© 2007 Charteris plc20 June 2015 1 1 Extending Web Service Security with WS-* Presented by Chris Seary MVP Charteris plc, 39-40 Bartholomew Close, London.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Guide to Network Defense and Countermeasures Second Edition
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Core Web Service Security Patterns
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
X.509 support in WCF Exploring support for X.509 Certificates in Microsoft’s Windows Communication Foundation Paul Cormier UCCS CS591 Fall 2009.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Introduction To Windows NT ® Server And Internet Information Server.
Web services security I
Prashanth Kumar Muthoju
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Course 201 – Administration, Content Inspection and SSL VPN
X.509 Certificate management in.Net By, Vishnu Kamisetty
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.
OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
Secure Socket Layer (SSL)
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Types of Electronic Infection
Module 9: Fundamentals of Securing Network Communication.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
Grid Chemistry System Architecture Overview Akylbek Zhumabayev.
Random Logic l Forum.NET l Web Services Enhancements for Microsoft.NET (WSE) Forum.NET ● October 4th, 2006.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Developing Web Services Using ASP.NET and WSE That Interoperate with the Windows Communications Foundation ("Indigo") Mark Fussell COM432 Lead Program.
Slide 1 ASP Authentication There are basically three authentication modes Windows Passport Forms There are others through WCF You choose an authentication.
Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.
 A Web service is a method of communication between two electronic devices over World Wide Web.
Csci5233 computer security & integrity 1 Cryptography: an overview.
Security, Accounting, and Assurance Mahdi N. Bojnordi 2004
Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
1 Thuy, Le Huu | Pentalog VN Web Services Security.
Web Services Security Patterns Alex Mackman CM Group Ltd
Endpoints Lesson 17. Skills Matrix Endpoints Endpoints provide a reliable, securable, scalable messaging system that enables SQL Server to communicate.
Web Services Security INFOSYS 290, Section 3 Web Services: Concepts, Design and Implementation Adam Blum
Web Services Security Mike Shaw Architectural Engineer.
Web Services Security with WSE 2.0 Muhammad Saqib Ilyas
1 WS-Security Yosi Taguri Microsoft Israel
X509 Web Authentication From the perspective of security or An Introduction to Certificates.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Windows Communication Foundation and Web Services
Remote Access Lecture 2.
Common Security Mistakes
Tim Bornholtz Director of Technology Services
Unit 8 Network Security.
Electronic Payment Security Technologies
Presentation transcript:

© 2007 Charteris plc20 June Extending Web Service Security with WS-* Presented by Chris Seary MVP Charteris plc, Bartholomew Close, London EC1A 7JN

© 2007 Charteris plc20 June Vision Secure communications –Confidentiality –Integrity –Availability

© 2007 Charteris plc20 June Confusion Network protocol security Message layer security ? ?? ? ?

© 2007 Charteris plc20 June Coming up Clarification What are the different types of security provided by networking protocols? What does message level security add? Suggestions on which to choose How to do it using WCF

© 2007 Charteris plc20 June What is WS-Security? Message layer security Standards based (OASIS) WS-* –WS-Security –WS-Addressing –Etc.

© 2007 Charteris plc20 June How do we implement it? WCF provides a framework for programming WS-* –Authentication –Encryption –Non-repudiation –Digital signatures –Etc.

© 2007 Charteris plc20 June Message security versus network protocol security What do we mean by –Message –Network protocol Confusion due to naming!

© 2007 Charteris plc20 June Network protocols TCP/IP stack Refers to network communications

© 2007 Charteris plc20 June Network protocols Security Applied here TCP/IP stack Refers to network communications

© 2007 Charteris plc20 June Network protocols Security Applied here Unsecured data TCP/IP stack Refers to network communications

© 2007 Charteris plc20 June Network protocols Data is only protected during transit Security Applied here Unsecured data

© 2007 Charteris plc20 June Network protocols Security Applied here Unsecured data HTTPS FTPS

© 2007 Charteris plc20 June Network protocols Security Applied here Unsecured data IPSec

© 2007 Charteris plc20 June Network protocols Security Applied here Unsecured data PPP uses PAP CHAP MS-CHAP EAP

© 2007 Charteris plc20 June Network protocols SSL –Confidentiality –Integrity –Authenticates USERS Basic Windows Etc. –Various apps FTP SQL Server libraries

© 2007 Charteris plc20 June Network protocols IPSec –Confidentiality –Integrity –Authenticates HOSTS Kerberos Shared password (don’t do this in production!) Certificates –VPN with L2TP

