Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Services Security Kerry Champion CTO, Westbridge Technology June 8, 2004.

Published byImogene Mathews Modified over 9 years ago

Similar presentations

Presentation on theme: "Web Services Security Kerry Champion CTO, Westbridge Technology June 8, 2004."— Presentation transcript:

1 Web Services Security Kerry Champion CTO, Westbridge Technology June 8, 2004

2 Successful Internet Standards Person SMTP S/MIME Instant Messaging PersonProgram HTML DHTML Applets XML Schema SOAP WSDL WS-Security Broadly Accepted Loosely Coupled Cross Organization Extensible

3 Service-Oriented Architecture (SOA) organizing business systems as reusable components not fixed processes SOA = standards based + loosely-coupled + robust Reusable =

4 Diverse Web Services XML allows all to play Most heavily used Services have most primitive standards support. Systems doing billions in transactions today began development 18+ months ago New code written with current version of J2EE and.NET Legacy applications, Packaged applications, Specialized devices

5 Diverse Service Consumers Outsourced Call Center Accounts Receivable On-line Marketing Programs Employees’ Contact Managers Independent Agents Common Customer Data Repository

6 Key Characteristics Thousands of distinct consumers Identity of human that triggered the request is commonly used in program-to-program communication Spread over hundreds of organizations With different tools and IT teams. In practice it is unknowable to service what tools will be used by consumer. At different levels of standards support XML Schema, SOAP, WSDL, WS- Security, WS-Policy Outsourced Call Center Accounts Receivable On-line Marketing Programs Employees’ Contact Managers Independent Agents Common Customer Data Repository

7 Key Characteristics With different network architectures and transports in use HTTP, HTTPS, MQ, TIBCO, JMS With different security mechanisms deployed Authentication, encryption, signature, content scanning, malicious attack protections, message validation With identity data in multiple non- federated systems Directories, ID management systems, certificates supported by PKIs, single sign-on systems, etc. Outsourced Call Center Accounts Receivable On-line Marketing Programs Employees’ Contact Managers Independent Agents Common Customer Data Repository

8 Key Question How do you secure all Web Services while enabling appropriate access, given diversity of security mechanisms and policies?

9 What to do –Make every endpoint behave the same way –Make single repository for all shared data –Make every endpoint capable of behaving every way –Negotiate preferences at runtime –Have federated sharing across multiple repositories –Use infrastructure to define Service Views –Services and consumers stay as is –Service View abstraction layer mediates between them Naïve Response Elegant Response Practical Response

10 Service Views Present Secure Interfaces Each Service View Provide instant security, interoperability, monitoring, routing, and auditing Enables contracts between consumer and provider supporting local and global policies Automatically supports latest standards Support instant interoperability Leverage existing infrastructure Hide back end complexity Requires No Change of Base Services Service View.NET J2EE Packaged App Legacy System ESB, MQ,JMS Composite Services Security for SOA Infrastructure Security Management Standards Interoperability XML Acceleration SOA Related Infrastructure Flexible Deployment Scalable Administration Auth Directory Identity Mgmt PKI Network Mgmt UDDI System Mgmt

11 Advantages of Service Views design Base web service does not change Consumer does not change Service View appears as native web service to consumer Allows different security mechanism assumptions at service and consumer Allows different standards assumptions at service and consumer Allows different transport assumption at service and consumer Offloads from service developer need to support full range of security standards and mechanisms Is deployable today Implements loose-coupling while satisfying practical requirements

12 Implementation of Secure Service Views Needed Web Services infrastructure goes by many names: Service Virtualization, Web Services Management Platform, XML Firewall, SOAP Gateway, Web Service Gateway, etc. etc. Multiple vendors provide offerings Key Review Criteria: Security Monitor, Report, Alert Interoperability Interface Management

13 Security Authentication, Access Control Encryption, Signature Malicious Attack, Content Inspection Schema Validation, Standards Westbridge XMS Service Consumer Existing Security Infrastructure Web Service Network Firewall Authentication, Access Control Authorities, RSA, Oblix, Netegrity, LDAP, SAML,X.509, HTTP, Authentication, Active Directory, PKI Infrastructure, CRL, OCSP, 3DES, SHA, XML Encryption, XML Signature, WS Security Existing Security Infrastructure Network Attack Application Attack HTTP JMS MQ HTTPS

