Signing – X.509 Token Profile with WS-Security

Kerberos Token Profile for WS-Security

Resource  STS  

2006/April

2006/June

2008/2009

2008/2009

2008/2009

2007/Dec

2007/Dec

Authorization Patterns

Direct Authorization

Delegated Authorization

Authorization Patterns

Direct Authorization

Delegated Authorization

ActAs  in  WS-­‐Trust  1.4  

2005/Feb

Message Interceptor Gateway Pattern

Trusted Sub System Pattern

Security Solution Patterns Message

 Lev

el  

UsernameToken Profile

SOAP Security Message

 Lev

el  

X.509 Token Profile & Key Referencing

Message

 Lev

el  

SOAP Security

Key  Identifiers  

Direct  References  

Symmetric Binding Vs Asymmetric Binding

Message

 Lev

el  

SOAP Security

Message

 Lev

el  

SOAP Security

•  WS-­‐Security  secures  SOAP  –  focuses  on  message  level  security  

•  Focuses  on  a  single  message  authentication  model  

•  Each  message  contains  everything  necessary  to  authenticate  it  self  

•  Suitable  for  a  coarse  grained  messaging  in  which  a  single  message  at  a  time  from  the  same  requestor  is  received  WS  –  Se

cure  Con

versation  

Message

 Lev

el  

SOAP Security WS  –  Se

cure  Con

versation   •  What  SSL  does  at  the  transport  level  in  point-­‐to-­‐point  

communication,  WS-­‐SecureConversation  does  at  the  SOAP  layer  

•  Removes  the  need  of  individual  SOAP  message  carrying  authentication  information.  

•  Establishes  a  mutually  authenticated  security  context  in  which  a  series  of  messages  are  exchanged.  

•  Uses  public  key  encryption  to  exchange  a  shared  secret  and  then  onwards  uses  the  shared  key  

WS-Trust

Message

 Lev

el  

SOAP Security

Sender Vouches – Subject Confirmation

Message

 Lev

el  

SOAP Security

Message

 Lev

el  

SOAP Security

Holder-of-Key – Subject Confirmation

http://wso2.org/library/3786

SOAP Security

http://wso2.org/library/3132

WS – Security Policy

Top related

WEB SECURITY SERVICE APPLICATION BY USING WEB SERVICE AND RON
 Documents
Blue Coat Web Security Service: Unified Agent Brief
 Documents
Web Service Standards, Security & Management Chris Peiris .
 Documents
WEB SECURITY SERVICE - Trustmarque€¦ · SYMANTEC WEB SECURITY SERVICE Threat protection • Largest Civilian Global Intelligence Network feeding threat information (15K enterprises,
 Documents
UNIFIED SECURITY SERVICE FOR EDUCATION Web Version...UNIFIED SECURITY SERVICE FOR EDUCATION CENSORNET’S UNIFIED SECURITY SERVICE (USS) ENABLES COMPREHENSIVE MONITORING AND IN-DEPTH
 Documents
Denial-of-Service, con’t / Web Security · 2013. 2. 21. · Web Security CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, ... Service (DoS), including TCP & application-layer
 Documents
Web Service Security - Kasetsart Universitymcs/courses/219451/slides/Lecture8.pdf · Web Service Security WS-Security FrameworkSecurity Framework Provides extensions that can be used
 Documents
Based on the Agency Web Service Security Architecture
 Documents
1 Web Service and Security Lilly Wang. 2 Agenda Brief introduction to web service Web service security Wireless web service.
 Documents
Zscaler Web Security · SLTI BRIE Zscaler ™ Web Security Zscaler Web Security, part of the Zscaler Cloud Security Platform, delivers the complete security stack as a cloud service,
 Documents
Oracle Access Management Security Token Service · The web service consumer presents the SAML security token to the web service provider in header of a SOAP message. The web service
 Documents
InTech-A Guided Web Service Security Testing Method
 Documents
Web Service Standards, Security
 Documents
Custom Encryption Siebel Web Service Security
 Documents
Web Service Security in SAP NetWeaver CE Service Security in SAP NetWeaver CE SAP NetWeaver Product Management Security ... Configuring Security and Reliability Design-time configuration
 Documents
Web Service Security Overview, analysis and challenges · Web Service Security Overview, analysis and challenges ... Information system technologies to communicate in an ... Figure
 Documents
Web Service Security - Davide Cerri · 6 Web Service Composition 7 Web 2.0 Services 8 Web Service Security . 3 Outline • Motivation • Technical solution – Basic techniques –
 Documents
Android Web Service Security - Joseph Alexander
 Software
Security Web Service
 Documents
Web conference security€¦ · security Web conferencing service architecture . White aper gotomeeting.com W onfer ecurity 8 operating system and browser security patches. We keep
 Documents

Copyright © 2022 FDOCUMENTS