Your SlideShare is downloading. ×
0
Pattern For Ws Security
Pattern For Ws Security
Pattern For Ws Security
Pattern For Ws Security
Pattern For Ws Security
Pattern For Ws Security
Pattern For Ws Security
Pattern For Ws Security
Pattern For Ws Security
Pattern For Ws Security
Pattern For Ws Security
Pattern For Ws Security
Pattern For Ws Security
Pattern For Ws Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Pattern For Ws Security

752

Published on

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
752
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
12
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Several organizations are involved in developing web services standards. Each organization has different goals and different degrees of power and influence. Also, there are many vendors who duplicate each other’s work. An alliance of Microsoft and IBM Others such as CA (Computer Associates), HP, and BEA As a result, many standards have been created, they may overlap, and even conflict.
  • Transcript

    1. A Pattern for WS-Security Presented by Keiko Hashizume
    2. Outline <ul><li>Introduction </li></ul><ul><li>A Pattern for WS-Security </li></ul><ul><li>Conclusion </li></ul>
    3. Introduction <ul><li>Web services standards are confusing which makes it difficult for vendors to develop products that comply with standards and for users to decide what product to use. </li></ul><ul><li>That is why we need to develop patterns for these standards. </li></ul><ul><ul><li>Patterns embody the knowledge and experience of software developers about a recurrent problem. A pattern solves a specific problem in a given context and can be tailored to fit different situations. </li></ul></ul>
    4. WS-Security Standard <ul><li>Originally developed by IBM, Microsoft, VeriSign, and Forum Systems. </li></ul><ul><li>OASIS Specification </li></ul><ul><li>Latest Version: WS-Security 1.1 </li></ul><ul><li>Approved on February 2006 </li></ul>
    5. A Pattern for WS-Security <ul><li>WS-Security Standard describes enhancements to SOAP messaging through </li></ul><ul><ul><li>Message Confidentiality </li></ul></ul><ul><ul><li>Message Integrity </li></ul></ul><ul><ul><li>Message Authentication </li></ul></ul><ul><ul><li>Non-repudiation </li></ul></ul><ul><ul><li>Context </li></ul></ul><ul><ul><ul><ul><li>Users of web services send and receive SOAP messages through the Internet. </li></ul></ul></ul></ul>
    6. A Pattern for WS-Security <ul><li>Problem </li></ul><ul><ul><li>Forces: </li></ul></ul><ul><ul><ul><li>We need to prevent unauthorized users from reading data during transit. </li></ul></ul></ul><ul><ul><ul><li>We need to protect data in transit from being modified by attackers. </li></ul></ul></ul><ul><ul><ul><li>We need to verify the producer of the message . </li></ul></ul></ul><ul><ul><ul><li>We need to prevent message replay. </li></ul></ul></ul>
    7. A Pattern for WS-Security <ul><li>Solution </li></ul><ul><ul><li>Use a set of mechanisms to improve security by describing how to add security information in the header part of a message. </li></ul></ul><ul><ul><li>Elements that can be included in the SOAP security header : </li></ul></ul><ul><ul><ul><li>Security tokens </li></ul></ul></ul><ul><ul><ul><li>Encryption </li></ul></ul></ul><ul><ul><ul><li>Digital signature </li></ul></ul></ul><ul><ul><ul><li>Timestamps </li></ul></ul></ul>
    8. <ul><ul><li>Structure - Class Diagram </li></ul></ul>
    9. <ul><ul><li>Dynamics </li></ul></ul><ul><ul><li>Sequence Diagram for the UC: Encrypt an element using Security Tokens </li></ul></ul>
    10. <ul><ul><li>Dynamics </li></ul></ul>A Pattern for WS-Security <ul><ul><li>Sequence Diagram for the UC: Sign an element using Security Tokens </li></ul></ul>
    11. A Pattern for WS-Security <ul><li>Consequences </li></ul><ul><ul><li>This pattern presents the following advantages: </li></ul></ul><ul><ul><li>XML Encryption allows to hide information from unauthorized users. </li></ul></ul><ul><ul><li>XML Digital signature is used to verify whether a message was modified in transit. </li></ul></ul><ul><ul><li>The combination of XML Signature and security tokens verifies that the user is who he claims to be. </li></ul></ul><ul><ul><li>We can prevent message replay using timestamps . </li></ul></ul><ul><ul><li>The pattern also has some (possible) liabilities: </li></ul></ul><ul><ul><li>This pattern does not describe fixed security protocols. </li></ul></ul>
    12. A Pattern for WS-Security <ul><li>Know Uses </li></ul><ul><ul><li>Several vendors have developed products that support WS-Security. </li></ul></ul><ul><ul><li>Xtradyne’s WS-DBC (Web Service Domain Boundary Controller) http://www.xtradyne.com/products/ws-dbc/WSDBCfeatures.htm </li></ul></ul><ul><ul><li>IONA Artix www.iona.com/info/aboutus/collateral/Artix%20and%20Security.pdf </li></ul></ul><ul><ul><li>Forum Sentry™ http://forumsys.com/products_sentry_specs.htm </li></ul></ul><ul><ul><li>Microsoft Trust Bridge http://www.microsoft.com/presspass/press/2002/Jun02/06-06TrustbridgePR.mspx </li></ul></ul>
    13. A Pattern for WS-Security <ul><li>Related Patterns </li></ul><ul><ul><li>WS-Security uses XML Signature and XML Encryption </li></ul></ul><ul><ul><li>Secure Channel contains a set of security protocols that provide identity authentication and secure, private communication through encryption. </li></ul></ul><ul><ul><li>Strategy </li></ul></ul>
    14. Conclusion <ul><li>We need to develop related patterns such as XML Encryption and XML Signature. </li></ul><ul><li>We need to develop patterns for the WS – family such as WS-Policy, WS-Privacy, WS-SecureConversation, WS-Federation, and WS-Authorization. </li></ul>

    ×