Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.

Published byStephen Martin Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume."— Presentation transcript:

1 Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume

2 Secure Systems Research Group - FAU Outline Introduction Patterns for Web Services Security Standards WS-Security Conclusions

3 Secure Systems Research Group - FAU Introduction Web services standards are confusing which makes it difficult for vendors to develop products that comply with standards and for users to decide what product to use. That is why we need to develop patterns for these standards. – Patterns embody the knowledge and experience of software developers about a recurrent problem. A pattern solves a specific problem in a given context and can be tailored to fit different situations.

4 Secure Systems Research Group - FAU Existing Patterns for WS Security Standards XACML (eXtensible Access Control Markup Language) Policy Language XACML Access Control Evaluation WSPL (Web Service Policy Language) WS-Policy SAML (Security Assertion Markup Language)

5 Secure Systems Research Group - FAU Web Services Security Standards without Patterns SPML (Service Provisioning Markup Language) WS-Security XML digital signature XML encryption XKMS (XML Key Management Specification) XrML (Extensible Rights Management Language) XCBF (XML Common Biometric Format) WS- Authorization WS-Encryption WS-Federation Language WS-Federation: Active Requestor Profile WS-Federation: Passive Requestor Profile WS-Signature WS-Privacy WS-SecureConversation WS-Security Kerberos Binding WS-SecurityPolicy WS-Trust 1.3

6 Secure Systems Research Group - FAU WS-Security Standard Originally developed by IBM, Microsoft, VeriSign, and Forum Systems. OASIS Specification Latest Version: WS-Security 1.1 Approved on February 2006

7 Secure Systems Research Group - FAU WS-Security Standard Security Header: – The header block provides a mechanism for attaching security-related message information.

8 Secure Systems Research Group - FAU WS-Security Standard WS-Security Specification provides three main mechanisms: – The ability to send security tokens as part of a message – Message integrity – is provided by XML Signature – Message confidentiality – is provided by XML Encryption

9 Secure Systems Research Group - FAU Security Tokens WS-Security defines how security tokens are attached to messages. There are different types of security tokens: – UsernameToken – Binary Security Tokens – XML Tokens

10 Secure Systems Research Group - FAU UsernameToken Profile The UsernameToken propagates a username and a password (optional)

11 Secure Systems Research Group - FAU Binary Security Tokens WS-Security provides a element that can be included in the header block. The following is an overview of the syntax: Examples X.509 certificates Kerberos tickets

12 Secure Systems Research Group - FAU XML Tokens XML Tokens are offered in two formats: – Security Assertion Markup Language (SAML) – Extensible rights Markup Language (XrML) Example of a WS Security with a SAML assertion Token

13 Secure Systems Research Group - FAU Signatures Digital signatures provide message integrity and authentication. WS-Security builds on XML Signature. This specification describes: – Signing Messages – Signing Tokens

14 Secure Systems Research Group - FAU Signing Messages To add signature to a block, a element conforming to the XML Signature specification must be present in the header block.

15 Secure Systems Research Group - FAU Signing Tokens WS-Security allows different tokens to have their own unique reference.

16 Secure Systems Research Group - FAU Encryption WS-Security allows encryption of the body and header blocks by either a common symmetric key shared by the producer and the recipient or a symmetric key carried in the message in an encrypted form. WS-Security leverages the XML Encryption standard. This specification describes how the two elements and can be used within the header block.

17 Secure Systems Research Group - FAU Encryption The element that needs to be encrypted must be replaced by a corresponding.

18 Secure Systems Research Group - FAU Encryption When the encryption involves encrypting element contents within a SOAP envelope with a symmetric key, that is encrypted and embedded in the message, may be used for carrying such an encrypted key.

19 Secure Systems Research Group - FAU Encryption

20 Secure Systems Research Group - FAU Class Diagram for WS-Security

21 Secure Systems Research Group - FAU Conclusion We need to develop more patterns for web services security standards. A good catalog of patterns is needed. We also need pattern classification and selection approaches, e.g. pattern map, policy to pattern mapping.

Download ppt "Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume."

Similar presentations

0 Web Service Security JongSu Bae. 1  Introduction 2. Web Service Security 3. Web Service Security Mechanism 4. Tool Support 5. Q&A  Contents.

0 Web Service Security JongSu Bae. 1  Introduction 2. Web Service Security 3. Web Service Security Mechanism 4. Tool Support 5. Q&A  Contents.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
WS-Security TC Christopher Kaler Kelvin Lawrence.

WS-Security TC Christopher Kaler Kelvin Lawrence.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
Secure Web Services Akylbek Zhumabayev Rochester Institute of Technologies.

Secure Web Services Akylbek Zhumabayev Rochester Institute of Technologies.
Web services security I

Web services security I
Prashanth Kumar Muthoju

Prashanth Kumar Muthoju
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
1 Web Services Security XML Encryption, XML Signature and WS-Security.

1 Web Services Security XML Encryption, XML Signature and WS-Security.
Security COMP6017 Topics on Web Services Dr Nicholas Gibbins – 2012-2013.

Security COMP6017 Topics on Web Services Dr Nicholas Gibbins –
Web Service Standards, Security & Management Chris Peiris www.ChrisPeiris.com.

Web Service Standards, Security & Management Chris Peiris
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.

WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.

Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.
Secure Systems Research Group - FAU Using patterns to compare web services standards E. Fernandez and N. Delessy.

Secure Systems Research Group - FAU Using patterns to compare web services standards E. Fernandez and N. Delessy.
Secure Systems Research Group - FAU Web Services Cryptographic Patterns Presented by Keiko Hashizume Advisor: Prof. Eduardo Fernandez.

Secure Systems Research Group - FAU Web Services Cryptographic Patterns Presented by Keiko Hashizume Advisor: Prof. Eduardo Fernandez.
WS-Trust Joseph Calandrino Vincent Noël Department of Computer Science University of Virginia February 9, 2004.

WS-Trust Joseph Calandrino Vincent Noël Department of Computer Science University of Virginia February 9, 2004.
17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.

17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.

Similar presentations

Ads by Google