Presentation is loading. Please wait.

Presentation is loading. Please wait.

Florida Atlantic University Department of Electrical and Computer Engineering &Computer Science ( ECECS ) &Computer Science ( ECECS ) Security Systems.

Published byAmanda Shaw Modified over 8 years ago

Similar presentations

Presentation on theme: "Florida Atlantic University Department of Electrical and Computer Engineering &Computer Science ( ECECS ) &Computer Science ( ECECS ) Security Systems."— Presentation transcript:

1 Florida Atlantic University Department of Electrical and Computer Engineering &Computer Science ( ECECS ) &Computer Science ( ECECS ) Security Systems Research Group Fall 2009 Web Services “Web Services Policy Standard ” Ola Ajaj oajaj@fau.edu Security Systems Research Group Fall 2009 Web Services “Web Services Policy Standard ” Ola Ajaj oajaj@fau.edu Security Systems Research Group Copyright © 2009 Ola Ajaj

2 Q: What are WS Specifications?   Specifications have been developed or are currently being developed to extend Web Services capabilities. These specifications are generally referred to as WS-*.   Specifications may complement, overlap, and compete with each other.   The current status of Web Services Standards is discussed and classified on the paper :  "Web services security: Standards and products"  [Fer09]E. B. Fernandez, K. Hashizume, I. Buckley, M. M. Larrondo-Petrie, and M. VanHilst, "Web services security: Standards and products", to appear in "Web Services Security Development and Architecture: Theoretical and Practical Issues", Carlos A. Gutierrez, Eduardo Fernandez-Medina, and Mario Piattini (Eds.), IGI Global 2009. Security Systems Research Group Copyright © 2009 Ola Ajaj

3 WS-Federation WS- SecureConversation WS-Authorization WS-PolicyWS-TrustWS-Privacy XKMS XML Encryption XML Digital Signature SOAP Foundation WS-Security SAMLXACMLSPML Security Systems Research Group Copyright © Ola Ajaj Security Standards

4 Transactions WS-Coordination WS-AtomicTransaction WS-BusinessActivity Metadata WS-Policy WS-PolicyAssertions WS-PolicyAttachment WS-SecurityPolicy WS-Discovery WS-MetadataExchange Messaging WS-Addressing WS-Eventing MTOM (Attachments) Reliability WS-ReliableMessaging Security WS-Security WS-Trust WS-SecureConversation WS-Federation WS-Privacy Q: What are WS Specifications ?? Security Systems Research Group Copyright © 2009 Ola Ajaj

5 XML Encryption Security Systems Research Group Copyright © 2009 Ola Ajaj Symmetric Encryption Asymmetric Encryption XSAML XML Signature Digital Signature With Hashing WS-Security WS- Policy WS-Federation WS- Trust WS-Secure Conversation

6 Security Systems Research Group Copyright © 2009 Ola Ajaj OLA REGISTRAR

7 Starting Point   Web Services Standards can be : Lengthy documents. Too many details. Difficult for vendors to develop products. Difficult for users to decide what product to use.   Also, several organizations that have different goals have developed standards that may overlap and even conflict to each other.   We develop patterns for these standards to have a better understanding of them. Security Systems Research Group Copyright © 2009 Ola Ajaj

8 CreatePurchaseOrderRequest CreatePurchaseOrderResponse Provider Consumer Broker (UDDI) Create Purchase Order SOAP/HTTP PublishService FindService PublishServiceMetadata FindServiceResponse FindServiceRequest Q: What is WS-Policy Model?

9   WSDL   Policy references are made via global attributes or PolicyReference element as defined in WS-Policy   Policy references can be made to policy expressions defined inline, e.g. in wsdl:definitions section   UDDI   Policy references are made via UDDI categorization mechanism   Policy expressions are always remote to UDDI entities   Reusable policy expressions can be registered as distinct tModels   Policy-based discovery is limited to policy expression URIs Policy WSDL P UDDI Policy UDDI Policy Security Systems Research Group Copyright © Ola Ajaj Q: How to Attache Policy to WSDL and UDDI?

