WS-SecureConversation Xiuduan Fang. 2 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action.

Slides:



Advertisements
Similar presentations
Advanced Piloting Cruise Plot.
Advertisements

1
Feichter_DPG-SYKL03_Bild-01. Feichter_DPG-SYKL03_Bild-02.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Working with MS-ACCESS IS 240 – Database Management Lecture #2 – Assoc. Prof. M. E. Kabay, PhD, CISSP Norwich University
Chapter 1 The Study of Body Function Image PowerPoint
Author: Julia Richards and R. Scott Hawley
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
UNITED NATIONS Shipment Details Report – January 2006.
Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.
My Alphabet Book abcdefghijklm nopqrstuvwxyz.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Addition Facts
Year 6 mental test 5 second questions
Year 6 mental test 10 second questions
2010 fotografiert von Jürgen Roßberg © Fr 1 Sa 2 So 3 Mo 4 Di 5 Mi 6 Do 7 Fr 8 Sa 9 So 10 Mo 11 Di 12 Mi 13 Do 14 Fr 15 Sa 16 So 17 Mo 18 Di 19.
ZMQS ZMQS
PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.
1 Implementing Internet Web Sites in Counseling and Career Development James P. Sampson, Jr. Florida State University Copyright 2003 by James P. Sampson,
REVIEW: Arthropod ID. 1. Name the subphylum. 2. Name the subphylum. 3. Name the order.
Break Time Remaining 10:00.
PP Test Review Sections 6-1 to 6-6
1 WSDL: Web Service Description Language Gary Sharp Mike Breakiron.
ABC Technology Project
EU market situation for eggs and poultry Management Committee 20 October 2011.
EIS Bridge Tool and Staging Tables September 1, 2009 Instructor: Way Poteat Slide: 1.
1 Undirected Breadth First Search F A BCG DE H 2 F A BCG DE H Queue: A get Undiscovered Fringe Finished Active 0 distance from A visit(A)
2 |SharePoint Saturday New York City
25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 1 Hailiang Mei Remote Terminal Management.
VOORBLAD.
15. Oktober Oktober Oktober 2012.
1 Breadth First Search s s Undiscovered Discovered Finished Queue: s Top of queue 2 1 Shortest path from s.
IONA Technologies Position Paper Constraints and Capabilities for Web Services
WS-Policy Brian Garback. 2 Agenda  Introduction  Domain Terminology  Policy Expressions  Policy Assertions  Policy Attachments  Conclusion  Policy.
BIOLOGY AUGUST 2013 OPENING ASSIGNMENTS. AUGUST 7, 2013  Question goes here!
Factor P 16 8(8-5ab) 4(d² + 4) 3rs(2r – s) 15cd(1 + 2cd) 8(4a² + 3b²)
Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.
1..
Do you have the Maths Factor?. Maths Can you beat this term’s Maths Challenge?
31242/32549 Advanced Internet Programming Advanced Java Programming
© 2012 National Heart Foundation of Australia. Slide 2.
Understanding Generalist Practice, 5e, Kirst-Ashman/Hull
Addition 1’s to 20.
25 seconds left…...
: 3 00.
H to shape fully developed personality to shape fully developed personality for successful application in life for successful.
Januar MDMDFSSMDMDFSSS
Week 1.
Analyzing Genes and Genomes
We will resume in: 25 Minutes.
©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.
Clock will move after 1 minute
Intracellular Compartments and Transport
PSSA Preparation.
VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.
Immunobiology: The Immune System in Health & Disease Sixth Edition
Essential Cell Biology
CpSc 3220 Designing a Database
Presentation transcript:

WS-SecureConversation Xiuduan Fang

2 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action Conclusion References

3 Introduction to WS- SecureConversation Why introduce WS-SecureConversation? Consider the functions of WS-Security –message integrity –message confidentiality –single message authentication

4 Introduction to WS- SecureConversation What if senders and receivers need to exchange multiple messages?

5 Introduction to WS- SecureConversation A Feasible Solution –Encrypt all messages with a security token issued by a token issuing service. Drawback: the size of each message can become a performance bottleneck.

