Web Service Standards, Security & Management Chris Peiris www.ChrisPeiris.com.

Slides:



Advertisements
Similar presentations
OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.
Advertisements

Web Service Architecture
Siebel Web Services Siebel Web Services March, From
Overview of Web Services
Tuesday, June 10, 2003 Web Services Brief Overview & Security Assertion Coordinator Pattern by Mohammad Abushadi & Riaz Ahmed for Security Group CSE -
31242/32549 Advanced Internet Programming Advanced Java Programming
UDDI v3.0 (Universal Description, Discovery and Integration)
Security Standards (…and Competing Standards … and Implementations … and Interoperability) Marty Humphrey Assistant Professor Computer Science Department.
A Successful RHIO Implementation
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
1 Introduction to XML. XML eXtensible implies that users define tag content Markup implies it is a coded document Language implies it is a metalanguage.
UDDI Overview Web Services Registry SOA Enabler. What Is UDDI? Universal Description, Discovery, and Integration Protocols for web services registry Public.
Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Extending Web Applications with Web Services Mike Taulty Developer & Platform Group Microsoft Ltd
Peoplesoft: Building and Consuming Web Services
Web services security I
Prashanth Kumar Muthoju
GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.
Module 13: WCF Receive Adapters. Overview Lesson 1: Introduction to WCF Receive Adapters Lesson 2: Configuring a WCF Receive Adapter Lesson 3: Using the.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Introduction to UDDI From: OASIS, Introduction to UDDI: Important Features and Functional Concepts.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Web Services and HL7v3 in IHE profiles Vassil Peytchev Epic.
Web Services & WCF ~ Ankit. Web services A web service is a collection of protocols and standards used for exchanging data between applications or systems.
What is Service Oriented Architecture ? CS409 Application Services Even Semester 2007.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
Web Services Part II Yongqun He. J2EE-based Web Services.
Web Services Description Language (WSDL) Jason Glenn CDA 5937 Process Coordination in Service and Computational Grids September 30, 2002.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.
Copyright © 2004 by The Web Services Interoperability Organization (WS-I). All Rights Reserved 1 Interoperability: Ensuring the Success of Web Services.
Promoting Web Services Interoperability Across Platforms, Applications and Programming Languages Basic Profile 1.0 August 12, 2003 Copyright © 2003 by.
Web Services based e-Commerce System Sandy Liu Jodrey School of Computer Science Acadia University July, 2002.
Web Services Standards. Introduction A web service is a type of component that is available on the web and can be incorporated in applications or used.
XML Web Services Architecture Siddharth Ruchandani CS 6362 – SW Architecture & Design Summer /11/05.
17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.
Random Logic l Forum.NET l Web Services Enhancements for Microsoft.NET (WSE) Forum.NET ● October 4th, 2006.
An XML based Security Assertion Markup Language
Developing Web Services Using ASP.NET and WSE That Interoperate with the Windows Communications Foundation ("Indigo") Mark Fussell COM432 Lead Program.
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Navigating the Standards Landscape Andrew Owen SEARCH.
SAML: An XML Framework for Exchanging Authentication and Authorization Information + SPML, XCBF Prateek Mishra August 2002.
WS-Trust “From each,according to his ability;to each, according to his need. “ Karl marx Ahmet Emre Naza Selçuk Durna
Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.
Semantic Web Technologies Research Topics and Projects discussion Brief Readings Discussion Research Presentations.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.
Enterprise Computing: Web Services
Kemal Baykal Rasim Ismayilov
Gridshell Security Master Project Akylbek Zhumabayev Rochester Institute of Technology.
Using WS-I to Build Secure Applications Anthony Nadalin Web Services Interoperability Organization (WS-I) Copyright 2008, WS-I, Inc. All rights reserved.
INFSO-RI Enabling Grids for E-sciencE Web Services Mike Mineter National e-Science Centre, Edinburgh.
Web Services Security Mike Shaw Architectural Engineer.
Florida Atlantic University Department of Electrical and Computer Engineering &Computer Science ( ECECS ) &Computer Science ( ECECS ) Security Systems.
Access Policy - Federation March 23, 2016
Sabri Kızanlık Ural Emekçi
Web Services UNIT 5.
Tim Bornholtz Director of Technology Services
WEB SERVICES DAVIDE ZERBINO.
InfiNET Solutions 5/21/
Web Services Enhancements 2.0
Presentation transcript:

Web Service Standards, Security & Management Chris Peiris

11 Oct 2006© ChrisPeiris.com2 Agenda Web Services Standards  OASIS  WS-I Web Service Security Web Service Management Future Enterprise SOA trends  Web 2.0, Ajax, SaaS

11 Oct 2006© ChrisPeiris.com3 Where are we heading?

11 Oct 2006© ChrisPeiris.com4 Web Services Standards SOA Demo 1 – Real World SOA Many Vendors  IBM  SUN  Microsoft  BEA etc.. How do they communicate with each other? Standards!!