10 Q: How to achieve Policy Exchange?  Peer-to-peer  Consumer retrieves policy from provider (e.g. WS- MetadataExchange)  Brokered approach  Provider publishes policy to broker (e.g. UDDI)  Consumers subscribe to Web services used  Broker notifies consumers in case changes occur ProviderConsumer P Broker Consumer P' Security Systems Research Group Copyright © Ola Ajaj

11 Agenda  Introduction  Domain Terminology  Policy Expressions  Policy Assertions  Policy Attachments  Conclusion  Policy In Action Security Systems Research Group Copyright © 2009 Ola Ajaj

12 WS-Policy  Why?  To integrate software systems with web services.  What?  Provides a flexible and extensible grammar for expressing the capabilities, requirements, and general characteristics of Web Service entities  How?  Defines a model to express these properties as policies  Without this standard, developers need docs. Security Systems Research Group Copyright © 2009 Ola Ajaj

13  Goal:  Provide the mechanisms needed to enable Web Services applications to specify policies  WS-Policy specifies:  An XML-based structure called a policy expression containing policy information  Grammar elements to indicate how the contained policy assertions apply Security Systems Research Group Copyright © 2009 Ola Ajaj

14 Agenda  Introduction  Domain Terminology (Web Services Policy 1.5 – Framework)  Policy Expressions  Policy Assertions  Policy Attachments  Conclusion  Policy In Action Security Systems Research Group Copyright © 2009 Ola Ajaj

15 Terminology  Policy: an empty collection of policy alternatives.  Policy alternative an empty collection of policy assertions.  Policy Assertion: represents a requirement, a capability, or other property of a behavior.  Policy Expression: set of one or more policy assertions.  Policy Subject: is an entity (e.g., an endpoint, message, resource, operation) with which a policy can be associated. Security Systems Research Group Copyright © 2009 Ola Ajaj

16 ..................... Policy Normal Form Policy Expression Collection of alternatives („pick one“) Policy Alternative Collection of assertions („do all“) Policy Assertion Domain-specific behavior Security Systems Research Group Copyright © Ola Ajaj Q: What is WS-Policy Model? Security Systems Research Group Copyright © 2009 Ola Ajaj

17  Claim: A security statement about a subject.  Subject: An item, e.g. a Web Service, about which the claims expressed in the security token apply.  Security token: A representation of a security statement.  Web Service endpoint policy: The claims and related information that Web Services require in order to process messages.

18 Security Systems Research Group Copyright © 2009 Ola Ajaj OLA REGISTRAR

19 Terminology  Policy Attachment : the mechanism for associating policy expressions with one or more subjects. Security Systems Research Group Copyright © 2009 Ola Ajaj

20 Agenda  Introduction  Domain Terminology  Policy Expressions  Policy Assertions  Policy Attachments  Conclusion  Policy In Action Security Systems Research Group Copyright © 2009 Ola Ajaj

21 Policy Expressions  A Policy Expression is the XML representation of a policy  XML facilitates interoperability between a heterogeneous platforms. Security Systems Research Group Copyright © 2009 Ola Ajaj

22 Agenda  Introduction  Domain Terminology  Policy Expressions  Policy Assertions  Policy Attachments  Conclusion  Policy In Action Security Systems Research Group Copyright © 2009 Ola Ajaj

23 Policy Assertions  A policy assertion:  Represents an individual preference, requirement, capability, or other characteristic  Is the basic building block of a policy expression  an XML element with a well-known name and meaning Security Systems Research Group Copyright © 2009 Ola Ajaj

24  What does this Assertion state?  The subject requires  The UTF-8 character encoding  Any form of the English language  SOAP version 1.1 General Assertion Example <wsp:SpecVersion wsp:Usage="wsp:Required" URI="http://www.w3.org/TR/2000/NOTE-SOAP-20000508/" />... Security Systems Research Group Copyright © 2009 Ola Ajaj

25 Policy Reference  Mechanism to share policy assertions across policy expressions  Uses the naming conventions discussed above... <wsp:PolicyReference URI="..." Ref="..." Digest="..." DigestAlgorithm="..." />... Security Systems Research Group Copyright © 2009 Ola Ajaj

26 Policy Reference Example <wsp:Policy wsu:Id="tokensWithSignature" xmlns:wsp="..." xmlns:wsse="...">... <wsp:Policy wsu:Id="tokensWithEncryption" xmlns:wsp="..." xmlns:wsse="...">... Security Systems Research Group Copyright © 2009 Ola Ajaj

27 Agenda  Introduction  Domain Terminology  Policy Expressions  Policy Assertions  Policy Attachments  Conclusion  Policy In Action Security Systems Research Group Copyright © 2009 Ola Ajaj

28 Policy Attachments  WS-PolicyAttachment defines mechanisms to associate expressions with subjects  Specifically defines mechanisms for:  XML elements  WSDL definitions  UDDI entries  Uses attributes  wsp:PolicyURIs – list of URIs  wsp:PolicyPrefs – list of QNames Security Systems Research Group Copyright © 2009 Ola Ajaj

29 Policy Attachments  The attribute wsp:PolicyAttachment binds an endpoint to a policy expression  Requires no change to the web service http://virginia.edu/someendpoint s:SomePortType s:SomeService... Security Systems Research Group Copyright © 2009 Ola Ajaj