6 Introduction to WS- SecureConversation A Better Solution –WS-SecureConvsation Similar to SSL Introduce a security context A SecurityContextToken is applied. Once created, the messages are smaller and can be processed faster by both ends.

7 Introduction to WS- SecureConversation Goals –Define how security contexts are established –Specify how derived keys are computed and passed Non-Goals –Define how trust is established or determined—that is done by WS-Trust

8 Introduction Introduction Security Context Token Establishing Security Context Deriving Keys SecureConversation in Action Conclusion References

9 Security Context Token describes a security context.

10 Syntax of Security Context Token …......

11 Security Context Token Example <wsse:SecurityContextToken wsu:Id="SecurityToken- f3dfe69f-4bd6-41f9-b198-bb6247d14780"> uuid:f1971e12-f d-bf7d- 29c78a0a81eb T02:52:55Z T06:52:55Z

12 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action Conclusion References

13 Establishing Security Context A security context needs to be created and shared by the communicating parties before being used. How? 1.created by a security token service (STS) 2.created by one of the communicating parties and propagated with a message 3.created through negotiation

14 Way 1: Created by STS

15 Example Example wsse:SecurityContextToken wsse:ReqIssue

16 Example Example uuid:......

17 Way 2: Created by One of The Communicating Parties Process –The initiator creates a security context token and sends it to the other parties in a message –The recipient can then choose whether or not to accept the security context token Application –This model works when the sender is trusted to always create a new security context token.

18 Way 3: Created through Negotiation Process –The initiating party sends a request to the other party –A is returned. –Repeat the above 2 steps until a final response containing a and a is received. Application –There is a need to negotiate among the participants on the contents of the security context token, such as the shared secret

19 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action Conclusion References

20 Deriving Keys Once the context and secret have been established (authenticated), Derived Keys Mechanism can be used to compute derived keys for each key usage in the secure context. Example – Four keys may be derived so that two parties can sign and encrypt using separate keys.

21 Deriving Keys Algorithms –Using a common secret, parties may define different key derivations to use –Default: P_SHA-1 function (referred to as wsse:PSHA1) P_SHA1 (secret, label + seed)

22 Deriving Keys The element is used to indicate that the key for a specific security token is generated from the function of P_SHA-1. Example 2

23 Subsequent Derivation Example.../derivedKeySource NewLabel FHFE

24 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action Conclusion References

25 SecureConversation In Action Web Service Enhancements (WSE) 2.0 for.NET 2.0 improves the implementation of secure conversations in Web services architecture. Demonstration

26 Predefined Security Tokens in WSE 2.0

27 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action Conclusion References

28 Conclusion of WS- SecureConversation The WS-SecureConversation specification defines extensions to allow security context establishment and sharing, and session key derivation.

29 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action Conclusion References

30 Primary References us/dnglobspec/html/ws-secureconversation.asphttp://msdn.microsoft.com/library/default.asp?url=/library/en- us/dnglobspec/html/ws-secureconversation.asp –Official specification describing WS-SecureConversation us/dnwse/html/wssecdrill.asphttp://msdn.microsoft.com/library/default.asp?url=/library/en- us/dnwse/html/wssecdrill.asp –A good reference that explains how to use Web Services Enhancements 2.0 to implement security, trust, and secure conversations in Web services architecture.

31 Secondary References 9B9A-C5F6-4C95-87B7-FC7AB49B3EDD&displaylang=enhttp:// 9B9A-C5F6-4C95-87B7-FC7AB49B3EDD&displaylang=en –The WSE 2.0 technology preview provides early access to new advanced Web services capabilities. –The latest advanced Web services capabilities to keep pace with the evolving Web services protocol specifications.

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.