cetis Really Complex Web Service Specifications Scott Wilson.

Slides:

Advertisements

Similar presentations

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Advertisements

15 May 2007 IVOA Beijing: Grid & Web Services 21 Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY vs.

Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.

OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.

1 SensorWebs and Security Experiences Dan Mandl Presented at WGISS Meeting in Toulouse, France May 11, 2009.

cetis SWNI: Implementation & Testing By Scott Wilson, CETIS.

GT 4 Security Goals & Plans Sam Meder

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

WS-* Specifications Process Step 2 Broader Community Participation Step 1 Initial Development Process reconciles conflicting goals Quality of engineering.

Francisco Gonzalez Mario Rincon.  Apache CXF is an open source services framework.  CXF helps you build and develop services using frontend programming.

A brief look at the WS-* framework Josh Howlett, JANET(UK) TF-EMC2 Prague, September 2007.

Chapter 10: Execution Models Service-Oriented Computing: Semantics, Processes, Agents – Munindar P. Singh and Michael N. Huhns, Wiley, 2005.

Web Service Security CS409 Application Services Even Semester 2007.

Authentication & Kerberos

SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

XML Web Services in Visual Studio ®.NET NameTitleCompany.

Making VLAB Secure Javier I. Roman. What is VLAB?  An interdisciplinary consortium dedicated to the development and promotion of the theory of planetary.

Web services security I

Prashanth Kumar Muthoju

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

Web Service Standards, Security & Management Chris Peiris

XML Web Services in Visual Studio.NET Peter Ty Developer Evangelist.NET and Developer Group.

Ganesh Kirti Roger Sullivan Oracle Corporation “This presentation is for informational purposes only and may not be incorporated into a contract or agreement.”

WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.

Tech Terminology for non-technical people Tim Bornholtz 2006 Annual Conference.

W3C Web Services Architecture Security Discussion Kick-Off Abbie Barbir, Ph.D. Nortel Networks.

Shibboleth: An Introduction

Access Control and Markup Languages Pages 183 – 187 in the CISSP 1.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.

Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

Web Services Security Patterns Alex Mackman CM Group Ltd

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

Security Assertion Markup Language (SAML) Interoperability Demonstration.

BEA position on W3C ‘Web Services’ Standards Jags Ramnarayan 11th April 2001.

User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.

Web Services Security Mike Shaw Architectural Engineer.

Using PIV Cards with NIH Login Chris Leggett NIH Login Technical Lead CIT/NIH.

1 WS-Security Yosi Taguri Microsoft Israel

Making Sense of Service Broker Inside the Black Box.

August 3, 2004WSRP Technical Committee WSRP v2 leveraging WS-Security 1. Motivation 2. WS-Securtiy Roadmap and Status 3. WSRP Use Cases 4. Strawman/Issues.

Security for MUWS. Manageable Resource External Manageability Provider Manageability Web service Environment Manageable Resource Manageable Resource Manageable.

WSO2 Identity Server. Small company (called company A) had few services deployed on one app server.

Access Policy - Federation March 23, 2016

Security Problems (and Solutions) for Service Oriented Applications

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

University of Virginia, USA GGF9, Chicago, Illinois, US

Enterprise Service Bus (ESB) (Chapter 9)

Making Sense of Service Broker

Overview We have two sessions of 1.5 hours with 1.5 hour lunch.

Tim Bornholtz Director of Technology Services

InfiNET Solutions 5/21/

The SOAP Story Martin Parry Developer & Platform Group Microsoft Ltd

Web Services Enhancements 2.0

THE WEB AND WEB SERVICES

Presentation transcript:

cetis Really Complex Web Service Specifications Scott Wilson

cetis Beyond SOAP WS-Security WS-Policy WS-SecurityPolicy WS-Routing WS-Eventing WS-ReliableMessaging ebMS SAML WS-Federation WS-Events WS-Reliability WS-SecureConversation BPEL4WS WSRP

cetis Whats all this for? Its not needed for every service, but sometimes plain SOAP isnt enough They overlap a heck of a lot Some are more useful than others Some basic categories: –Enhancements to security –Enhancements to message delivery –Enhancements to service management

cetis Security Problem: How do we make our WS transactions more secure?

cetis Security Answers –Use address translation and proxies –Use wire-level encryption via TLS over HTTP –Overflow protection at router with max message sizes –Validate payloads using XSD –Timestamp messages, and use NTP to synchronise times across servers

cetis Security Answers –Sign payloads using XML-DS –Encrypt message parts using XML-Enc –Authenticate incoming messages using HTTP authentication (basic/digest) –Authenticate incoming messages using WS-Security token exchange –Authenticate incoming messages by processing SAML Authentication Assertions –Use WS-SecureConversation to manage the session credentials

cetis Delivery Problem: How can we improve the reliability and manageability of delivering messages?

cetis Delivery Answers: –provide routing and addressing information using WS-Routing and WS-Addressing –Use WS- Reliability or WS-ReliableMessaging or ebMS to ensure once- only guaranteed delivery –Enable event-driven messaging using WS-Events or WS-Eventing or WS-Notification –Manage target state synchronisation using WS- ResourceProperties and WS-ResourceLifetime

cetis Management Problem: How do we better manage our web services, in particular how do we make dynamic discovery work?

cetis Management Answers: –Identity member services using WS-Federation and WS-Trust –Identity service policies using WS-Policy –Identify service security capabilities using WS-SecurityPolicy –Sequence the transaction flows using BPEL4WS, WS-BusinessActivity, WS- Coordination and/or WS- AtomicTransaction

cetis Q: Do we really need all this stuff?

cetis A: No, not really

cetis Well, maybe some of it WS-Security is really useful at transporting usernames and password digests (or Kerberos tickets) so you can authenticate agent users to service providers SAML is really useful for providing signed assertions about authentication when you dont want to transport credentials

cetis And… XML-Enc and XML-DS are really useful for securing message parts from snooping and interference

cetis …. And the rest? Eventually it will be nice to do event-driven messaging, using something like WS-Eventing, when the message brokers play nicely, likewise WS-Reliability/ReliableMessaging BPEL4WS looks like its worth keeping an eye on

cetis The IMS approach Basic WS-I, plus some standard application- level error codes: –WSDL 1.1 –SOAP 1.1 WS-Security: –However you want to use it WS-EverythingElse: –No comment