© ETNIC l l Anne Noseda l WSGenCon 2.0 Presentation 1 WSGenCon 2.0 11/02/2010 E2SA – Equipe Support Standard Architecture.

Slides:

Advertisements

Similar presentations

© Siemens NV/SA, October 2004 Communications Network and Information Security Report ICTSB/NISSG Stefan Goeman.

Advertisements

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Bastian Steinert | 07. März 2007 make the most of leave requests a self-service application with Java™, Apache Cocoon, and the ESB Apache ServiceMIX.

WEB401 Security Practices for Web Services (Part 2) Keith Ballinger Program Manager XML Messaging Microsoft Corporation.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

WS-Security TC Christopher Kaler Kelvin Lawrence.

Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.

Core Web Service Security Patterns

© 2007 Charteris plc20 June Extending Web Service Security with WS-* Presented by Chris Seary MVP Charteris plc, Bartholomew Close, London.

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,

Web services security I

Prashanth Kumar Muthoju

GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control Maarten

Ganesh Kirti Roger Sullivan Oracle Corporation “This presentation is for informational purposes only and may not be incorporated into a contract or agreement.”

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.

Web Services An introduction for eWiSACWIS May 2008.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Identifying Web Service Integration Challenges Frank Goethals SAP-Research Chair on ‘Extended Enterprise Infrastructures’ K.U.Leuven – Belgium

Types of Electronic Infection

WS-Trust Joseph Calandrino Vincent Noël Department of Computer Science University of Virginia February 9, 2004.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Federal Acquisition Service U.S. General Services Administration eOffer/eMod Training eOffer/eMod Training Keonia Cobbins Systems Development Office of.

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.

17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.

WS-Security Protocol Ramkumar Chandrasekharan CS 265.

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.

WS-Trust “From each,according to his ability;to each, according to his need. “ Karl marx Ahmet Emre Naza Selçuk Durna

Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.

W3C Web Services Architecture Security Discussion Kick-Off Abbie Barbir, Ph.D. Nortel Networks.

Semantic Web Technologies Research Topics and Projects discussion Brief Readings Discussion Research Presentations.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.

 A Web service is a method of communication between two electronic devices over World Wide Web.

Forward: Preventing XML Signature Wrapping Attacks in Cloud Computing Prepared by: Abdulaziz AlShammari Professor Ramasamy Uthurusamy April10, 2014.

An Overview and Evaluation of Web Services Security Performance Optimizations Robert van Engelen & Wei Zhang Department of Computer Science Florida State.

Prabath Siriwardena – Software Architect, WSO2. Patterns Standards Implementations Plan for the session.

Belgian EID Card 15/12/2004 Derette Willy eID program manager.

Security Token Service (STS) Design & Development Plans Henri Mikkonen / HIP 3 rd EMI All-Hands Meeting , Padova, Italy.

Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.

Kemal Baykal Rasim Ismayilov

Deconstructing API Security

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

Andrew J. Hewatt, Gayatri Swamynathan and Michael T. Wen Department of Computer Science, UC-Santa Barbara A Case Study of the WS-Security Framework.

Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.

Web Services Security Mike Shaw Architectural Engineer.

Web Services Security with WSE 2.0 Muhammad Saqib Ilyas

Cross border electronic signature services Ingmar Vali Head of Court Registers Department Centre of Registers and Information Systems

Security in OPC Unified Architecture (UA) Dick Oyen IndustrialSysDev, Inc.

