Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 5511 Introduction to WS Authorization Brian P. Barrett.

Published byMarquez Grissom Modified over 10 years ago

Similar presentations

Presentation on theme: "CS 5511 Introduction to WS Authorization Brian P. Barrett."— Presentation transcript:

1 CS 5511 Introduction to WS Authorization Brian P. Barrett

2 CS 5512 Authorization  WS-Authorization – Complete?  Steps of Authorization  Security Token Acquisition  SAML  Authorization in Firewall  Map of Authorization  Authorization in Code  References

3 CS 5513 Where does Authorization fit in?  Authorization is an aspect of security that falls in with other categories: Secure Conversation Federation Policy Trust Federation Privacy Is this Authorized?

4 CS 5514 Security  Authentication Determine identity of a person/object  Authorization Determine what the person is allowed to do  Integrity Ensure the data was not altered on its way to you  Signature Validate the source of the data  Confidentiality Limit the people allowed to view the data  Privacy Make sure no one abuses your data  Digital Rights Management Limit users from doing whatever they want  Authentication Determine identity of a person/object  Authorization Determine what the person is allowed to do  Integrity Ensure the data was not altered on its way to you  Signature Validate the source of the data  Confidentiality Limit the people allowed to view the data  Privacy Make sure no one abuses your data  Digital Rights Management Limit users from doing whatever they want

5 CS 5515 How does Authorization work with other services?  If Authorization were to be on a layer working with other Services. It would work in conjunction with the Federation layer. WS-Federation WS-Secure Conversation WS-Authorization

6 CS 5516 Authorization with other WS

7 CS 5517

8 8 PMI or Privilege Management Infrastructure  Privilege Management Infrastructure: Source of Authority (SOA) = The topmost root of trust, sometimes also referred to as trust anchor Attribute Authority (AA) (also Privilege Allocator, Authoritative Entity) = The issuer of an attribute certificate Certificate Holder / Privilege Holder = The User or Subject of an Attribute Certificate

9 CS 5519 Security Token Authorized The Web Service Obtains security Token Web Service Trusts Established. Request was Processed and response returned Auth and Trust are Validated. Service must find Data and policies that are authorized for the user. The Data and policies will be Validated for that Particular client Requestor Issues a request.

10 CS 55110 SAML – Security Assertion Markup Language  SAML’s purpose was to be a Security language that could be used as an industry standard for security. It uses XML digital signatures with XML encryption.  The languages uses assertions made in the code that can convey information about authentication functions, and authorization decisions.

11 CS 55111 SAML Authorization Map

12 CS 55112 PEP- Policy Enforcement Point  Definition  Dependence upon the resource  PDP-Policy Decision Point

13 CS 55113 Authorization in Firewall Processing Claims officer/ Customer Insurance Co. Web-Service

14 CS 55114 Authorization Process Map Client -Give server trust -Invocate policy -consult policy Authorization Process Role based Authorization Instance based Authorization Capability listings Server -Access Policy -Give client resource -Policy authority

15 CS 55115 How does the the Authorization code fit?

16 CS 55116 Authorization in code Show SAML code and explain. SAML doc Authorization decision: by subject S, for access type A, to resource R, given evidence E.

17 CS 55117 Code Example * //medico.com/records.* read

18 CS 55118 References  Primary www.Globus.org –Globus is a resource to see the latest changes with WS-Authorization and other new standards. http://www.cs.huji.ac.il/course/2002/sdbi/ –If you go here and choose XML Security under Lecture slides you will find some detail about coding with SAML and its interaction for Authorization processes.  Secondary http://msdn.microsoft.com/library/default.asp?url=/library/en- us/dnwssecur/html/securitywhitepaper.asp –Here you will fine some significant images that detail security over the web. http://www.lightshipinc.com/lightship/resourcecenter/Etips.aspx –At this site you can learn new technology dealing with XML, SAML and XMACL.

Download ppt "CS 5511 Introduction to WS Authorization Brian P. Barrett."

Similar presentations

PASSPrivacy, Security and Access Services Don Jorgenson Introduction to Security and Privacy Educational Session HL7 WG Meeting- Sept. 2012.

PASSPrivacy, Security and Access Services Don Jorgenson Introduction to Security and Privacy Educational Session HL7 WG Meeting- Sept
SAML CCOW Work Item: Task 2

SAML CCOW Work Item: Task 2
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
Tuesday, June 10, 2003 Web Services Brief Overview & Security Assertion Coordinator Pattern by Mohammad Abushadi & Riaz Ahmed for Security Group CSE -

Tuesday, June 10, 2003 Web Services Brief Overview & Security Assertion Coordinator Pattern by Mohammad Abushadi & Riaz Ahmed for Security Group CSE -
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.
 Jan Alexander Program Manager Microsoft Corporation BB43.

 Jan Alexander Program Manager Microsoft Corporation BB43.
UDDI v3.0 (Universal Description, Discovery and Integration)

UDDI v3.0 (Universal Description, Discovery and Integration)
Web Service Security CS409 Application Services Even Semester 2007.

Web Service Security CS409 Application Services Even Semester 2007.
0 Web Service Security JongSu Bae. 1  Introduction 2. Web Service Security 3. Web Service Security Mechanism 4. Tool Support 5. Q&A  Contents.

0 Web Service Security JongSu Bae. 1  Introduction 2. Web Service Security 3. Web Service Security Mechanism 4. Tool Support 5. Q&A  Contents.
1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.

1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Christopher Irish David Orr Sophya Kheim Adam Lange Daniel Palma

Christopher Irish David Orr Sophya Kheim Adam Lange Daniel Palma
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
The EC PERMIS Project David Chadwick

The EC PERMIS Project David Chadwick
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
95-804 Applied Cryptography Week 13 SAML 1 95-804 Applied Cryptography SAML and XACML Mike McCarthy Week 13.

Applied Cryptography Week 13 SAML Applied Cryptography SAML and XACML Mike McCarthy Week 13.
Copyright B. Wilkinson, 2008. This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Similar presentations

Ads by Google