Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2007 Charteris plc20 June 2015 1 1 Extending Web Service Security with WS-* Presented by Chris Seary MVP Charteris plc, 39-40 Bartholomew Close, London.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2007 Charteris plc20 June 2015 1 1 Extending Web Service Security with WS-* Presented by Chris Seary MVP Charteris plc, 39-40 Bartholomew Close, London."— Presentation transcript:

1 © 2007 Charteris plc20 June 2015 1 1 Extending Web Service Security with WS-* Presented by Chris Seary MVP Charteris plc, 39-40 Bartholomew Close, London EC1A 7JN

2 © 2007 Charteris plc20 June 2015 2 2 Vision Secure communications –Confidentiality –Integrity –Availability

3 © 2007 Charteris plc20 June 2015 3 3 Confusion Network protocol security Message layer security ? ?? ? ?

4 © 2007 Charteris plc20 June 2015 4 4 Coming up Clarification What are the different types of security provided by networking protocols? What does message level security add? Suggestions on which to choose How to do it using WCF

5 © 2007 Charteris plc20 June 2015 5 5 What is WS-Security? Message layer security Standards based (OASIS) WS-* –WS-Security –WS-Addressing –Etc.

6 © 2007 Charteris plc20 June 2015 6 6 How do we implement it? WCF provides a framework for programming WS-* –Authentication –Encryption –Non-repudiation –Digital signatures –Etc.

7 © 2007 Charteris plc20 June 2015 7 7 Message security versus network protocol security What do we mean by –Message –Network protocol Confusion due to naming!

8 © 2007 Charteris plc20 June 2015 8 8 Network protocols TCP/IP stack Refers to network communications

9 © 2007 Charteris plc20 June 2015 9 9 Network protocols Security Applied here TCP/IP stack Refers to network communications

10 © 2007 Charteris plc20 June 2015 10 Network protocols Security Applied here Unsecured data TCP/IP stack Refers to network communications

11 © 2007 Charteris plc20 June 2015 11 Network protocols Data is only protected during transit Security Applied here Unsecured data

12 © 2007 Charteris plc20 June 2015 12 Network protocols Security Applied here Unsecured data HTTPS FTPS

13 © 2007 Charteris plc20 June 2015 13 Network protocols Security Applied here Unsecured data IPSec

14 © 2007 Charteris plc20 June 2015 14 Network protocols Security Applied here Unsecured data PPP uses PAP CHAP MS-CHAP EAP

15 © 2007 Charteris plc20 June 2015 15 Network protocols SSL –Confidentiality –Integrity –Authenticates USERS Basic Windows Etc. –Various apps FTP SQL Server libraries

16 © 2007 Charteris plc20 June 2015 16 Network protocols IPSec –Confidentiality –Integrity –Authenticates HOSTS Kerberos Shared password (don’t do this in production!) Certificates –VPN with L2TP

17 © 2007 Charteris plc20 June 2015 17 Demo SSL in IIS IPSec

18 © 2007 Charteris plc20 June 2015 18 Message security Protects data that is sent Security Applied here (encrypt) Secure data Security Applied here (decrypt)

19 © 2007 Charteris plc20 June 2015 19 Message security More granular Can use application level tools End to end Security Applied here (encrypt) Secure data Security Applied here (decrypt)

20 © 2007 Charteris plc20 June 2015 20 Integrity –Message not altered in transit –WS-*, SSL, IPSec all give this

21 © 2007 Charteris plc20 June 2015 21 Non-repudiation Digital signatures –Gives assurance that message was sent by the signer –WS-* gives digital signature –SSL and IPSec do not

22 © 2007 Charteris plc20 June 2015 22 Confidentiality Encryption –Only recipient can read message –Both SSL, IPSec and WSE provide this –WS-* provides more granular functionality Custom policy assertion can encrypt/sign specific parts of a message Intrusion Detection Systems may disallow SSL or IPSec

23 © 2007 Charteris plc20 June 2015 23 Authentication IPSec –Kerberos, shared key, certificates SSL –Basic, Windows, Digest, Certs WS-* –Username/password, Certs, Custom, Kerberos

24 © 2007 Charteris plc20 June 2015 24 Policy WS-* can be applied via –Configuration –Code –A mixture of configuration and code Policy is configuration

25 © 2007 Charteris plc20 June 2015 25 Policy WCF offers readymade policy objects –‘turnkey’ approach that began with WSE 3.0

26 © 2007 Charteris plc20 June 2015 26 Demo SOAP WS-Security Encryption Digital Signature

27 © 2007 Charteris plc20 June 2015 27 Security and encryption Message Jhbsx^8 Encrypt Decrypt

28 © 2007 Charteris plc20 June 2015 28 Security and encryption Message Jhbsx^8 Encrypt Decrypt Public Private

29 © 2007 Charteris plc20 June 2015 29 Security and encryption Message Jhbsx^8 Encrypt Decrypt Public Private Usually includes encryption of symmetric key!