11 Oct 2006© ChrisPeiris.com5 Web Services Standards Tale of “many vendors”  Do “it our way” – or else we can not assist you! IBM, Sun & Microsoft was instrumental in creating the first drafts. Who owns the standards? OASIS - Organization for the Advancement of Structured Information Standards.

11 Oct 2006© ChrisPeiris.com6 OASIS OASIS was founded in 1993 under the name SGML Open as a consortium of vendors and users devoted to developing guidelines for interoperability among products that support the Standard Generalized Markup Language (SGML). OASIS changed its name in 1998 to reflect an expanded scope of technical work, including the Extensible Markup Language (XML) and other related standards.

11 Oct 2006© ChrisPeiris.com7 Implementing OASIS standards What does the OASIS standards try to address?  Interoperability  Common methodology  Increase efficiency Is there a specialized body that’s taken the responsibility of implementing these OASIS standards?

11 Oct 2006© ChrisPeiris.com8 WS-I WS-I Interoperability The Web Services-Interoperability Organization (WS-I) is an open, industry organization-chartered to promote Web services interoperability across platforms, operating systems, and programming languages. WS- Basic Profile  html

11 Oct 2006© ChrisPeiris.com9 WS-I Basic Profile The WS-I Basic Profile defines an interoperable subset of the core Web services specifications, including XML Schema,  SOAP 1.1  WSDL 1.1  UDDI 2.0, by specifying refinements, interpretations, and clarifications of these specifications.

11 Oct 2006© ChrisPeiris.com10 Basic Profile Specifications Simple Object Access Protocol (SOAP) 1.1. Simple Object Access Protocol (SOAP) 1.1 Extensible Markup Language (XML) 1.0 (Second Edition). Extensible Markup Language (XML) 1.0 (Second Edition) RFC2616: Hypertext Transfer Protocol -- HTTP/1.1. RFC2616: Hypertext Transfer Protocol -- HTTP/1.1 RFC2965: HTTP State Management Mechanism. RFC2965: HTTP State Management Mechanism Web Services Description Language (WSDL) 1.1. Web Services Description Language (WSDL) 1.1 XML Schema Part 1: Structures. XML Schema Part 1: Structures XML Schema Part 2: Datatypes. XML Schema Part 2: Datatypes The UDDI Version 2.04 API Published Specification, Dated 19 July The UDDI Version 2.04 API Published Specification, Dated 19 July 2002 UDDI Version 2.03 Data Structure Reference, Published Specification, Dated 19 July UDDI Version 2.03 Data Structure Reference, Published Specification, Dated 19 July 2002 Version 2.0 UDDI XML Schema Version 2.0 UDDI XML Schema 2001 UDDI Version 2.03 Replication Specification, Published Specification, Dated 19 July UDDI Version 2.03 Replication Specification, Published Specification, Dated 19 July 2002 Version 2.03 Replication XML Schema Version 2.03 Replication XML Schema 2001 UDDI Version 2.03 XML Custody Schema. UDDI Version 2.03 XML Custody Schema UDDI Version 2.01Operator's Specification, Published Specification, Dated 19 July 2002

11 Oct 2006© ChrisPeiris.com11 Web Service Specifications Web services specifications compose together to provide interoperable protocols for Security, Reliable Messaging, and Transactions in loosely coupled systems. The specifications build on top of the core XML and SOAP standards.

11 Oct 2006© ChrisPeiris.com12 Messaging Specifications SOAP WS-Addressing MTOM (Attachments) WS-Eventing WS-Transfer SOAP-over-UDP SOAP 1.1 Binding for MTOM 1.0

11 Oct 2006© ChrisPeiris.com13 Agenda Web Services Standards  OASIS  WS-I Web Service Security Web Service Management Future Enterprise SOA trends  Web 2.0, Ajax, SaaS

11 Oct 2006© ChrisPeiris.com14 Security Specifications WS-Security: SOAP Message Security WS-Security: UsernameToken Profile WS-Security: X.509 Certificate Token Profile WS-SecureConversation WS-SecurityPolicy WS-Trust WS-Federation WS-Security: Kerberos Binding Web Single Sign-On Interoperability Profile

