XML Key Management Services - Tutorial 9 December 01 Blair Dillaway Software Architect Microsoft Corp.

Slides:



Advertisements
Similar presentations
April 23, XKMS Requirements Update Frederick Hirsch, Mike Just April 23, 2002 Goals Requirements Summary –General, Security Last Call Issues –For.
Advertisements

XML Key Management Requirements W3C XML Key Management Working Group Meeting – Dec 9 th, 2001 Frederick Hirsch (Zolera Systems) Mike Just (Entrust)
17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts
Web Services Security Requirements Stephen T. Whitlock Security Architect Boeing.
Overview of Web Services
Chapter 14 – Authentication Applications
Web Services Copyright © Liferay, Inc. All Rights Reserved. No material may be reproduced electronically or in print without written permission.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority.
Cryptography and Network Security Chapter 14
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 Understanding Web Services Presented By: Woodas Lai.
Web Services Darshan R. Kapadia Gregor von Laszewski 1http://grid.rit.edu.
Building and Using Web Services with ASP.NET Rob Howard Program Manager.NET Framework Team Microsoft Corp.
A Public Web Services Security Framework Based on Current and Future Usage Scenarios J.Thelin, Chief Architect PJ.Murray, Product Manager Cape Clear Software.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
Lecture 23 Internet Authentication Applications
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure Ben Sangster February 23, 2006.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
SMUCSE 5349/7349 Public-Key Infrastructure (PKI).
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
A New Computing Paradigm. Overview of Web Services Over 66 percent of respondents to a 2001 InfoWorld magazine poll agreed that "Web services are likely.
CS526 – Advanced Internet And Web Systems Semester Project Public Key Infrastructure (PKI) By Samatha Sudarshanam.
ΗΛΕΚΤΡΟΝΙΚΟ ΕΜΠΟΡΙΟ Web Services Overview Mary Grammatikou 9/06/2009.
Integration of Applications MIS3502: Application Integration and Evaluation Paul Weinberg Adapted from material by Arnold Kurtz, David.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
RSS RSS is a method that uses XML to distribute web content on one web site, to many other web sites. RSS allows fast browsing for news and updates.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Web service testing Group D5. What are Web Services? XML is the basis for Web services Web services are application components Web services communicate.
Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
The Windows NT ® 5.0 Public Key Infrastructure Charlie Chase Program Manager Windows NT Security Microsoft Corporation.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
HEPKI-TAG UPDATE Jim Jokl University of Virginia
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
Web Services Based on SOA: Concepts, Technology, Design by Thomas Erl MIS 181.9: Service Oriented Architecture 2 nd Semester,
1 Vigil : Enforcing Security in Ubiquitous Environments Authors : Lalana Kagal, Jeffrey Undercoffer, Anupam Joshi, Tim Finin Presented by : Amit Choudhri.
Integrating security services with the automatic processing of content TERENA 2001 Antalya, May 2001 Francesco Gennai, Marina Buzzi Istituto.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.
Web Services Presented By : Noam Ben Haim. Agenda Introduction What is a web service Basic Architecture Extended Architecture WS Stacks.
© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy.
Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.
Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.
Introduction to Web Services Presented by Sarath Chandra Dorbala.
Web Services Blake Schernekau March 27 th, Learning Objectives Understand Web Services Understand Web Services Figure out SOAP and what it is used.
From Coulouris, Dollimore, Kindberg and Blair Distributed Systems: Concepts and Design Edition 5, © Addison-Wesley 2012 Slides for Chapter 9 Web Services.
Software Architecture Patterns (3) Service Oriented & Web Oriented Architecture source: microsoft.
An Analysis of XKMS Yamini Ghadge Shanky Subramanian.
WEB SERVICES.
Cryptography and Network Security
S/MIME T ANANDHAN.
Presentation transcript:

XML Key Management Services - Tutorial 9 December 01 Blair Dillaway Software Architect Microsoft Corp.

