Presentation is loading. Please wait.

Presentation is loading. Please wait.

© ETNIC l l Anne Noseda l WSGenCon 2.0 Presentation 1 WSGenCon 2.0 11/02/2010 E2SA – Equipe Support Standard Architecture.

Published byMerry McCormick Modified over 8 years ago

Similar presentations

Presentation on theme: "© ETNIC l l Anne Noseda l WSGenCon 2.0 Presentation 1 WSGenCon 2.0 11/02/2010 E2SA – Equipe Support Standard Architecture."— Presentation transcript:

1 © ETNIC l l Anne Noseda l WSGenCon 2.0 Presentation 1 WSGenCon 2.0 11/02/2010 E2SA – Equipe Support Standard Architecture

2 © ETNIC l l WSGenCon 2.0 Presentation 2 Goals ETNIC developed a gateway called WSGenCon  Why ?  How ? Table of Contents 1.Context 2.Problems encountered 3.WSGenCon 2.0 4.Future 5.Demo l Goals & Contents Goals & Contents

3 © ETNIC l l WSGenCon 2.0 Presentation 3 1. Context l Education Web Services ETNIC provides education Web Services (WS)  Exposed on the Internet  Need to be secured ETNIC has to know who registers  Signature  Non-repudiation ETNIC’s choices :  Use of standards  WS-Security + certificate (WSS X.509 Certificate Token Profile) user Registration WS Registration Application School Internet

4 © ETNIC l l WSGenCon 2.0 Presentation 4 Part of Novell IAM Solution Goal : Securing WS Supports a lot of standards Graphical interface – easy to configure 1. Context l ETNIC - Layer 7

5 © ETNIC l l WSGenCon 2.0 Presentation 5 2. Problems encountered l Technical complexity WS-Security too complex for schools  ETNIC developed a gateway : WSGenCon WSGenCon 1.0 provides XML support (XSL) SOAP protocol support WS-* support (WS-Adressing, WS-Security + certificate signature) HTTP / HTTPS protocol support

6 © ETNIC l l WSGenCon 2.0 Presentation 6 2. Problems encountered l Certificate vs eID WSGenCon 1.0 offers 2 ways of signing : Simple certificate Belgium electronic identity card (eID)  eID clearly better Comparison pointscertificateeID Cost--+ Diffusion--++ Lifecycle management-+ Technical complexity+- Secured storage--++

7 © ETNIC l l WSGenCon 2.0 Presentation 7 2. Problems encountered l Problems with WSGenCon 1.0 Organizational problems  PO provides same certificate to each school > cost Technical problems  use of eID : at each registration, PIN code requested Solution  WSGenCon 2.0 with WS-SecureConversation

8 © ETNIC l l WSGenCon 2.0 Presentation 8 3. WSGenCon 2.0 l WS-SecureConversation 2 OASIS Standards : WS-Trust (WST) WS-SecureConversation (WSSC) User authenticated once by STS  One PIN code request Then, use of a Security Context Token (SCT)  no more PIN code request

9 © ETNIC l l WSGenCon 2.0 Presentation 9 3. WSGenCon 2.0 l Technical issues Layer 7 constraints : Security Token Service (STS) + Secure Span Gateway (SSG) = same product  SCT is known by both elements WSSC specification advices to use derived key instead of the SCT itself  Mandatory If RST is signed, RSTR is also signed  Decryption not allowed with eID  Layer 7 support team proposed use of SSL mutual authentication

10 © ETNIC l l WSGenCon 2.0 Presentation 10 3. WSGenCon 2.0 l Mutual SSL

11 © ETNIC l l WSGenCon 2.0 Presentation 11 3. WSGenCon 2.0 l WSGenCon 2.0

12 © ETNIC l l WSGenCon 2.0 Presentation 12 4. Future l What’s more to do ? Nearly ready to use Update our Forge Website (source code & documentation) Package WSGenCon 2.0  simple installer Test for Java 1.5 (only compatible Java 6) Create user documentation

13 © ETNIC l l WSGenCon 2.0 Presentation 13 5. Demo l Demonstration FASE WS  school details Use of test eID provided by Certipost First launch : WS-Trust token negotiation  2 XML messages in the console WS-SecureConversation business exchanges  2 XML messages Second launch : Token is present and not expired Only WS-SecureConversation business exchanges  2 XML messages

14 © ETNIC l l WSGenCon 2.0 Presentation 14 Questions l Questions E2SA contact information : Equipe Support Standard Architecture e2sa@etnic.be Anne Noseda – 02/800.11.66 Sébastien Bal – 02/800.10.87 E2SA responsible for : WSGenCon support / development Layer 7 policies development WS development on the ESB

15 © ETNIC l l WSGenCon 2.0 Presentation 15 Conclusion l Conclusion This practical use case has proven that : it is possible to use only standards eID can be integrated with standards Information & source code will be available at http://forge.etnic.be  Feel free to usehttp://forge.etnic.be

16 © ETNIC l l WSGenCon 2.0 Presentation 16

Download ppt "© ETNIC l l Anne Noseda l WSGenCon 2.0 Presentation 1 WSGenCon 2.0 11/02/2010 E2SA – Equipe Support Standard Architecture."

Similar presentations

© Siemens NV/SA, October 2004 Communications Network and Information Security Report ICTSB/NISSG Stefan Goeman.

© Siemens NV/SA, October 2004 Communications Network and Information Security Report ICTSB/NISSG Stefan Goeman.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Bastian Steinert | 07. März 2007 make the most of leave requests a self-service application with Java™, Apache Cocoon, and the ESB Apache ServiceMIX.

Bastian Steinert | 07. März 2007 make the most of leave requests a self-service application with Java™, Apache Cocoon, and the ESB Apache ServiceMIX.
WEB401 Security Practices for Web Services (Part 2) Keith Ballinger Program Manager XML Messaging Microsoft Corporation.

WEB401 Security Practices for Web Services (Part 2) Keith Ballinger Program Manager XML Messaging Microsoft Corporation.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
WS-Security TC Christopher Kaler Kelvin Lawrence.

WS-Security TC Christopher Kaler Kelvin Lawrence.
Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.

Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.
Core Web Service Security Patterns

Core Web Service Security Patterns
© 2007 Charteris plc20 June 2015 1 1 Extending Web Service Security with WS-* Presented by Chris Seary MVP Charteris plc, 39-40 Bartholomew Close, London.

© 2007 Charteris plc20 June Extending Web Service Security with WS-* Presented by Chris Seary MVP Charteris plc, Bartholomew Close, London.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,

Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,
Web services security I

Web services security I
Prashanth Kumar Muthoju

Prashanth Kumar Muthoju
GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.

GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control Maarten

OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control Maarten

Similar presentations

Ads by Google