SlideShare a Scribd company logo

Apache CXF Security Solutions

Download as ODP, PDF
Daniel Kulp
Daniel Kulp

Presentation from ApacheCon NA 2011

TechnologyBusiness
1 of 18
Security Problems (and Solutions) for Service Oriented Applications Daniel Kulp, Talend dkulp@talend.com © Talend 2011 1
My Background J. Daniel Kulp Talend VP - OpenSource Development ASF Member PMC for CXF, Camel, WebService, Maven, Aries. Committer for ServiceMix © Talend 2011 2
What I Will Cover SOA Security Concerns Types of Security Problems WS-* Solutions REST Solutions Apache CXF extensions Thoughts for the future © Talend 2011 3
SOA Security Concerns Collection of Services that make up a complex application that solves complex problems. Primarily Web Services NOT just SOAP Includes REST Can include other technologies like CORBA, JMS, etc... © Talend 2011 4
Security Problems Authentication Authorization Message Protection Data encryption Signatures Intermediaries Security Tokens Performance © Talend 2011 5
WS-* Solutions “Well Defined” (OK: overly complex) specifications WS-Security WS-SecureConversation WS-SecurityPolicy WS-Trust Etc.... © Talend 2011 6
WS-Security How to sign SOAP messages to assure integrity.(based on XMLDsig) How to encrypt SOAP messages to assure confidentiality. (based on XML-Enc) How to attach security tokens to ascertain the sender's identity. X.509, Kerberos, UserNameToken, SAML © Talend 2011 7
WS-SecurityPolicy Tries to address the “contract” of the Security requirements XML based WS-Policy fragments that describe the Security requirements of the service Contains the information about what needs to be includes, what needs to be signed, what needs to be encrypted, algorithms, etc... © Talend 2011 8
WS-Trust Managing Security Tokens Issue, Renew, Cancel, Validate Support brokering trust relationships STS Consumer Provider Intermediar y © Talend 2011 9
WS-SecureConversation Attempt to address the “performance problem” of the WS- Security specifications. XML Signatures and Encryption using strong asymmetric keys is very expensive. WS-SecConv allows for a simpler symmetric key to be used after establishing a “session”. Extends WS-Trust © Talend 2011 10
WS-* Summary Addresses most of the security problems (performance may be the exception) Very complex Several “Profiles” defined to attempt to clarify and simplify things © Talend 2011 11
Apache CXF – WS-* Covers the WS-* stuff very well Very well tested Very actively developed Highly interopable High performance (relative) New in 2.5.0 is an Enterprise Ready Security Token Service © Talend 2011 12
REST HTTPS Basic Authentication NTLM/Digest Authentication OAuth Really, very few “standards” © Talend 2011 13
Apache CXF - REST JAX-RS OAuth 1.0 Flows XML Message Protection Enveloped Enveloping Detached SAML Auth Header Token in Message Form value © Talend 2011 14
Future Work OAuth 2.0 Single Sign-On / SAML SAML for Bearer token in OAuth 2.0 flows Performance (Streaming) WS-Federation for SSO Apache Fediz proposal to the Incubator © Talend 2011 15
More Information CXF - http://cxf.apache.org Distribution contains several security samples Talend – http://talend.com Talend ESB has several code examples, tech notes and webinars covering security topics Blogs – http://coders.talend.com Colm - http://coheigea.blogspot.com/ Glen - http://www.jroller.com/gmazza/ Sergey - http://sberyozkin.blogspot.com/ © Talend 2011 16
Contact Daniel Kulp dkulp@talend.com http://dankulp.com/blog @DanKulp on Twitter © Talend 2011 17
Thank You © Talend 2011 18

Recommended

CXF 3.0, What's new?
CXF 3.0, What's new?CXF 3.0, What's new?
CXF 3.0, What's new?
Daniel Kulp
 
Apache CXF - New Features
Apache CXF - New FeaturesApache CXF - New Features
Apache CXF - New Features
Daniel Kulp
 
Apache CXF New Directions in Integration
Apache CXF New Directions in IntegrationApache CXF New Directions in Integration
Apache CXF New Directions in Integration
Daniel Kulp
 
Integrating Apache Syncope with Apache CXF
Integrating Apache Syncope with Apache CXFIntegrating Apache Syncope with Apache CXF
Integrating Apache Syncope with Apache CXF
coheigea
 
Owin and katana
Owin and katanaOwin and katana
Owin and katana
Udaiappa Ramachandran
 
