Tokenauthenticatie en xml signature in detail

•Download as PPTX, PDF•

0 likes•322 views

Marc de Graauw

Technology News & Politics

Tokenauthenticatie& XML Signaturein detail

Tokenauthenticatie smartcard met private key Certificaat QURX_ EX990011NL token maken SignedInfo maken RSA / SHA sig maken signedData SignedInfo SignatureValue Bericht maken SOAP bericht

Transformatie XML 2 SignedData Verstrekkings- Lijstquery QURX_IN990111NL_01.xml signedData.xsl signedData QURX_IN990111NL_01_signedData.xml

signedData X.509 Strong Authentication message id nonce unieke indentificatie van bericht (if duplicate removal has already taken place) notBefore & notAfter time to live security semantics can expire time to store & check nonce addressedParty replay against other receivers Koppeling met bericht BSN voor patiëntgerelateerde berichten Trigger Event Id versieonafhankelijk, itt. InteractionId

Whitespace eruit signedData QURX_IN990111NL_01_signedData.xml remove- whitespace- between- elements.xsl signedData QURX_IN990111NL_01_signedData.xml

Exclusive Canonicalization signedData QURX_IN990111NL_01_signedData.xml excc14n (Oxygen gebruikt) signedData excc14n signedData_ excc14n.xml

Exclusive Canonicalization Dubbele quotes ipv. enkele Namespace declaraties vóór attributen Namespaces alfabetisch rangschikken Linefeed, geen carriage return of CR/LF Geen Byte Order Mark UTF-8

Signed Info element signedData excc14n signedData_ excc14n.xml bits SignedInfo template SHA1 hash wsu Id 160 bits maken SignedInfo Base64 karakters SignedInfo SignedInfo.xml

SHA: Cryptographic hash Wikipedia: A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional change to the data will change the hash value.

SHA SHA1 ... SHA256 1995: SHA-1 NSA 2005: zwaktes in SHA-1 ontdekt 2001: SHA-2 (225, 256, 384, 512) 2008 – 12: SHA-3, open competitie SHA-1 input: message maximum (264 − 1) bits output: 160 bits

Base 64 UTF-8: niet alle octets zijn toegestaan! Ergo: binaire data kunnen niet zomaar in XML / UTF-8 Oplossing: bits -> karakters RFC2045 (MIME) alfabet: [A-Z][a-z][0-9]+/

SHA + Base64 Input (bits) SHA1 (160 bits) 4vBP5K5M5llABaWYzxCrKIdjS2I= Base 64

RSA with SHA SignedInfo (exc c14n) private key bits SHA1 hash 400 bits RSA 160 bits 408 bits ASN.1 DER formaat Base64 3021300906 052b0e0302 1a05000414 karakters 3031300d06 0960864801 6503040201 05000420 SignatureValue SHA 256 -> 464 bits

Sender Receiver “Hello world” “Hello world” SHA-1 hash: 5llABaWYz xCrKIdjS... Public key: MIICHzCCAY ygAwIBAgI..... OK Private key: shhhh..... RSA sig value: c9fVK7vYAdv s2DRZVtS... RSA sig value: c9fVK7vYAdv s2DRZVtS...

Security Services (X.800) Authentication Authorization Data Confidentiality Data Integrity Non-repudiation

SOAP bericht signedData SignedInfo SignatureValue Certificaat verwijzing QURX_ EX990011NL Header maken Header maken authentication Tokens wss:Security Bericht maken SOAP bericht

RSA with SHA SignedInfo (exc c14n) private key bits SHA1 hash 400 bits RSA 160 bits 160 bits ASN.1 DER formaat Base64 3021300906 052b0e0302 1a05000414 karakters 3031300d06 0960864801 6503040201 05000420 SignatureValue SHA 256 -> 464 bits

Recently uploaded

What's New in Teams Calling, Meetings and Devices April 2024

Stephanie Beckett

The Epson EcoTank L3210 is a high-performance and cost-efficient printer designed to meet the printing needs of both home users and small businesses. Equipped with Epson’s revolutionary EcoTank ink tank system, the Epson eliminates the need for traditional ink cartridges, thereby significantly reducing printing costs and plastic waste. With its PrecisionCore technology, this printer delivers sharp, vibrant prints for both documents and photos. Its user-friendly design ensures easy setup and operation, while its compact form factor saves valuable desk space. Whether it’s everyday printing jobs or creative projects, the Epson EcoTank L3210 provides a reliable and eco-friendly printing solution.

