Presentation is loading. Please wait.

Presentation is loading. Please wait.

Prashanth Kumar Muthoju

Published byRosalyn Cannon Modified over 9 years ago

Similar presentations

Presentation on theme: "Prashanth Kumar Muthoju"— Presentation transcript:

1 Prashanth Kumar Muthoju
WEB SERVICES SECURITY Prashanth Kumar Muthoju

2 Agenda Web Services Web Services Security Examples WSE 2.0 DEMO Q & A

3 Web Service ? 1. A Web Service is a software component that is described via WSDL and is capable of being accessed via standard network protocols such as but not limited to SOAP over HTTP. 2. A Web service is an application that: Runs on a Web server Exposes Web methods to interested callers Listens for HTTP requests representing commands to invoke Web methods Executes Web methods and returns the results -for more info… What web services can do for you (video presentation):

4 Web Services In a Nutshell
Transport (TCP/IP, UDP,…) Transfer (HTTP, SMTP, …. ) XML + Namespaces + Information Set SOAP WS Routing Referral Security XML Schema RDF?, DAML?... Subscribe Search Register WSCI BPEL4WS WSDL WS messaging WS descriptions WS discovery Envelope (MIME, DIME, BEEP, …. ) Canonical XML XML Encryption XML Signature WS Coordination WS Transaction UDDI WS-Inspection SAML License

5 Web Services As usage grows, need for Security increases
Interoperability Ease of consumption Use of Standard protocols As usage grows, need for Security increases

6 Web Services Security Authentication Protocol level Security
Message level Security

7 Authentication – types:
Direct Brokered

8 Message Protection: Data Confidentiality:
Encryption Keys Preventing a hacker from manipulating messages in transit Data Origin Authentication: Data Integrity – data tampered? Authenticity – is it from original sender?

9 XML messages convey security information
Credentials Digital signatures Messages can be encrypted Client Transport Service Any Transport XML Security is independent from transport protocol

10 Protocol Level Security:
Security implemented in protocol itself SSL

11 Web Services Enhancements (WSE 2.0):
It is a supported add-on for Microsoft VS.NET and .NET framework Provides advanced Web Service capabillities Download at For easy development of secure web services according to specifications by Microsoft

12 WS-* Specifications:

13 Security Specification:
WS-Security: SOAP Message Security WS-Security: UsernameToken Profile WS-Security: X.509 Certificate Token Profile WS-SecureConversation WS-SecurityPolicy WS-Trust WS-Federation WS-Federation Active Requestor Profile WS-Federation Passive Requestor Profile WS-Security: Kerberos Binding Web Single Sign-On Interoperability Profile Web Single Sign-On Metadata Exchange Protocol    More info:

14 Username Tokens: Simple method of conveying username
Password is used to generate a secret key for signing and encrypting Password can be sent as plaintext or digest Digest uses timestamp value valid within a time window WSE provides built-in replay detection mechanism WSE automatically creates Windows Principal for plain-text passwords

15 DEMO Web Service Security using:
1. Windows Integrated Authentication 2. Windows Basic Authentication 3. SOAP header based authentication Using WSE 2.0: Using Username Tokens Using Kerberos Tokens (only code)

16 CONCLUSION: With use of Enhanced add-ons like WSE, .NET can provide more secure web services.

17 REFERENCES: Wrox: Beginning ASP.NET

18 Q & A

19 Thank you !

Download ppt "Prashanth Kumar Muthoju"

Similar presentations

OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.

OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.
Siebel Web Services Siebel Web Services March, From

Siebel Web Services Siebel Web Services March, From
cetis Really Complex Web Service Specifications Scott Wilson.

cetis Really Complex Web Service Specifications Scott Wilson.
Web Services Nasrullah. Motivation about web service There are number of programms over the internet that need to communicate with other programms over.

Web Services Nasrullah. Motivation about web service There are number of programms over the internet that need to communicate with other programms over.
A Public Web Services Security Framework Based on Current and Future Usage Scenarios J.Thelin, Chief Architect PJ.Murray, Product Manager Cape Clear Software.

A Public Web Services Security Framework Based on Current and Future Usage Scenarios J.Thelin, Chief Architect PJ.Murray, Product Manager Cape Clear Software.
Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.

Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.
SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.

SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
WS-Security TC Christopher Kaler Kelvin Lawrence.

WS-Security TC Christopher Kaler Kelvin Lawrence.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.

Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.
Core Web Service Security Patterns

Core Web Service Security Patterns
Making VLAB Secure Javier I. Roman. What is VLAB?  An interdisciplinary consortium dedicated to the development and promotion of the theory of planetary.

Making VLAB Secure Javier I. Roman. What is VLAB?  An interdisciplinary consortium dedicated to the development and promotion of the theory of planetary.
© 2007 Charteris plc20 June 2015 1 1 Extending Web Service Security with WS-* Presented by Chris Seary MVP Charteris plc, 39-40 Bartholomew Close, London.

© 2007 Charteris plc20 June Extending Web Service Security with WS-* Presented by Chris Seary MVP Charteris plc, Bartholomew Close, London.
Web Services Seppo Heikkinen MITA seminar/TUT 5.11.2003.

Web Services Seppo Heikkinen MITA seminar/TUT
Extending Web Applications with Web Services Mike Taulty Developer & Platform Group Microsoft Ltd

Extending Web Applications with Web Services Mike Taulty Developer & Platform Group Microsoft Ltd
Web services security I

Web services security I
Web Service Standards, Security & Management Chris Peiris www.ChrisPeiris.com.

Web Service Standards, Security & Management Chris Peiris
XML Web Services in Visual Studio.NET Peter Ty Developer Evangelist.NET and Developer Group.

XML Web Services in Visual Studio.NET Peter Ty Developer Evangelist.NET and Developer Group.
Web services: Why and How OOPSLA 2001 F. Curbera, W.Nagy, S.Weerawarana Nclab, Jungsook Kim.

Web services: Why and How OOPSLA 2001 F. Curbera, W.Nagy, S.Weerawarana Nclab, Jungsook Kim.

Similar presentations

Ads by Google