11 Oct 2006© ChrisPeiris.com15 Web Services Security OASIS Standard 1.1 The following documents make up the WS- Security 1.1 OASIS standard..  WS-Security Core Specification 1.1 WS-Security Core Specification 1.1  Username Token Profile 1.1 Username Token Profile 1.1  X.509 Token Profile 1.1 X.509 Token Profile 1.1  SAML Token profile 1.1 SAML Token profile 1.1  Kerberos Token Profile 1.1 Kerberos Token Profile 1.1  Rights Expression Language (REL) Token Profile 1.1 Rights Expression Language (REL) Token Profile 1.1  SOAP with Attachments (SWA) Profile 1.1 SOAP with Attachments (SWA) Profile 1.1

11 Oct 2006© ChrisPeiris.com16 What do they solve? Authentication Authorization Non – repudiation  Digital Signatures & Sign messages Data Integrity  Hashing How do they implement it?  Using Token Multiple Implementations : SAML, Kerberos, Certificates Custom tokens Certificates are issued by ‘trusted’ vendors – RSA, Verisign Kerberos token are used by Windows Operating System manage user credentials

11 Oct 2006© ChrisPeiris.com17 Vendor Implementation of WS Security Microsoft  Web Services Enhancements  Windows Communication Framework IBM – Soap Extensions to Web Sphere BEA Sun Java Every major vendor has implemented WS Security to their programming stack Demo 2 – Microsoft WS Security Implementation using WSE However, what is the standard way to exchange these WS Security information programmatically? Is there a preferable markup language that we can use?

11 Oct 2006© ChrisPeiris.com18 What is SAML? Security Assertions Markup Language (SAML) is an XML-based framework for Web services that enables the exchange of authentication and authorization  Assertions: Declarations of one or more facts about a user (human or computer). Authentication assertions require that the user prove his identity. Attribute assertions contain specific details about the user, such as his credit line or citizenship. The authorization decision assertion identifies what the user can do (for example, whether he is authorized to buy a certain item).  Request/response protocol: This defines the way that SAML requests and receives assertions. For example, SAML currently supports SOAP over HTTP.  Bindings: This details exactly how SAML requests should map into transport protocols such as SOAP message exchanges over HTTP.  Profiles: These dictate how SAML assertions can be embedded or transported between communicating systems. Implemented as tokens

11 Oct 2006© ChrisPeiris.com19 WS Federation Federated Security Model

11 Oct 2006© ChrisPeiris.com20 Advantages of Federated Security Model The flexibility of proving one set of credentials to a user (i.e. Certificate by the client) and converting it to another set of credentials (i.e. SAML token) can be utilized in many scenarios to add value to the customers. We also have the flexibility of altering our internal (i.e. The client can provide username password pair to replace the certificate) but our external implementation of the claims will not be changed. (i.e. The broker will still create the same SAML token with the username password pair).

11 Oct 2006© ChrisPeiris.com21 More Specifications Reliable Messaging Specifications WS-ReliableMessaging Reliable Messaging Specifications Transaction Specifications WS-Coordination WS-AtomicTransaction WS-BusinessActivity Transaction Specifications

11 Oct 2006© ChrisPeiris.com22 Agenda Web Services Standards  OASIS  WS-I Web Service Security Web Service Management Future Enterprise SOA trends  Web 2.0, Ajax, SaaS

11 Oct 2006© ChrisPeiris.com23 Web Services Management “ Web services enables heterogeneous software environment to share data to facilitate business needs. They support open standards (XML, SOAP, WSDL, UDDI) that will enable a "common communication platform" between distributed business partners. Web services can be built on many software platforms. (Microsoft, Java, IBM). All implementations focus on the "creation" and the "consumption" of web services. However, the concept of "managing the web service" is not explored in detail.

11 Oct 2006© ChrisPeiris.com24 Web Service Management Is there a framework to provide guidance to manage web services architecture?  Demo 3 Is there a unified set of principals that can be used with heterogeneous technologies to manage web services on multiple software platforms? Will WS-Management answer these questions? Can an agent framework be utilized to mange web services features – for example ‘security’?”

11 Oct 2006© ChrisPeiris.com25 Web Service Management Specifications Management Specifications WS-Management WS-Management Catalog Management Specifications Business Process Specifications BPEL4WS (Business Process Execution Language for Web Services Specification) Business Process Specifications Demo 4 – Managing SOA apps

11 Oct 2006© ChrisPeiris.com26 Agenda Web Services Standards  OASIS  WS-I Web Service Security Web Service Management Future Enterprise SOA trends  Web 2.0, Ajax, SaaS

11 Oct 2006© ChrisPeiris.com27 Future SOA Trends Rich UI Platforms / Smart Clients  Ajax / Atlas Web 2.0  Demo 5 Saas (Software as a Service)  Not a product – but a service! Why – more allocation of cost / more control over cost centers Infrastructure as a Service  Demo 6

11 Oct 2006© ChrisPeiris.com28 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.