Access Policy - Federation March 23, 2016

DIGITAL SIGNATURE SERVICE

HMA Identity Management Status

Presentation transcript:

© ETNIC l l Anne Noseda l WSGenCon 2.0 Presentation 1 WSGenCon /02/2010 E2SA – Equipe Support Standard Architecture

© ETNIC l l WSGenCon 2.0 Presentation 2 Goals ETNIC developed a gateway called WSGenCon  Why ?  How ? Table of Contents 1.Context 2.Problems encountered 3.WSGenCon Future 5.Demo l Goals & Contents Goals & Contents

© ETNIC l l WSGenCon 2.0 Presentation 3 1. Context l Education Web Services ETNIC provides education Web Services (WS)  Exposed on the Internet  Need to be secured ETNIC has to know who registers  Signature  Non-repudiation ETNIC’s choices :  Use of standards  WS-Security + certificate (WSS X.509 Certificate Token Profile) user Registration WS Registration Application School Internet

© ETNIC l l WSGenCon 2.0 Presentation 4 Part of Novell IAM Solution Goal : Securing WS Supports a lot of standards Graphical interface – easy to configure 1. Context l ETNIC - Layer 7

© ETNIC l l WSGenCon 2.0 Presentation 5 2. Problems encountered l Technical complexity WS-Security too complex for schools  ETNIC developed a gateway : WSGenCon WSGenCon 1.0 provides XML support (XSL) SOAP protocol support WS-* support (WS-Adressing, WS-Security + certificate signature) HTTP / HTTPS protocol support

© ETNIC l l WSGenCon 2.0 Presentation 6 2. Problems encountered l Certificate vs eID WSGenCon 1.0 offers 2 ways of signing : Simple certificate Belgium electronic identity card (eID)  eID clearly better Comparison pointscertificateeID Cost--+ Diffusion--++ Lifecycle management-+ Technical complexity+- Secured storage--++

© ETNIC l l WSGenCon 2.0 Presentation 7 2. Problems encountered l Problems with WSGenCon 1.0 Organizational problems  PO provides same certificate to each school > cost Technical problems  use of eID : at each registration, PIN code requested Solution  WSGenCon 2.0 with WS-SecureConversation

© ETNIC l l WSGenCon 2.0 Presentation 8 3. WSGenCon 2.0 l WS-SecureConversation 2 OASIS Standards : WS-Trust (WST) WS-SecureConversation (WSSC) User authenticated once by STS  One PIN code request Then, use of a Security Context Token (SCT)  no more PIN code request

© ETNIC l l WSGenCon 2.0 Presentation 9 3. WSGenCon 2.0 l Technical issues Layer 7 constraints : Security Token Service (STS) + Secure Span Gateway (SSG) = same product  SCT is known by both elements WSSC specification advices to use derived key instead of the SCT itself  Mandatory If RST is signed, RSTR is also signed  Decryption not allowed with eID  Layer 7 support team proposed use of SSL mutual authentication

© ETNIC l l WSGenCon 2.0 Presentation WSGenCon 2.0 l Mutual SSL

© ETNIC l l WSGenCon 2.0 Presentation WSGenCon 2.0 l WSGenCon 2.0

© ETNIC l l WSGenCon 2.0 Presentation Future l What’s more to do ? Nearly ready to use Update our Forge Website (source code & documentation) Package WSGenCon 2.0  simple installer Test for Java 1.5 (only compatible Java 6) Create user documentation

© ETNIC l l WSGenCon 2.0 Presentation Demo l Demonstration FASE WS  school details Use of test eID provided by Certipost First launch : WS-Trust token negotiation  2 XML messages in the console WS-SecureConversation business exchanges  2 XML messages Second launch : Token is present and not expired Only WS-SecureConversation business exchanges  2 XML messages

© ETNIC l l WSGenCon 2.0 Presentation 14 Questions l Questions E2SA contact information : Equipe Support Standard Architecture Anne Noseda – 02/ Sébastien Bal – 02/ E2SA responsible for : WSGenCon support / development Layer 7 policies development WS development on the ESB

© ETNIC l l WSGenCon 2.0 Presentation 15 Conclusion l Conclusion This practical use case has proven that : it is possible to use only standards eID can be integrated with standards Information & source code will be available at  Feel free to usehttp://forge.etnic.be

© ETNIC l l WSGenCon 2.0 Presentation 16