Outline Historical Perspective XKMS Overview Trust Models Using XKMS Whats Next

Historical Perspective PKI complexity has limited its use –Enrollment – multiple approaches –No std discovery approach – CAs, Certs, Keys –Cert standardization & interpretation –Trust management Chain-building logic OID interpretation Cross certification & cert hierarchies –Client handling of complex ASN.1 and PKCS data structures –Effective Revocation/Validation Affects every client Interoperability issues

XKMS Overview Define XML compatible key mgmt Make PKI-based security easier to use –Address multi-vendor, cross-plat issues –Support multiple Trust/PKI infrastructures –Allow clients to offload complex, and difficult, trust assessment –Integrate key validity checks –Keep the interfaces simple –Keep interactions simple

XKMS Approach Internet Client App XKMS Service Web Service App PKI Std. Protocols: HTTP SOAP Std. Discovery: UDDI WSDL

Trust Models (1 of 2) XKMS is trust model agnostic –PKIX, PGP, Key-based, Proprietary –Services define supported model Similar to CA publishing a CPS Contract between the Service and Applications XKMS doesnt tell one how to do this or what the business relationship should be

Trust (2 of 2) But, theres still a bootstrapping problem –Apps need to pick the right trust infrastructure –Need trust in an XKMS service(s) XKMS doesnt define how to handle this Will likely mirror what already happens –Keys for high-volume, low-value, Services widely distributed –Keys for Enterprise Services distributed via internal trust –Keys for vertical market, high-value, apps using high assurance mechanism

Using XKMS (1 of 2) Getting started –Pick the right service, get its usage profile info, etc. –Tailor the XKMS client for the service Cache the service identifying info Set the service URL Understand supported KeyInfo elements Structural requirements on data (i.e., KeyID or KeyName formatting)

Using XKMS (2 of 2) Operations –Register your public key –Locate other public keys (optional) Ex: find key so you can send encrypted data to others –Check validity/trustworthiness of public keys Authentication, Signed documents, … Possibly before sending encrypted data –Manage your keys Revoke Update associated attributes Recover/roam your private key

Next Steps Refinement of XKMS 1.1 –Interface refinement –Xml Signature context issues –Bulk operations –Message level authentication, integrity, confidentiality –Update for conformance with latest XML stds Move forward as a W3C recommendation

XKMS Message Samples

Registration Request Valid abc123 mykey 8nSoscDtBoSA5jiqrMn3yg0TRvRdfFFzrutP7zHAT X4lD8cgPns= AQAB 85XRXbVMov0efQi1NvS41Q1YsZg= T12:00: : T12:00: :00 Signature Exchange mX8qoz9e+Ko01d4GcfLiyBeFg5Q= KKRHMd5eL7wwBG1Xs7A= mX8qoz9e+1d4GcfLiyBeFg5Q= 9uT2hVmuZ4sBLk414= JMffIc07Z23iJelIXHE= KeyName X509Cert

Register Result Success Valid abc123 mykey CN=MyName, O=Microsoft CN=TheCA Thn3s9ozskDXj1ibjrhxz092LG4ivz+3ARpNT+mARKY= T12:00: : T12:00: :00 Signature Exchange

Locate Request mykey KeyName X509Cert

Locate Response Success mykey My Management Data My-SPKI-Cert mpk9qt0uwUb8KyMNiHEK6Y1efkBVBC3FE= AQAB CN=MyName, O=Microsoft CN=TheCA UbCDPEkqMtlSNBxmfQt8i6tZWpqFntJilP50iRKwBLw=

Validate Request Valid abc123 Signature Encryption KeyName X509Cert

Validate Response Success Valid abc123 mykey My Management Data CN=MyName, O=Microsoft CN=TheCA UbCDPEkqMtlSNBxmfQt8i6tZWpqFntJilP50iRKwBLw= T12:00: : T12:00: :00 Signature Exchange

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.