WSO2 ESB - The Fastest Open Source ESB with Superior Integration Capabilities
WSO2 ESB - The Fastest Open Source ESB with Superior Integration CapabilitiesWSO2 ESB - The Fastest Open Source ESB with Superior Integration Capabilities
WSO2 ESB - The Fastest Open Source ESB with Superior Integration Capabilities
WSO2
 
Owin from spec to application
Owin from spec to applicationOwin from spec to application
Owin from spec to application
damian-h
 
OWIN and Katana Project - Not Only IIS - NoIIS
OWIN and Katana Project - Not Only IIS - NoIISOWIN and Katana Project - Not Only IIS - NoIIS
OWIN and Katana Project - Not Only IIS - NoIIS
Bilal Haidar
 

Recommended

CXF 3.0, What's new?
CXF 3.0, What's new?CXF 3.0, What's new?
CXF 3.0, What's new?
Daniel Kulp
 
Apache CXF - New Features
Apache CXF - New FeaturesApache CXF - New Features
Apache CXF - New Features
Daniel Kulp
 
Apache CXF New Directions in Integration
Apache CXF New Directions in IntegrationApache CXF New Directions in Integration
Apache CXF New Directions in Integration
Daniel Kulp
 
Integrating Apache Syncope with Apache CXF
Integrating Apache Syncope with Apache CXFIntegrating Apache Syncope with Apache CXF
Integrating Apache Syncope with Apache CXF
coheigea
 
Owin and katana
Owin and katanaOwin and katana
Owin and katana
Udaiappa Ramachandran
 
WSO2 ESB - The Fastest Open Source ESB with Superior Integration Capabilities
WSO2 ESB - The Fastest Open Source ESB with Superior Integration CapabilitiesWSO2 ESB - The Fastest Open Source ESB with Superior Integration Capabilities
WSO2 ESB - The Fastest Open Source ESB with Superior Integration Capabilities
WSO2
 
Owin from spec to application
Owin from spec to applicationOwin from spec to application
Owin from spec to application
damian-h
 
OWIN and Katana Project - Not Only IIS - NoIIS
OWIN and Katana Project - Not Only IIS - NoIISOWIN and Katana Project - Not Only IIS - NoIIS
OWIN and Katana Project - Not Only IIS - NoIIS
Bilal Haidar
 
Introduction to ESB Architecture and Message Flow
Introduction to ESB Architecture and Message Flow Introduction to ESB Architecture and Message Flow
Introduction to ESB Architecture and Message Flow
WSO2
 
Security Patterns with WSO2 ESB
Security Patterns with WSO2 ESBSecurity Patterns with WSO2 ESB
Security Patterns with WSO2 ESB
WSO2
 
ASP.NET: Present and future
ASP.NET: Present and futureASP.NET: Present and future
ASP.NET: Present and future
Hrvoje Hudoletnjak
 
Spring basics for freshers
Spring basics for freshersSpring basics for freshers
Spring basics for freshers
Swati Bansal
 
Introduction to OWIN
Introduction to OWINIntroduction to OWIN
Introduction to OWIN
Saran Doraiswamy
 
Using Istio to Secure & Monitor Your Services
Using Istio to Secure & Monitor Your ServicesUsing Istio to Secure & Monitor Your Services
Using Istio to Secure & Monitor Your Services
Alcide
 
Wso2 tutorial
Wso2 tutorialWso2 tutorial
Wso2 tutorial
Armando Ramirez Vila
 
Running SOA in the Cloud: SOA CS for SOA Suite Customers
Running SOA in the Cloud: SOA CS for SOA Suite CustomersRunning SOA in the Cloud: SOA CS for SOA Suite Customers
Running SOA in the Cloud: SOA CS for SOA Suite Customers
Simon Haslam
 
OWIN (Open Web Interface for .NET)
OWIN (Open Web Interface for .NET)OWIN (Open Web Interface for .NET)
OWIN (Open Web Interface for .NET)
Folio3 Software
 
Tips & Tricks for Java & SOA Cloud Service
Tips & Tricks for Java & SOA Cloud ServiceTips & Tricks for Java & SOA Cloud Service
Tips & Tricks for Java & SOA Cloud Service
Simon Haslam
 
INTRODUCTION TO IIS
INTRODUCTION TO IISINTRODUCTION TO IIS
INTRODUCTION TO IIS
sanya6900
 
SOA & WebLogic - Lift & Shift to the Cloud
SOA & WebLogic - Lift & Shift to the CloudSOA & WebLogic - Lift & Shift to the Cloud
SOA & WebLogic - Lift & Shift to the Cloud
Simon Haslam
 
