Pattern For Ws Security


Published on

Published in: Technology, News & Politics
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Several organizations are involved in developing web services standards. Each organization has different goals and different degrees of power and influence. Also, there are many vendors who duplicate each other’s work. An alliance of Microsoft and IBM Others such as CA (Computer Associates), HP, and BEA As a result, many standards have been created, they may overlap, and even conflict.
  • Pattern For Ws Security

    1. 1. A Pattern for WS-Security Presented by Keiko Hashizume
    2. 2. Outline <ul><li>Introduction </li></ul><ul><li>A Pattern for WS-Security </li></ul><ul><li>Conclusion </li></ul>
    3. 3. Introduction <ul><li>Web services standards are confusing which makes it difficult for vendors to develop products that comply with standards and for users to decide what product to use. </li></ul><ul><li>That is why we need to develop patterns for these standards. </li></ul><ul><ul><li>Patterns embody the knowledge and experience of software developers about a recurrent problem. A pattern solves a specific problem in a given context and can be tailored to fit different situations. </li></ul></ul>
    4. 4. WS-Security Standard <ul><li>Originally developed by IBM, Microsoft, VeriSign, and Forum Systems. </li></ul><ul><li>OASIS Specification </li></ul><ul><li>Latest Version: WS-Security 1.1 </li></ul><ul><li>Approved on February 2006 </li></ul>
    5. 5. A Pattern for WS-Security <ul><li>WS-Security Standard describes enhancements to SOAP messaging through </li></ul><ul><ul><li>Message Confidentiality </li></ul></ul><ul><ul><li>Message Integrity </li></ul></ul><ul><ul><li>Message Authentication </li></ul></ul><ul><ul><li>Non-repudiation </li></ul></ul><ul><ul><li>Context </li></ul></ul><ul><ul><ul><ul><li>Users of web services send and receive SOAP messages through the Internet. </li></ul></ul></ul></ul>
    6. 6. A Pattern for WS-Security <ul><li>Problem </li></ul><ul><ul><li>Forces: </li></ul></ul><ul><ul><ul><li>We need to prevent unauthorized users from reading data during transit. </li></ul></ul></ul><ul><ul><ul><li>We need to protect data in transit from being modified by attackers. </li></ul></ul></ul><ul><ul><ul><li>We need to verify the producer of the message . </li></ul></ul></ul><ul><ul><ul><li>We need to prevent message replay. </li></ul></ul></ul>
    7. 7. A Pattern for WS-Security <ul><li>Solution </li></ul><ul><ul><li>Use a set of mechanisms to improve security by describing how to add security information in the header part of a message. </li></ul></ul><ul><ul><li>Elements that can be included in the SOAP security header : </li></ul></ul><ul><ul><ul><li>Security tokens </li></ul></ul></ul><ul><ul><ul><li>Encryption </li></ul></ul></ul><ul><ul><ul><li>Digital signature </li></ul></ul></ul><ul><ul><ul><li>Timestamps </li></ul></ul></ul>
    8. 8. <ul><ul><li>Structure - Class Diagram </li></ul></ul>
    9. 9. <ul><ul><li>Dynamics </li></ul></ul><ul><ul><li>Sequence Diagram for the UC: Encrypt an element using Security Tokens </li></ul></ul>
    10. 10. <ul><ul><li>Dynamics </li></ul></ul>A Pattern for WS-Security <ul><ul><li>Sequence Diagram for the UC: Sign an element using Security Tokens </li></ul></ul>
    11. 11. A Pattern for WS-Security <ul><li>Consequences </li></ul><ul><ul><li>This pattern presents the following advantages: </li></ul></ul><ul><ul><li>XML Encryption allows to hide information from unauthorized users. </li></ul></ul><ul><ul><li>XML Digital signature is used to verify whether a message was modified in transit. </li></ul></ul><ul><ul><li>The combination of XML Signature and security tokens verifies that the user is who he claims to be. </li></ul></ul><ul><ul><li>We can prevent message replay using timestamps . </li></ul></ul><ul><ul><li>The pattern also has some (possible) liabilities: </li></ul></ul><ul><ul><li>This pattern does not describe fixed security protocols. </li></ul></ul>
    12. 12. A Pattern for WS-Security <ul><li>Know Uses </li></ul><ul><ul><li>Several vendors have developed products that support WS-Security. </li></ul></ul><ul><ul><li>Xtradyne’s WS-DBC (Web Service Domain Boundary Controller) </li></ul></ul><ul><ul><li>IONA Artix </li></ul></ul><ul><ul><li>Forum Sentry™ </li></ul></ul><ul><ul><li>Microsoft Trust Bridge </li></ul></ul>
    13. 13. A Pattern for WS-Security <ul><li>Related Patterns </li></ul><ul><ul><li>WS-Security uses XML Signature and XML Encryption </li></ul></ul><ul><ul><li>Secure Channel contains a set of security protocols that provide identity authentication and secure, private communication through encryption. </li></ul></ul><ul><ul><li>Strategy </li></ul></ul>
    14. 14. Conclusion <ul><li>We need to develop related patterns such as XML Encryption and XML Signature. </li></ul><ul><li>We need to develop patterns for the WS – family such as WS-Policy, WS-Privacy, WS-SecureConversation, WS-Federation, and WS-Authorization. </li></ul>