30 © 2007 Charteris plc20 June 2015 30 Certificates Subject name Serial number Issuer Public key CA signature Attribute 1 Attribute 2 Attribute 3. Certificate

31 © 2007 Charteris plc20 June 2015 31 Certificate store Subject name Serial number Issuer Public key CA signature Attribute 1 Attribute 2 Attribute 3. Certificate Private key

32 © 2007 Charteris plc20 June 2015 32 Certificate store Local machine –Certificates used by system Demo uses Network Service Current user –Logged on user – Windows test harness X509 Certificate Tool –Grants permissions for accessing private keys

33 © 2007 Charteris plc20 June 2015 33 demo Certificate store

34 © 2007 Charteris plc20 June 2015 34 WCF Windows Communication Foundation

35 © 2007 Charteris plc20 June 2015 35 WCF Address Binding Contract

36 © 2007 Charteris plc20 June 2015 36 WCF Address –Endpoint –URL http://localhost/site/service

37 © 2007 Charteris plc20 June 2015 37 WCF Binding –How do we communicate? WS-* HTTP HTTPS Etc.

38 © 2007 Charteris plc20 June 2015 38 WCF Contract –What have we agreed? Methods Parameters –Interface

39 © 2007 Charteris plc20 June 2015 39 WCF ClientService CBA CBA CBA A BC Address Where? Contract What? Binding How? Behavior Endpoints:

40 © 2007 Charteris plc20 June 2015 40 demo Wcf and ws-*

41 © 2007 Charteris plc20 June 2015 41 WS-* Evolution WSE –Tactical –WSE 2.0 -.Net 1.x –WSE 3.0 -.Net 2.0 WCF –Future of communications for Microsoft technologies

42 © 2007 Charteris plc20 June 2015 42 WS-* Interoperability WSE 3.0WCF WSE 2.0WCF

43 © 2007 Charteris plc20 June 2015 43 WCF http://www.netfx3.com/ http://msdn2.microsoft.com/en- us/netframework/aa663324.asphttp://msdn2.microsoft.com/en- us/netframework/aa663324.asp

44 © 2007 Charteris plc20 June 2015 44 WS-Federation Single Sign On Identity Providers 7 laws of identity – Kim Cameron –http://www.microsoft.com/technet/technetmag/issu es/2006/07/7Laws/default.aspx

45 © 2007 Charteris plc20 June 2015 45 WS-Federation

46 © 2007 Charteris plc20 June 2015 46 WS-Federation

47 © 2007 Charteris plc20 June 2015 47 WS-Federation

48 © 2007 Charteris plc20 June 2015 48 WS-Federation

49 © 2007 Charteris plc20 June 2015 49 WS-Federation

50 © 2007 Charteris plc20 June 2015 50 WS-Federation

51 © 2007 Charteris plc20 June 2015 51 WS-Federation

52 © 2007 Charteris plc20 June 2015 52 WS-Federation

53 © 2007 Charteris plc20 June 2015 53 WS-Federation http://technet2.microsoft.com/WindowsSer ver/en/Library/b0f029cb-65ab-44fb-bcfc- 5aa02314e06e1033.mspx?mfr=true

54 © 2007 Charteris plc20 June 2015 54 Summary Protocol – TCP/IP Message – WS-Security Single Sign On – WS-Federation Rapidly advancing technology

55 © 2007 Charteris plc20 June 2015 55 Thank you Presentation and slides –http://blog.searyblog.com/http://blog.searyblog.com/

Download ppt "© 2007 Charteris plc20 June 2015 1 1 Extending Web Service Security with WS-* Presented by Chris Seary MVP Charteris plc, 39-40 Bartholomew Close, London."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Core Web Service Security Patterns

Core Web Service Security Patterns
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
X.509 support in WCF Exploring support for X.509 Certificates in Microsoft’s Windows Communication Foundation Paul Cormier UCCS CS591 Fall 2009.

X.509 support in WCF Exploring support for X.509 Certificates in Microsoft’s Windows Communication Foundation Paul Cormier UCCS CS591 Fall 2009.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
Web services security I

Web services security I
Prashanth Kumar Muthoju

Prashanth Kumar Muthoju
CAMP - June 4-6, 2003 1 Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin 2003. This work is the intellectual property of the authors.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Similar presentations

Ads by Google