SQL Server 2017 CLR
SQL Server 2017 CLRSQL Server 2017 CLR
SQL Server 2017 CLR
Eduardo Piairo
 
O que é esse tal de OWIN?
O que é esse tal de OWIN?O que é esse tal de OWIN?
O que é esse tal de OWIN?
Andre Carlucci
 
Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB
WSO2
 
Experiences of SOACS
Experiences of SOACSExperiences of SOACS
Experiences of SOACS
Simon Haslam
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measures
Maarten Smeets
 
MySQL 5.7 + Java
MySQL 5.7 + JavaMySQL 5.7 + Java
MySQL 5.7 + Java
Mark Swarbrick
 
CLR Stored Procedures
CLR Stored ProceduresCLR Stored Procedures
CLR Stored Procedures
Harshana Weerasinghe
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your Environment
Kurtis Kemple
 
Making Sense Of Web Services
Making Sense Of Web ServicesMaking Sense Of Web Services
Making Sense Of Web Services
Jorgen Thelin
 
Web Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & CountermeasuresWeb Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Praetorian
 

More Related Content

What's hot

Introduction to ESB Architecture and Message Flow
Introduction to ESB Architecture and Message Flow Introduction to ESB Architecture and Message Flow
Introduction to ESB Architecture and Message Flow
WSO2
 
Security Patterns with WSO2 ESB
Security Patterns with WSO2 ESBSecurity Patterns with WSO2 ESB
Security Patterns with WSO2 ESB
WSO2
 
INTRODUCTION TO IIS
INTRODUCTION TO IISINTRODUCTION TO IIS
INTRODUCTION TO IIS
sanya6900
 
Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB
WSO2
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measures
Maarten Smeets
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your Environment
Kurtis Kemple
 

What's hot (20)

Introduction to ESB Architecture and Message Flow
Introduction to ESB Architecture and Message Flow Introduction to ESB Architecture and Message Flow
Introduction to ESB Architecture and Message Flow
 
Security Patterns with WSO2 ESB
Security Patterns with WSO2 ESBSecurity Patterns with WSO2 ESB
Security Patterns with WSO2 ESB
 
ASP.NET: Present and future
ASP.NET: Present and futureASP.NET: Present and future
ASP.NET: Present and future
 
Spring basics for freshers
Spring basics for freshersSpring basics for freshers
Spring basics for freshers
 
Introduction to OWIN
Introduction to OWINIntroduction to OWIN
Introduction to OWIN
 
Using Istio to Secure & Monitor Your Services
Using Istio to Secure & Monitor Your ServicesUsing Istio to Secure & Monitor Your Services
Using Istio to Secure & Monitor Your Services
 
Wso2 tutorial
Wso2 tutorialWso2 tutorial
Wso2 tutorial
 
Running SOA in the Cloud: SOA CS for SOA Suite Customers
Running SOA in the Cloud: SOA CS for SOA Suite CustomersRunning SOA in the Cloud: SOA CS for SOA Suite Customers
Running SOA in the Cloud: SOA CS for SOA Suite Customers
 
OWIN (Open Web Interface for .NET)
OWIN (Open Web Interface for .NET)OWIN (Open Web Interface for .NET)
OWIN (Open Web Interface for .NET)
 
Tips & Tricks for Java & SOA Cloud Service
Tips & Tricks for Java & SOA Cloud ServiceTips & Tricks for Java & SOA Cloud Service
Tips & Tricks for Java & SOA Cloud Service
 
INTRODUCTION TO IIS
INTRODUCTION TO IISINTRODUCTION TO IIS
INTRODUCTION TO IIS
 
SOA & WebLogic - Lift & Shift to the Cloud
SOA & WebLogic - Lift & Shift to the CloudSOA & WebLogic - Lift & Shift to the Cloud
SOA & WebLogic - Lift & Shift to the Cloud
 
SQL Server 2017 CLR
SQL Server 2017 CLRSQL Server 2017 CLR
SQL Server 2017 CLR
 
O que é esse tal de OWIN?
O que é esse tal de OWIN?O que é esse tal de OWIN?
O que é esse tal de OWIN?
 
Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB
 
Experiences of SOACS
Experiences of SOACSExperiences of SOACS
Experiences of SOACS
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measures
 
MySQL 5.7 + Java
MySQL 5.7 + JavaMySQL 5.7 + Java
MySQL 5.7 + Java
 
CLR Stored Procedures
CLR Stored ProceduresCLR Stored Procedures
CLR Stored Procedures
 
Enterprise Node - Securing Your Environment
Enterprise Node - Securing Your EnvironmentEnterprise Node - Securing Your Environment
Enterprise Node - Securing Your Environment
 

Similar to Apache CXF Security Solutions

Making Sense Of Web Services
Making Sense Of Web ServicesMaking Sense Of Web Services
Making Sense Of Web Services
Jorgen Thelin
 
Web Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & CountermeasuresWeb Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Praetorian
 
Designing A Logical Security Framework for E-Commerce System Based on SOA
Designing A Logical Security Framework for E-Commerce System Based on SOA Designing A Logical Security Framework for E-Commerce System Based on SOA
Designing A Logical Security Framework for E-Commerce System Based on SOA
ijsc
 
Designing a logical security framework
Designing a logical security frameworkDesigning a logical security framework
Designing a logical security framework
ijsc
 
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionComparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
CSCJournals
 
Session 1: The SOAP Story
Session 1: The SOAP StorySession 1: The SOAP Story
Session 1: The SOAP Story
ukdpe
 
Otm 2013 c13_e-13b-hagan-mark-otm-soa
Otm 2013 c13_e-13b-hagan-mark-otm-soaOtm 2013 c13_e-13b-hagan-mark-otm-soa
Otm 2013 c13_e-13b-hagan-mark-otm-soa
jucaab
 
Toufic Boubez The Future Of S O A Security
Toufic Boubez The Future Of S O A SecurityToufic Boubez The Future Of S O A Security
Toufic Boubez The Future Of S O A Security
SOA Symposium
 
Bloombase Spitfire SOA Security Server Brochure
Bloombase Spitfire SOA Security Server BrochureBloombase Spitfire SOA Security Server Brochure
Bloombase Spitfire SOA Security Server Brochure
Bloombase
 
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
chhoup
 
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
Jorgen Thelin
 
What is in a Good Contract? Designing Interfaces for Distributed Systems
What is in a Good Contract? Designing Interfaces for Distributed SystemsWhat is in a Good Contract? Designing Interfaces for Distributed Systems
What is in a Good Contract? Designing Interfaces for Distributed Systems
Schalk Cronjé
 
Cyber defense for soa & rest oracle
Cyber defense for soa & rest oracleCyber defense for soa & rest oracle
Cyber defense for soa & rest oracle
igsc
 

Similar to Apache CXF Security Solutions (20)

Making Sense Of Web Services
Making Sense Of Web ServicesMaking Sense Of Web Services
Making Sense Of Web Services
 
Web Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & CountermeasuresWeb Services Presentation - Introduction, Vulnerabilities, & Countermeasures
Web Services Presentation - Introduction, Vulnerabilities, & Countermeasures
 
SSLtalk
SSLtalkSSLtalk
SSLtalk
 
Designing A Logical Security Framework for E-Commerce System Based on SOA
Designing A Logical Security Framework for E-Commerce System Based on SOA Designing A Logical Security Framework for E-Commerce System Based on SOA
Designing A Logical Security Framework for E-Commerce System Based on SOA
 
Designing a logical security framework
Designing a logical security frameworkDesigning a logical security framework
Designing a logical security framework
 
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionComparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
 
Lucw lsec-securit-20110907-4-final-5
Lucw lsec-securit-20110907-4-final-5Lucw lsec-securit-20110907-4-final-5
Lucw lsec-securit-20110907-4-final-5
 
Session 1: The SOAP Story
Session 1: The SOAP StorySession 1: The SOAP Story
Session 1: The SOAP Story
 
Otm 2013 c13_e-13b-hagan-mark-otm-soa
Otm 2013 c13_e-13b-hagan-mark-otm-soaOtm 2013 c13_e-13b-hagan-mark-otm-soa
Otm 2013 c13_e-13b-hagan-mark-otm-soa
 
Toufic Boubez The Future Of S O A Security
Toufic Boubez The Future Of S O A SecurityToufic Boubez The Future Of S O A Security
Toufic Boubez The Future Of S O A Security
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & Secure
 
Service Oriented Development With Windows Communication Foundation Tulsa Dnug
Service Oriented Development With Windows Communication Foundation Tulsa DnugService Oriented Development With Windows Communication Foundation Tulsa Dnug
Service Oriented Development With Windows Communication Foundation Tulsa Dnug
 