30 Agenda  Introduction  Domain Terminology  Policy Expressions  Policy Assertions  Policy Attachments  Conclusion  Policy In Action Security Systems Research Group Copyright © 2009 Ola Ajaj

31 Conclusion of WS-Policy  The policy specifications define a standard framework  Developers can:  express requirements, capabilities, and preferences in an interoperable way.  select web services more meaningfully.  Policies provide support for standard assertions. Security Systems Research Group Copyright © 2009 Ola Ajaj

32 Policy In Action  Web Service Enhancements (WSE) 2.0 for.NET 2.0 provides basic support for WS-Policy Security Systems Research Group Copyright © 2009 Ola Ajaj

Download ppt "Florida Atlantic University Department of Electrical and Computer Engineering &Computer Science ( ECECS ) &Computer Science ( ECECS ) Security Systems."

Similar presentations

Primer Maryann Hondo, IBM Umit Yalcinalp, SAP. Current Proposal Introduction The WS-Policy specification defines a policy to be a collection of policy.

Primer Maryann Hondo, IBM Umit Yalcinalp, SAP. Current Proposal Introduction The WS-Policy specification defines a policy to be a collection of policy.
® IBM Software Group © IBM Corporation WS-Policy Attachment- spec overview Maryann Hondo IBM.

® IBM Software Group © IBM Corporation WS-Policy Attachment- spec overview Maryann Hondo IBM.
Web Service Architecture

Web Service Architecture
WS-Policy Brian Garback. 2 Agenda  Introduction  Domain Terminology  Policy Expressions  Policy Assertions  Policy Attachments  Conclusion  Policy.

WS-Policy Brian Garback. 2 Agenda  Introduction  Domain Terminology  Policy Expressions  Policy Assertions  Policy Attachments  Conclusion  Policy.
Claus von Riegen, SAP AG WS-Policy Overview W3C Workshop on Constraints and Capabilities for Web Services.

Claus von Riegen, SAP AG WS-Policy Overview W3C Workshop on Constraints and Capabilities for Web Services.
SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.

SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.
1 Industry-Wide System Management Standard Bernd Sint Seminar Grid Computing II WS 2006/07.

1 Industry-Wide System Management Standard Bernd Sint Seminar Grid Computing II WS 2006/07.
CERN – European Organization for Nuclear Research IT Department – Administrative Information Services Service Oriented Architecture definition and main.

CERN – European Organization for Nuclear Research IT Department – Administrative Information Services Service Oriented Architecture definition and main.
Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.

Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.
Extending Web Applications with Web Services Mike Taulty Developer & Platform Group Microsoft Ltd

Extending Web Applications with Web Services Mike Taulty Developer & Platform Group Microsoft Ltd
Web Service Security CSCI5931 Web Security Instructor: Dr. T. Andrew Yang Student: Jue Wang.

Web Service Security CSCI5931 Web Security Instructor: Dr. T. Andrew Yang Student: Jue Wang.
Prashanth Kumar Muthoju

Prashanth Kumar Muthoju
Module 13: WCF Receive Adapters. Overview Lesson 1: Introduction to WCF Receive Adapters Lesson 2: Configuring a WCF Receive Adapter Lesson 3: Using the.

Module 13: WCF Receive Adapters. Overview Lesson 1: Introduction to WCF Receive Adapters Lesson 2: Configuring a WCF Receive Adapter Lesson 3: Using the.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Constraints and Capabilities Workshop Oracle Position Ashok Malhotra Greg Pavlik.

Constraints and Capabilities Workshop Oracle Position Ashok Malhotra Greg Pavlik.
Web Service Standards, Security & Management Chris Peiris www.ChrisPeiris.com.

Web Service Standards, Security & Management Chris Peiris
THE NEXT STEP IN WEB SERVICES By Francisco Curbera,… Memtimin MAHMUT 2012.

THE NEXT STEP IN WEB SERVICES By Francisco Curbera,… Memtimin MAHMUT 2012.
Web Services Interoperability in Healthcare Mark Oswald Program Manager, eBusiness Healthcare

Web Services Interoperability in Healthcare Mark Oswald Program Manager, eBusiness Healthcare
13-Sep-15: 1 Web Services Framework Paper by IBM and Microsoft Andrew Layman, XML Web Services Architect, Microsoft Copyright © 2001 Microsoft Corporation,

13-Sep-15: 1 Web Services Framework Paper by IBM and Microsoft Andrew Layman, XML Web Services Architect, Microsoft Copyright © 2001 Microsoft Corporation,
Web Services and HL7v3 in IHE profiles Vassil Peytchev Epic.

Web Services and HL7v3 in IHE profiles Vassil Peytchev Epic.

Similar presentations

Ads by Google