Your SlideShare is downloading. ×
0
Securing Service Oriented Architecture-May 2005
Securing Service Oriented Architecture-May 2005
Securing Service Oriented Architecture-May 2005
Securing Service Oriented Architecture-May 2005
Securing Service Oriented Architecture-May 2005
Securing Service Oriented Architecture-May 2005
Securing Service Oriented Architecture-May 2005
Securing Service Oriented Architecture-May 2005
Securing Service Oriented Architecture-May 2005
Securing Service Oriented Architecture-May 2005
Securing Service Oriented Architecture-May 2005
Securing Service Oriented Architecture-May 2005
Securing Service Oriented Architecture-May 2005
Securing Service Oriented Architecture-May 2005
Securing Service Oriented Architecture-May 2005
Securing Service Oriented Architecture-May 2005
Securing Service Oriented Architecture-May 2005
Securing Service Oriented Architecture-May 2005
Securing Service Oriented Architecture-May 2005
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Securing Service Oriented Architecture-May 2005

237

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
237
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Securing Service Oriented Architecture Don Flinn Flint Security LLC [email_address] www.flintsecurity.com
  • 2. Agenda
    • Distributed security
      • Traditional protocols
      • SOA requirements
    • What's next
  • 3. Distributed Security Traditional Protocols
  • 4. Security Principals
    • Protection of assets
    • Security fundamentals
      • Authentication, Authorization
      • Audit, Administration,
      • Cryptography
    • Risk Management
    • Never-ending contest
  • 5. Traditional Security Protocols
    • Authentication
      • HTTP Basic Auth
      • SSL/TLS
      • Kerberos
      • VPN
    • Authorization
      • RBAC
    • Limitations
  • 6. Distributed Security SOA Requirements
  • 7. SOA Scenario
  • 8. SOA Security Challenges
    • Circuitous route
    • Heterogeneous entities
    • Untrusted intermediates
    • Unlimited system size
  • 9. Message Based Security
    • Security integral part of the message
    • Integrity & Confidentiality
      • End-to-end
  • 10. WS-Security
    • SOAP header block
    • Tokens
    • Digital signatures
    • XML encryption
  • 11. WSS Tokens
    • Username
    • X.509 Certificate
    • Kerberos
    • SAML
    • Biometric
    • XrML
  • 12. d-sig & XML Encryption
    • Digital Signature (d-sig)
      • Substitute for written signature
      • Legal in Business (2000)
    • XML encryption
      • Fine-grained encryption
  • 13. XACML
    • XML based access control
    • Language for Access Control
    • Rules & Policies
    • XACML protocols
  • 14. Vendors
    • .NET Microsoft
    • Websphere IBM
    • JWSDP Sun
    • etc.
    • Be careful of any proprietary moves
  • 15. What's Next
  • 16. Where Are We Today?
    • Intranet & Extranet
    • Internet
      • Establish trust
      • Federation
      • Delegation
      • Privacy
  • 17. Next Steps
    • Complex scenarios
    • Trusted third-parties
    • Discovery & Access
    • Higher level specifications
  • 18. Security & Law
    • Recent security laws
    • Recent court cases
    • Need court defensible security
  • 19. Summary
    • Abundance of tools
      • Blind Use of Tools
    • Complex scenarios
      • Higher level specifications
      • Experience with the protocols

×