April 18, 2006 Shared Services Tools and Technologies.

Slides:



Advertisements
Similar presentations
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Advertisements

Web Service Ahmed Gamal Ahmed Nile University Bioinformatics Group
Demystifying the Protocol and Specification v1.1 Prepared for the Node Mentoring Meeting by: Rob Willis, Ross & Associates February.
Chapters 14 & 15 Internet Databases. E-Commerce  Bringing new products, services, or ideas to market, supporting and enhancing business operations 
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
Lecture 23 Internet Authentication Applications
A Successful RHIO Implementation
SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
1 Introduction to XML. XML eXtensible implies that users define tag content Markup implies it is a coded document Language implies it is a metalanguage.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.
Core Web Service Security Patterns
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Network Shared Services. Shared Services –Network Authentication and Authorization Services –Exchange Network Discovery Service –Universal Description.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
2006 IEEE International Conference on Web Services ICWS 2006 Overview.
Peoplesoft: Building and Consuming Web Services
Web services security I
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Public Key Infrastructure from the Most Trusted Name in e-Security.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
Web Services Overview and Trends David Purcell MnSCU OoC IT.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
Chapter 10: Authentication Guide to Computer Network Security.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
SOA, BPM, BPEL, jBPM.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Web Services Mohamed Fahmy Dr. Sherif Aly Hussein.
1 Web Services Distributed Systems. 2 Service Oriented Architecture Service-Oriented Architecture (SOA) expresses a software architectural concept that.
C Copyright © 2009, Oracle. All rights reserved. Appendix C: Service-Oriented Architectures.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Facility Registry System and the Exchange Network Pat Garvey OEI/OIC May 2000.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Web Server Administration Web Services XML SOAP. Overview What are web services and what do they do? What is XML? What is SOAP? How are they all connected?
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Web Services Standards. Introduction A web service is a type of component that is available on the web and can be incorporated in applications or used.
XML Web Services Architecture Siddharth Ruchandani CS 6362 – SW Architecture & Design Summer /11/05.
1 Advanced Software Architecture Muhammad Bilal Bashir PhD Scholar (Computer Science) Mohammad Ali Jinnah University.
Random Logic l Forum.NET l Web Services Enhancements for Microsoft.NET (WSE) Forum.NET ● October 4th, 2006.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
AUTHORS: MIKE P. PAPAZOGLOU WILLEM-JAN VAN DEN HEUVEL PRESENTED BY: MARGARETA VAMOS Service oriented architectures: approaches, technologies and research.
W3C Web Services Architecture Security Discussion Kick-Off Abbie Barbir, Ph.D. Nortel Networks.
Semantic Web Technologies Research Topics and Projects discussion Brief Readings Discussion Research Presentations.
Web Services Presented By : Noam Ben Haim. Agenda Introduction What is a web service Basic Architecture Extended Architecture WS Stacks.
XML Engr. Faisal ur Rehman CE-105T Spring Definition XML-EXTENSIBLE MARKUP LANGUAGE: provides a format for describing data. Facilitates the Precise.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Kemal Baykal Rasim Ismayilov
Intro to Web Services Dr. John P. Abraham UTPA. What are Web Services? Applications execute across multiple computers on a network.  The machine on which.
Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.
Introduction to Web Services Presented by Sarath Chandra Dorbala.
Copyright 2007, Information Builders. Slide 1 iWay Web Services and WebFOCUS Consumption Michael Florkowski Information Builders.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
By Jeremy Burdette & Daniel Gottlieb. It is an architecture It is not a technology May not fit all businesses “Service” doesn’t mean Web Service It is.
Real time Stock quotes by web Service and Securing XML for Web Services security. Bismita Srichandan
Chapter 6: Securing the Cloud
Unit – 5 JAVA Web Services
Inventory of Distributed Computing Concepts and Web services
NAAS 2.0 Features and Enhancements
Public Key Infrastructure from the Most Trusted Name in e-Security
Multi-party Authentication in Web Services
Tim Bornholtz Director of Technology Services
Presentation transcript:

April 18, 2006 Shared Services Tools and Technologies

Topics For This Session Service Oriented Architecture –Service Oriented Architecture is a collection of interconnected services. –SOA is an architecture of standards based web services using a common messaging technology model. (XML,SOAP,UDDI,WSDL etc..) Network Security (NAAS) –SAK -Secure Authentication Keys - Secure encrypted Keys that can replace passwords for machine to machine interactions –XKMS - XML Key Management System Network Software Developer Kit –A toolkit designed for integrating Network functions directly into applications

Topics Continued QA Services –XML Document Parsing service utilizing the.NET Reader –Extended Business Rule validation service for XML documents Style sheet Transformation Service –New service that can transform a document based on a style sheet (XSLT) into a new format

Session 2 (Tomorrow 1PM) Open Source - Overview / Tools / Node - An overview of open source tools and the integration of tools into a node implementation based completely on open sources code. Velocity High Performance Open Source Data Mapper - This tool supports the conversion of practically any format to any format based on a configuration file. It has out performed many other mappers by an order of magnitude based on our tests Business Process Execution Language (BPEL) in the CDX Node - This technology supports the orchestration and management of complex business processes that require multiple steps and web service calls. CDX has prototyped a BPEL flow for NEI and is working on a pilot. XML Gateway - a new security service that filters web service messages based on predefined rules such as adherence to the network WSDL and adds an additional security layer for messaging.