14 Last Request Latency Messages per Second Avg. Message Size Failed Requests SLA Monitoring Troubleshooting Perf. Monitoring Real-time View Malicious Attacks Requests > $10,000 Authorization Failed Weekend Activity Audit Trails Regulatory Debugging SLA Reporting Malicious Attack Paging Exceed Message Rate sends SNMP Trap Triggers Exceptions Debugging SLA Enforcement Example Benefits Monitor, Report, Alert Variety of status notifications can be utilized Service Tracker Monitors connected services SAP Mainframe.NET PeopleSoft J2EE MS Excel Monitoring ReportingAlerting Service Tracker

15 Interoperability Standards Support XML, SOAP, WSDL.NET, SunOne, IBM, WS-I, Oasis, W3C, BEA, Oracle, Microsoft, etc. Transport –HTTP, HTTPS (SSL), JMS, MQ, Tibco Security –XML Signature, signatures (RSA-SHA1, DSA SHA1), XML Encryption, encryption (RSA Keys, 3DES, AES, 128/192/256 bit keys), –SAML, LDAP, WS-Security, HTTP-based authentication –Active Directory, XKMS, OCSP, PKI Infrastructure (including PKCS#7, #10, #11, #12), CRL, X.509 Certificates, XML –XML Schema, DTD –XPath, XSLT –Alerting: SNMP and SMTP Data Transformation Routing Transport Mediation Credential Mapping X.509Liberty XMS Gateway SAMLLDAPWS Sec.Etc… Web Services XMS Gateway Web Service XMS Gateway Web ServicesWeb Service Web Services Service Consumer

16 Interface Management Publishing Workflow Service Upgrades Provisioning Versioning XMS Manager Configure StageTest Publish Customers Partners Sales Web Service Service View

17 Summary Real-world considerations create barriers to the loosely- coupled vision of Web Services and SOA, while maintaining required security. The “naïve” response creates tight-coupling and does not scale up The “elegant” response requires a couple more generations of standards and tools development The “practical” response uses current tools to implement Service Views.

Download ppt "Web Services Security Kerry Champion CTO, Westbridge Technology June 8, 2004."

Similar presentations

Managing Service-Oriented Architectures Jim Bole VP Professional Services Infravio, Inc. 408-861-3003 June 7,

Managing Service-Oriented Architectures Jim Bole VP Professional Services Infravio, Inc June 7,
0 McLean, VA August 8, 2006 SOA, Semantics and Security.

0 McLean, VA August 8, 2006 SOA, Semantics and Security.
Service Oriented Architecture Terry Woods Session 50.

Service Oriented Architecture Terry Woods Session 50.
Web Services Security Enterprise Architect Summit – 2004 Mark O’Neill CEO.

Web Services Security Enterprise Architect Summit – 2004 Mark O’Neill CEO.
Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.

Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.
Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,

Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Oracle Fusion Middleware

Oracle Fusion Middleware
Service Oriented Architecture Concepts March 27, 2006 Chris Armstrong

Service Oriented Architecture Concepts March 27, 2006 Chris Armstrong
Federal Student Aid Technical Architecture Initiatives Sandy England

Federal Student Aid Technical Architecture Initiatives Sandy England
Independent Insight for Service Oriented Practice www.cbdiforum.com Communicating SOA.

Independent Insight for Service Oriented Practice Communicating SOA.
Leveraging Technology to Enhance PeopleSoft Web Services (SOA) System Efficiency Lorne Kaufman, Managing Director.

Leveraging Technology to Enhance PeopleSoft Web Services (SOA) System Efficiency Lorne Kaufman, Managing Director.
SOA with Progress Philipp Walther Consultant. © 2007 Progress Software Corporation2 Agenda  SOA  Enterprise Service Bus (ESB)  The Progress SOA Portfolio.

SOA with Progress Philipp Walther Consultant. © 2007 Progress Software Corporation2 Agenda  SOA  Enterprise Service Bus (ESB)  The Progress SOA Portfolio.
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.

6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
CSC-8530: Distributed Systems Christopher Salembier 28-Oct-2009.

CSC-8530: Distributed Systems Christopher Salembier 28-Oct-2009.
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
Security in Service Oriented and REST architectures SiliconIndia Java Conference, Nimhans, Bangalore 29 Oct 2010 Srinivas Padmanabhuni, Ph.D. Principal.

Security in Service Oriented and REST architectures SiliconIndia Java Conference, Nimhans, Bangalore 29 Oct 2010 Srinivas Padmanabhuni, Ph.D. Principal.
Realising the Potential of Service Oriented Architecture Kris Horrocks Connected Systems Division Microsoft.

Realising the Potential of Service Oriented Architecture Kris Horrocks Connected Systems Division Microsoft.
Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director

Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director
Peoplesoft: Building and Consuming Web Services

Peoplesoft: Building and Consuming Web Services

Similar presentations

Ads by Google