WS-SecureConversation

Slides:



Advertisements
Similar presentations
XML Encryption and Derived Keys: Suggestion For a Minor Addition Magnus Nyström RSA.
Advertisements

GT 4 Security Goals & Plans Sam Meder
cetis Really Complex Web Service Specifications Scott Wilson.
CS651/551 Federated Trust Systems Alfred C. Weaver
WS-SecureConversation Xiuduan Fang. 2 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action.
A brief look at the WS-* framework Josh Howlett, JANET(UK) TF-EMC2 Prague, September 2007.
Web Service Security CS409 Application Services Even Semester 2007.
Presented by Kennedy Subramoney Specification – Project Leader Resources & Strategy (A Division of Eskom) CR&D Department XMLVend (Online Vending Specification)
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
WS-Security TC Christopher Kaler Kelvin Lawrence.
Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,
Web Service Security CSCI5931 Web Security Instructor: Dr. T. Andrew Yang Student: Jue Wang.
Web services security I
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
1 Emergency Alerts as RSS Feeds with Interdomain Authorization Filippo Gioachin 1, Ravinder Shankesi 1, Michael J. May 1,2, Carl A. Gunter 1, Wook Shin.
XML Encryption, XML Signature, and Derived Keys: Suggestion For a Minor Addition Magnus Nyström RSA.
Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.
An Overview and Evaluation of Web Services Security Performance Optimizations Robert van Engelen & Wei Zhang Department of Computer Science Florida State.
Prabath Siriwardena – Software Architect, WSO2. Patterns Standards Implementations Plan for the session.
Mr. Abdelkrim Boujraf, Unisys Mr. Andreas Schaad, SAP Research Mr. Mohammad Ashiqur Rahaman, SAP Research funded by EU Integrated Project R4eGov R4eGov.
Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.
Andrew J. Hewatt, Gayatri Swamynathan and Michael T. Wen Department of Computer Science, UC-Santa Barbara A Case Study of the WS-Security Framework.
EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Transforming the Existing User Credentials.
Web Services Security Mike Shaw Architectural Engineer.
EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Simplified Credential Management Henri.
Security in OPC Unified Architecture (UA) Dick Oyen IndustrialSysDev, Inc.
August 3, 2004WSRP Technical Committee WSRP v2 leveraging WS-Security 1. Motivation 2. WS-Securtiy Roadmap and Status 3. WSRP Use Cases 4. Strawman/Issues.
Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.
Web servisai (Security)
RSA Laboratories’ PKCS Series - a Tutorial
Domain 6 – Security Assessment and Testing
OGSA-WG Basic Profile Session #1 Security
Security Problems (and Solutions) for Service Oriented Applications
Vocabulary Big Data - “Big data is a broad term for datasets so large or complex that traditional data processing applications are inadequate.” Moore’s.
Radius, LDAP, Radius used in Authenticating Users
Web Service Security Standards Overview
SSL Implementation Guide
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Network Security Unit-VI
Kerberos Kerberos is a network authentication protocol and it is designed to provide strong authentication for client server applications. It uses secret.
Web Services UNIT 5.
Advanced Security Architecture System Engineer Cisco: practice-questions.html.
University of Virginia, USA GGF9, Chicago, Illinois, US
CS 465 TLS Last Updated: Oct 31, 2017.
WI / XA Integration with NetScaler Gateway: How it works
Cyber Security Authentication Methods
Kerberos.
Cryptographic Protocols
Multi-party Authentication in Web Services
Assignment #4 – Solutions
Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.
Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li  University of Pittsburgh, Pittsburgh, PA Hui Ling.
doc.: IEEE /454r0 Bob Beach Symbol Technologies
Key Distribution Reference: Pfleeger, Charles P., Security in Computing, 2nd Edition, Prentice Hall, /18/2019 Ref: Pfleeger96, Ch.4.
Building Security into Your System
From Passwords to Public keys Chapter 10 ~ Chapter 12
Unit 8 Network Security.
Electronic Payment Security Technologies
Operating Systems Concepts
Presentation transcript:

WS-SecureConversation Vidya Iyer 3/11/06

Web services

SecureConversation End-to-end security Leverages SSL, and Kerberos Leverages XMLENC and XMLDSIG Establishes contexts for convenient multi-message communication Initial overhead to establish context, then faster communication

Terms Security Token – security related information (ie. X.509 cert, Kerberos ticket, username) Security Context – established authenticated state, and related keys Security Context Token – URI representation of Security Context

Creating Secure Contexts

Changing contexts Amending, Renewing, Cancel contexts Requester sends Amend URI http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Amend And proof of possession of key Recipients authenticate request and update their context Same for Renew, Cancel

Deriving keys Common to use SecureContexts to agree on pseudorandom generators to derive keys Uses DeriveKeyToken syntax Syntax is agnostic to key derivation scheme No need to send key material

Benefits over SSL End-to-end security XML aware Selective encryption Easier to nullify existing contexts

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.