Background Service Oriented Architecture

Why SOA ? High Business Adaptability: More applications can use services. Increased Flexibility: Consumer applications are isolated from internal business changes. Improved Reusability: Services can be shared by many applications. Interoperable – Standard format enables consumers to interoperate with service providers. Cost Effective – Standard based components cost much less than custom-built ones. Sharing also reduces costs.

SOA Infrastructure Security Services (NAAS) Security Services for CDX and the Exchange Network Integrated with E Authentication services Universal Description and Discovery Interface Catalog of web services Implemented UDDI V3 Network Node Services Standards based web service protocols and XML schemas used Supports machine-to-machine data exchanges Quality Assurance server Parsing Services Extended Business Rule Validation XML Firewall A hardware appliance that validates and filters XML traffic. Application level security Orchestration is a standards driven approach to simplifying and automating business process. BPEL 1.1 is the leading standard.

Secure Authentication Key Advanced Security Mechanisms

What is Secure Authentication Key An encrypted string that contains subject identity. Jointly signed using multiple secrets. Tied directly to a particular machine.

The SAK Advantages Multifactor and multi-authentication scheme Reveal-proof: Disclosure of SAK is not a concern Strong protection of user privacy Disable dictionary attacks, brute force attacks and replay attacks

SAK vs. Security Token SAK is a credential while a security token is an evidence that the subject has been authenticated. A security token expires but an SAK doesn’t Both SAK and security token are encrypted. Both SAK and security token contains user identity information and they are extensible.

How to Use SAK SAK is good for machine to machine authentications. Users/Developers simply replace password with SAK. No other change is necessary. SAK can be obtained through the node helpdesk.

Conclusion SAK is a safer and stronger authentication scheme than password. Secure Authentication Key is a lightweight, miniature certificate without the PKI costs. Deployment of SAK is very simple and straight forward

Software Developer Kit Network Service Integration

Background Need to simplify access to web services Make integrating public and Exchange Network web services easier Abstracts messaging complexities to simple scripts

Exchange Network SDK Based on a Microsoft COM object Leverages SQLDATA Web Services Client Simple wizard driven installation Runs in.NET, C/C++ and Microsoft scripting environments. Sample scripts for Network Services

Security Support –Authentication Bare Key Digest Certificate HMAC –Authorization –XML Encryption Encrypt and Decrypt –XML Signature Sign and Verify Signature

Support for Consuming Services Download Query Notify Submit Solicit

Potential Uses Query the Network for Facility Data Submit Data to CDX XML Signature and Encryption Get Data from a Public Web Service

Encryption, Signature and Authentication Advanced Security Mechanisms

Topics End to End Security Requirements Document Confidentiality Document Integrity and Non-repudiation Exchange Network Key Management Services Node Client SDK Security Features Authentication using XKMS Conclusion

End-to-End Document Security Document Confidentiality: Protect sensitive data from the submitter all the way to the ultimate receiver. Document Integrity: Ensure document is unchanged from its originator to the target receiver. Document Non-reputation: Guarantee the faithfulness of the document origin. Strong Authentication: Assure the true identity of the document sender.

What is XKMS A World Wide Web Consortium (W3C) standard, XKMS 2.0, is finalized A central key depository with Web service interface to PKI Vendor-neutral PKI solution for public key and certificate management Foundation for secure Web services (XML signature, XML encryption, XKMS) XKMS will be the PKI solution to the Exchange Network, and the key element to a strong security model.

XKMS Internal Architecture

XML Signature using XKMS A document is signed using the Private Key and key information (KeyName, KeyValue) The receiver locates / validates the Public Key used for the signature from an XKMS server The receiver verifies the signature using the valid key

XML Signature using XKMS

Document Signing Using Node Client SDK Node Client SDK has XML Signature capabilities built in. Support all major features defined in the W3C specification Signing document is straight forward with a few line of coding. Can be integrated into Network Nodes or application in Windows platform.

XML Encryption Using XKMS The receiver registers the public key in XKMS. The sender locates the receiver’s Public Key from an XKMS server The sender encrypts a document using the receiver’s Public Key The receiver decrypts the document using the Private Key

XML Encryption Using XKMS

Document Encryption Using Node Client SDK Node Client SDK has XML Encryption capabilities built in. Support all encryption algorithm defined in the W3C specification Encrypting document is straight forward with a few lines of coding (Well, actually only two lines here). Can be integrated into Network Nodes or application in Windows platform.

Authentication using XKMS A user registers Public Key in XKMS The user creates an Authenticate message and signs the message using the Private Key Security service locates / validates the user’s Public Key from XKMS Security service verifies the signature. The user is authenticated if the signature is valid – the holder of the Private Key

Example Interaction with XKMS

Quality Assurance and Transformation Services

QA tools are available that can be used to validate data against a standard parser and business rules Quality Assurance Services –XML Schema Validation Pre-submission validation Post-submission validation –Rule Validation More then XML schema can do Schematron Lookup tables from endpoint datastore Quality Assurance Services

XLST Transformation Service A utility service that can be invoked by all network users. Perform data transformation using specified style- sheet. Use DIME attachment as payload. Document can be in either ZIP or XML format. Run in synchronous mode (small payload) or asynchronous mode (large payload) Service will be available on the QA server.

Document Transformation Service Definition: User authentication is required. Style Sheet can be local or remote. xmlDocument should be a DIME attachment docFormat is either ZIP or XML.

Conclusions SOA is real. EPA and state partners have built the world largest web service network based on SOA. SOA changes the way we approach software development.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.