Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented at: Demonstrations and Prototypes TIM 7 Presented by: Dominic Timoteo / Shoeb Jafri SWIM Implementation Team May 04, 2011 Federal Aviation Administration.

Published byBrian Brooks Modified over 9 years ago

Similar presentations

Presentation on theme: "Presented at: Demonstrations and Prototypes TIM 7 Presented by: Dominic Timoteo / Shoeb Jafri SWIM Implementation Team May 04, 2011 Federal Aviation Administration."— Presentation transcript:

1 Presented at: Demonstrations and Prototypes TIM 7 Presented by: Dominic Timoteo / Shoeb Jafri SWIM Implementation Team May 04, 2011 Federal Aviation Administration SWIM Web Service Security Conformance Test Kit (CTK)

2 Demonstrations & Prototypes TIM 7 – SWIM Security CTK 2 Federal Aviation Administration May 04, 2011 What is CTK? The CTK is a testing tool that can be used to gauge that a message sender and/or message recipient meets the Web Service security requirements mandated by SWIM policy and described in the “SWIM Web Service Security Specification.” These policies have been created to: –simplify the integration and management of services in the NAS, –increase the flexibility of the NAS system-of-systems architecture, and –enable consistent approaches to service security and management. Prototype for SWIM Segment 2

3 Demonstrations & Prototypes TIM 7 – SWIM Security CTK 3 Federal Aviation Administration May 04, 2011 CTK WHY, WHEN, WHERE & HOW WHY? To test for Service & Client compliance with any SWIM Web Service Security profile specified in the SWIM Web Service Security Specification so potential problems in security implementations are identified and resolved as soon as possible WHEN? During the National Airspace System Service Registry/Repository (NSRR) Development lifecycle stage WHERE? To be run by the developers at their site against their developed Web Service HOW? Attach/Upload generated compliance report to NSRR for approval by SWIM Governance Note: Actional Team Server is run during the NSRR Verification lifecycle stage to check for SWIM Web Service-Interoperability (WS-I) Profile compliance. SWIM Service Lifecycle Stages

4 Demonstrations & Prototypes TIM 7 – SWIM Security CTK 4 Federal Aviation Administration May 04, 2011 CTK - Goals And Key Concepts Provide capabilities to validate Web Services security profiles according to SWIM Web Service Security Specification –Transport Level Security (TLS) –WS-Security Username Token (UT) –WS-Security Binary Security Token (BST) –Security Assertion Markup Language Token (SAML) Provide capabilities to demonstrate application and enforcement of SWIM security policies –Using WSDL that includes WS-Policy attachments –Creating validation report –Including positive/negative test suites Provide capabilities to validate 3 rd party service providers –Security Token Service (STS)

5 Demonstrations & Prototypes TIM 7 – SWIM Security CTK 5 Federal Aviation Administration May 04, 2011 SWIM SECURITY PROFILES

6 Demonstrations & Prototypes TIM 7 – SWIM Security CTK 6 Federal Aviation Administration May 04, 2011 SECURITY PROFILE APPLICATION MATRIX

7 Demonstrations & Prototypes TIM 7 – SWIM Security CTK 7 Federal Aviation Administration May 04, 2011 CTK – Testing Contexts Summary Multiple testing contexts (8) –Implemented on FUSE ESB 4.2, using FUSE Services Framework and FUSE Mediation Router

8 Demonstrations & Prototypes TIM 7 – SWIM Security CTK 8 Federal Aviation Administration May 04, 2011 Driver 3 rd Party Service connected to CTK-Client

9 Demonstrations & Prototypes TIM 7 – SWIM Security CTK 9 Federal Aviation Administration May 04, 2011 Client-Server over HTTPS using BST Purpose: validate both client and server –SWIM WSS Profile: BST –Client and server protocol: HTTPS Setup / Configuration: –Direct Proxy Context CTK Harness: Proxy CTK Test Suite; BST Result –51 exchanges with expected pass/failure

10 Demonstrations & Prototypes TIM 7 – SWIM Security CTK 10 Federal Aviation Administration May 04, 2011 REPORT: Test Result Summary: Client-Server over HTTPS using BST

11 Demonstrations & Prototypes TIM 7 – SWIM Security CTK 11 Federal Aviation Administration May 04, 2011 REPORT: Test Suite Results Summary

12 Demonstrations & Prototypes TIM 7 – SWIM Security CTK 12 Federal Aviation Administration May 04, 2011 REPORT: Message Exchange PASS Results

13 Demonstrations & Prototypes TIM 7 – SWIM Security CTK 13 Federal Aviation Administration May 04, 2011 REPORT: Message Exchange FAIL Results

14 Demonstrations & Prototypes TIM 7 – SWIM Security CTK 14 Federal Aviation Administration May 04, 2011 REPORT: Request PASS Result

15 Demonstrations & Prototypes TIM 7 – SWIM Security CTK 15 Federal Aviation Administration May 04, 2011 REPORT: Request FAIL Result

16 Demonstrations & Prototypes TIM 7 – SWIM Security CTK 16 Federal Aviation Administration May 04, 2011 REPORT: Message

Download ppt "Presented at: Demonstrations and Prototypes TIM 7 Presented by: Dominic Timoteo / Shoeb Jafri SWIM Implementation Team May 04, 2011 Federal Aviation Administration."

Similar presentations

Presented to: By: Date: Federal Aviation Administration Registry/Repository in a SOA Environment SOA Brown Bag #5 SWIM Team March 9, 2011.

Presented to: By: Date: Federal Aviation Administration Registry/Repository in a SOA Environment SOA Brown Bag #5 SWIM Team March 9, 2011.
Web Service Security CS409 Application Services Even Semester 2007.

Web Service Security CS409 Application Services Even Semester 2007.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
WS-Security TC Christopher Kaler Kelvin Lawrence.

WS-Security TC Christopher Kaler Kelvin Lawrence.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Core Web Service Security Patterns

Core Web Service Security Patterns
WSDL Homework - Plenio. WSDL - Structure Source: w3schools.com.

WSDL Homework - Plenio. WSDL - Structure Source: w3schools.com.
Extending Web Applications with Web Services Mike Taulty Developer & Platform Group Microsoft Ltd

Extending Web Applications with Web Services Mike Taulty Developer & Platform Group Microsoft Ltd
Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director

Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director
Web services security I

Web services security I
GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.

GFIPM Web Services Concept and Normative Standards GFIPM Delivery Team Meeting November 2011.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Methodology and Tools for End-to-End SOA Configurations By: Fumiko satoh, Yuichi nakamura, Nirmal K. Mukhi, Michiaki Tatsubori, Kouichi ono.

Methodology and Tools for End-to-End SOA Configurations By: Fumiko satoh, Yuichi nakamura, Nirmal K. Mukhi, Michiaki Tatsubori, Kouichi ono.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
SNIA/SSIF KMIP Interoperability Proposal. What is the proposal? Host a KMIP interoperability program which includes: – Publishing a set of interoperability.

SNIA/SSIF KMIP Interoperability Proposal. What is the proposal? Host a KMIP interoperability program which includes: – Publishing a set of interoperability.
Identity Management Report By Jean Carreon and Marlon Gonzales.

Identity Management Report By Jean Carreon and Marlon Gonzales.

Similar presentations

Ads by Google