Bloombase Spitfire SOA Security Server Brochure
Bloombase Spitfire SOA Security Server BrochureBloombase Spitfire SOA Security Server Brochure
Bloombase Spitfire SOA Security Server Brochure
 
Soa And Web Services Security
Soa And Web Services SecuritySoa And Web Services Security
Soa And Web Services Security
 
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
 
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
 
What is in a Good Contract? Designing Interfaces for Distributed Systems
What is in a Good Contract? Designing Interfaces for Distributed SystemsWhat is in a Good Contract? Designing Interfaces for Distributed Systems
What is in a Good Contract? Designing Interfaces for Distributed Systems
 
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
 
Presentation a hitchhiker’s guide to the inter-cloud
Presentation a hitchhiker’s guide to the inter-cloudPresentation a hitchhiker’s guide to the inter-cloud
Presentation a hitchhiker’s guide to the inter-cloud
 
Cyber defense for soa & rest oracle
Cyber defense for soa & rest oracleCyber defense for soa & rest oracle
Cyber defense for soa & rest oracle
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Apache CXF Security Solutions

  • 1. Security Problems (and Solutions) for Service Oriented Applications Daniel Kulp, Talend dkulp@talend.com © Talend 2011 1
  • 2. My Background J. Daniel Kulp Talend VP - OpenSource Development ASF Member PMC for CXF, Camel, WebService, Maven, Aries. Committer for ServiceMix © Talend 2011 2
  • 3. What I Will Cover SOA Security Concerns Types of Security Problems WS-* Solutions REST Solutions Apache CXF extensions Thoughts for the future © Talend 2011 3
  • 4. SOA Security Concerns Collection of Services that make up a complex application that solves complex problems. Primarily Web Services NOT just SOAP Includes REST Can include other technologies like CORBA, JMS, etc... © Talend 2011 4
  • 5. Security Problems Authentication Authorization Message Protection Data encryption Signatures Intermediaries Security Tokens Performance © Talend 2011 5
  • 6. WS-* Solutions “Well Defined” (OK: overly complex) specifications WS-Security WS-SecureConversation WS-SecurityPolicy WS-Trust Etc.... © Talend 2011 6
  • 7. WS-Security How to sign SOAP messages to assure integrity.(based on XMLDsig) How to encrypt SOAP messages to assure confidentiality. (based on XML-Enc) How to attach security tokens to ascertain the sender's identity. X.509, Kerberos, UserNameToken, SAML © Talend 2011 7
  • 8. WS-SecurityPolicy Tries to address the “contract” of the Security requirements XML based WS-Policy fragments that describe the Security requirements of the service Contains the information about what needs to be includes, what needs to be signed, what needs to be encrypted, algorithms, etc... © Talend 2011 8
  • 9. WS-Trust Managing Security Tokens Issue, Renew, Cancel, Validate Support brokering trust relationships STS Consumer Provider Intermediar y © Talend 2011 9
  • 10. WS-SecureConversation Attempt to address the “performance problem” of the WS- Security specifications. XML Signatures and Encryption using strong asymmetric keys is very expensive. WS-SecConv allows for a simpler symmetric key to be used after establishing a “session”. Extends WS-Trust © Talend 2011 10
  • 11. WS-* Summary Addresses most of the security problems (performance may be the exception) Very complex Several “Profiles” defined to attempt to clarify and simplify things © Talend 2011 11
  • 12. Apache CXF – WS-* Covers the WS-* stuff very well Very well tested Very actively developed Highly interopable High performance (relative) New in 2.5.0 is an Enterprise Ready Security Token Service © Talend 2011 12
  • 14. Apache CXF - REST JAX-RS OAuth 1.0 Flows XML Message Protection Enveloped Enveloping Detached SAML Auth Header Token in Message Form value © Talend 2011 14
  • 15. Future Work OAuth 2.0 Single Sign-On / SAML SAML for Bearer token in OAuth 2.0 flows Performance (Streaming) WS-Federation for SSO Apache Fediz proposal to the Incubator © Talend 2011 15
  • 16. More Information CXF - http://cxf.apache.org Distribution contains several security samples Talend – http://talend.com Talend ESB has several code examples, tech notes and webinars covering security topics Blogs – http://coders.talend.com Colm - http://coheigea.blogspot.com/ Glen - http://www.jroller.com/gmazza/ Sergey - http://sberyozkin.blogspot.com/ © Talend 2011 16
  • 17. Contact Daniel Kulp dkulp@talend.com http://dankulp.com/blog @DanKulp on Twitter © Talend 2011 17