© 2007 Charteris plc20 June Demo SSL in IIS IPSec

© 2007 Charteris plc20 June Message security Protects data that is sent Security Applied here (encrypt) Secure data Security Applied here (decrypt)

© 2007 Charteris plc20 June Message security More granular Can use application level tools End to end Security Applied here (encrypt) Secure data Security Applied here (decrypt)

© 2007 Charteris plc20 June Integrity –Message not altered in transit –WS-*, SSL, IPSec all give this

© 2007 Charteris plc20 June Non-repudiation Digital signatures –Gives assurance that message was sent by the signer –WS-* gives digital signature –SSL and IPSec do not

© 2007 Charteris plc20 June Confidentiality Encryption –Only recipient can read message –Both SSL, IPSec and WSE provide this –WS-* provides more granular functionality Custom policy assertion can encrypt/sign specific parts of a message Intrusion Detection Systems may disallow SSL or IPSec

© 2007 Charteris plc20 June Authentication IPSec –Kerberos, shared key, certificates SSL –Basic, Windows, Digest, Certs WS-* –Username/password, Certs, Custom, Kerberos

© 2007 Charteris plc20 June Policy WS-* can be applied via –Configuration –Code –A mixture of configuration and code Policy is configuration

© 2007 Charteris plc20 June Policy WCF offers readymade policy objects –‘turnkey’ approach that began with WSE 3.0

© 2007 Charteris plc20 June Demo SOAP WS-Security Encryption Digital Signature

© 2007 Charteris plc20 June Security and encryption Message Jhbsx^8 Encrypt Decrypt

© 2007 Charteris plc20 June Security and encryption Message Jhbsx^8 Encrypt Decrypt Public Private

© 2007 Charteris plc20 June Security and encryption Message Jhbsx^8 Encrypt Decrypt Public Private Usually includes encryption of symmetric key!

© 2007 Charteris plc20 June Certificates Subject name Serial number Issuer Public key CA signature Attribute 1 Attribute 2 Attribute 3. Certificate

© 2007 Charteris plc20 June Certificate store Subject name Serial number Issuer Public key CA signature Attribute 1 Attribute 2 Attribute 3. Certificate Private key

© 2007 Charteris plc20 June Certificate store Local machine –Certificates used by system Demo uses Network Service Current user –Logged on user – Windows test harness X509 Certificate Tool –Grants permissions for accessing private keys

© 2007 Charteris plc20 June demo Certificate store

© 2007 Charteris plc20 June WCF Windows Communication Foundation

© 2007 Charteris plc20 June WCF Address Binding Contract

© 2007 Charteris plc20 June WCF Address –Endpoint –URL

© 2007 Charteris plc20 June WCF Binding –How do we communicate? WS-* HTTP HTTPS Etc.

© 2007 Charteris plc20 June WCF Contract –What have we agreed? Methods Parameters –Interface

© 2007 Charteris plc20 June WCF ClientService CBA CBA CBA A BC Address Where? Contract What? Binding How? Behavior Endpoints:

© 2007 Charteris plc20 June demo Wcf and ws-*

© 2007 Charteris plc20 June WS-* Evolution WSE –Tactical –WSE Net 1.x –WSE Net 2.0 WCF –Future of communications for Microsoft technologies

© 2007 Charteris plc20 June WS-* Interoperability WSE 3.0WCF WSE 2.0WCF

© 2007 Charteris plc20 June WCF us/netframework/aa asphttp://msdn2.microsoft.com/en- us/netframework/aa asp

© 2007 Charteris plc20 June WS-Federation Single Sign On Identity Providers 7 laws of identity – Kim Cameron – es/2006/07/7Laws/default.aspx

© 2007 Charteris plc20 June WS-Federation

© 2007 Charteris plc20 June WS-Federation

© 2007 Charteris plc20 June WS-Federation

© 2007 Charteris plc20 June WS-Federation

© 2007 Charteris plc20 June WS-Federation

© 2007 Charteris plc20 June WS-Federation

© 2007 Charteris plc20 June WS-Federation

© 2007 Charteris plc20 June WS-Federation

© 2007 Charteris plc20 June WS-Federation ver/en/Library/b0f029cb-65ab-44fb-bcfc- 5aa02314e06e1033.mspx?mfr=true

© 2007 Charteris plc20 June Summary Protocol – TCP/IP Message – WS-Security Single Sign On – WS-Federation Rapidly advancing technology

© 2007 Charteris plc20 June Thank you Presentation and slides –

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.