Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Services Security INFOSYS 290, Section 3 Web Services: Concepts, Design and Implementation Adam Blum

Published byJessica James Modified over 8 years ago

Similar presentations

Presentation on theme: "Web Services Security INFOSYS 290, Section 3 Web Services: Concepts, Design and Implementation Adam Blum"— Presentation transcript:

1 Web Services Security INFOSYS 290, Section 3 Web Services: Concepts, Design and Implementation Adam Blum ablum@good.com

2 Agenda Security Issues with Web Services WS-Security –XML Signature –XML Encryption Tool Support

3 Security Issues Addressed by WS-Security Identity –Authentication –Authorization Integrity Confidentiality

4 Terms Proof-of-possession – data to demonstrate knowledge by sender that should only be known by claimed sender Integrity – process to guarantee no modification in transit Confidentiality - process by which data is protected such that only authorized actors can view data Digest - cryptographic checksum of content Signature - binding of proof of possession and digest

5 Message with Token Zoe

6 …a Digital Signature LyLsF0Pi4wPU... DJbchm5gK...

7 …and a Body – QQQ –

8 Identity

9 Message Security Model Security tokens - assert claims Signatures –Provide mechanism for proving sender’s knowledge of key –Associate signature with claims in the security token Endorsed Claims –Represented as security tokens signed by a trusted authority –X.509 certificate claims a binding between one’s identity and a public key Unendorsed claims –Can be trusted if there is trust relationship between sender and receiver –Proof of possession claim – e.g. username/password

10 Username Token Example... ablum lauren......

11 Security Tokens Binary Security Tokens MIIEZzCCA9CgAwIBAgIQEmtJZc0... - or X509 (note that there is thus no guarantee of interoperability) Security Token References

12 Integrity

13 Signatures determine whether a message was altered in transit Verify that message was sent by possessor of particular security token

14 XML Signature ( ( )? )+ ( )? ( )*

15 CanonicalizationMethod A way to guarantee that two equivalent bits of XML are represented the same so that they can be signed Algorithms used for this Identifier for REQUIRED Canonical XML (omits comments): –http://www.w3.org/TR/2001/REC-xml-c14n-20010315http://www.w3.org/TR/2001/REC-xml-c14n-20010315 Identifier for Canonical XML with Comments: –http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithCommentshttp://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments An example of an XML canonicalization element is:

16 SignatureMethod Algorithm used to create digital signature Required –Secure Hash Algorithm-1 with Digital Signature Algorithm

17 Reference Element Digest algorithm Digest value Optional identifier of object being signed Optional transforms applied prior to digesting With SOAP –Signed parts of SOAP message –Base64-encoded –SHA1 algorithm

18 Elements Outside SignedInfo SignatureValue –Base64 encoded bytes making up digital signature KeyInfo –Indicates what key should be used to validate signature –Can be embedded, referenced or left out entirely

19 Signature Example [s02] [s10] j6lwx3rvEPO0vKtMup4NbeVu8nk= MC0CFFrVLtRlk=... [s15c]............

20

21 Confidentiality

22 Encryption Components xenc:ReferenceList –Manifest of encrypted elements in message xenc:EncryptedData –Contains encrypted elements

23 Encryption Example (Shared Secret) CN=Hiroshi Maruyama, C=JP...

24 Encrypting Keys Encrypt elements with key Encrypt key with recipient’s key Embed in header E.g. encrypting with randomly generated symmetric key that is encrypted with recipients public key

25 Encrypting with Encrypted Key CN=Hiroshi Maruyama, C=JP... /wsse:Security> CN=Hiroshi Maruyama, C=JP...

26

27 WS-Security Specs WS-Security –http://www- 128.ibm.com/developerworks/webservices/libr ary/ws-secure/http://www- 128.ibm.com/developerworks/webservices/libr ary/ws-secure/ XML Signature –http://www.w3.org/TR/xmldsig-core/http://www.w3.org/TR/xmldsig-core/

28 Microsoft WSE 3.0 Turnkey Security Scenarios –Username over Transport –Username over Certificate –Anonymous over Certificate –Mutual Certificate –Kerberos (Windows)

29 WSE 3.0 Named Policies [WebService(Namespace = "http://stockservice.contoso.com/wse/samples/2005/10")] [Policy("ServerPolicy")] public class WSSecurityUsernameService : System.Web.Services.WebService { – public WSSecurityUsernameService() { } –[WebMethod] public List StockQuoteRequest([XmlArray(), XmlArrayItem("Symbol"] string[] symbols) { // Business logic here –} }

Download ppt "Web Services Security INFOSYS 290, Section 3 Web Services: Concepts, Design and Implementation Adam Blum"

Similar presentations

Web Service Security CS409 Application Services Even Semester 2007.

Web Service Security CS409 Application Services Even Semester 2007.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.

Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
WS-Security TC Christopher Kaler Kelvin Lawrence.

WS-Security TC Christopher Kaler Kelvin Lawrence.
Core Web Service Security Patterns

Core Web Service Security Patterns
Making VLAB Secure Javier I. Roman. What is VLAB?  An interdisciplinary consortium dedicated to the development and promotion of the theory of planetary.

Making VLAB Secure Javier I. Roman. What is VLAB?  An interdisciplinary consortium dedicated to the development and promotion of the theory of planetary.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
© 2007 Charteris plc20 June 2015 1 1 Extending Web Service Security with WS-* Presented by Chris Seary MVP Charteris plc, 39-40 Bartholomew Close, London.

© 2007 Charteris plc20 June Extending Web Service Security with WS-* Presented by Chris Seary MVP Charteris plc, Bartholomew Close, London.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Web Service Security CSCI5931 Web Security Instructor: Dr. T. Andrew Yang Student: Jue Wang.

Web Service Security CSCI5931 Web Security Instructor: Dr. T. Andrew Yang Student: Jue Wang.
Web services security I

Web services security I
Prashanth Kumar Muthoju

Prashanth Kumar Muthoju
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
1 Web Services Security XML Encryption, XML Signature and WS-Security.

1 Web Services Security XML Encryption, XML Signature and WS-Security.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
X.509 Certificate management in.Net By, Vishnu Kamisetty

X.509 Certificate management in.Net By, Vishnu Kamisetty
Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.

Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

Similar presentations

Ads by Google