Buy Epson EcoTank L3210 Colour Printer Online.pdf

EasyPrinterHelp

Agentic RAG What it is its types applications and implementation.pdf

ChristopherTHyatt

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf

FIDO Alliance

Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)

Julian Hyde

Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...

FIDO Alliance

This presentation focuses on the challenges and strategies of connecting problem definitions within product development. Key Points Covered: - Kayak's mission since its inception in 2004 to simplify travel by enabling easy comparisons of flights through technological solutions. - Discussion of the complexities within the travel industry, including the high expectations for personalized user experiences and the various stakeholder influences. - Emphasis on the necessity of maintaining agility and innovation within a mature company through continuous reassessment of processes. - An explanation of the importance of disciplined problem definition to prevent project failures and team inefficiencies. - Introduction of strategies for effective communication across teams to ensure alignment and comprehension at all levels of project development. - Exploration of various problem-solving methodologies, including how to handle conflicts within team settings regarding problem definitions and project directions.

Connecting the Dots in Product Design at KAYAK

UXDXConf

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “Enterprise Knowledge Graphs: The Importance of Semantics” on May 9, 2024, at the annual Data Summit in Boston. In her presentation, Hedden describes the components of an enterprise knowledge graph and provides further insight into the semantic layer – or knowledge model – component, which includes an ontology and controlled vocabularies, such as taxonomies, for controlled metadata. While data experts tend to focus on the graph database components (RDF triple store or a label property graph), Hedden emphasizes they should not overlook the importance of the semantic layer.

Enterprise Knowledge Graphs - Data Summit 2024

Enterprise Knowledge

Syngulon’s technology expands the capacity for selection of microorganisms. The ability to select individual microbes with a behavior of interest is essential, whether for simple cloning at the bench, or for industry-scale production. Synthetic biology uses the concept of “bioengineering” to improve or modify existing genetic systems to create microbes with desired behaviors, and Syngulon uses this approach to develop its selection technologies. This selection technology is based on bacteriocins, ribosomally-produced peptides naturally made by most bacteria to kill competitive microbial species. These bacteriocins can have a limited or wide target range against other microbial species. This technology offers advantageous over antibiotic selection for several reasons: it avoids the use of antibiotics in the first place, helping to reduce the spread of antibiotic resistant microbes. The technology also increases product yield; as bacteriocins are generally smaller peptides, they do not impose a heavy metabolic burden on the producing cell. They can have a wide target specificity, helping to avoid genetic drift. Finally, our system is 100% plasmid-based (e.g. without chromosomal mutations), making it applicable for use in any E. coli strains.

Syngulon - Selection technology May 2024.pdf

Syngulon

Discover the top Symfony development companies that excel in creating robust and scalable web applications. Our latest blog highlights the best firms specializing in Symfony, known for their expertise in delivering high-performance solutions. Whether you’re looking to start a new project or enhance an existing one, these companies offer the skills and experience needed to bring your vision to life. Read more to find your perfect Symfony development partner.

Top 10 Symfony Development Companies 2024

TopCSSGallery

We're living the AI revolution and Salesforce is adapting and bring new value to their customers. Einstein products are evolving rapidly and navigating their limitations, language support, and use cases can be challenging. Let's make review of what Einstein product are available currently, what are the capabilities and what can be used for in CEE region and how Rossie.ai can help to learn Salesforce speak Czech. We will explore the Einstein roadmap and I will make a short live demo (based on your vote) of some Einstein feature.

AI revolution and Salesforce, Jiří Karpíšek

CzechDreamin

Intro in Product Management - Коротко про професію продакт менеджера

Mark Opanasiuk

How to differentiate Sales Cloud and CPQ on first glance might be tricky if you do not know where to look and what to look at. You will know :-) Managing the sales process within Salesforce is a common use case that can be managed with standart Sales Cloud. If you want to do entire quoting process you will find out Salesforce CPQ solution exists. What is then the difference if both can handle selling products? You will see comparison of 10 different features, which Sales Cloud and Salesforce CPQ handle differently. Simple question you will always remember if you should consider using Salesforce CPQ will be a cherry on top.

10 Differences between Sales Cloud and CPQ, Blanka Doktorová

CzechDreamin

Buy Epson EcoTank L3210 Colour Printer Online.pptx

EasyPrinterHelp

AI presentation and introduction - Retrieval Augmented Generation RAG 101

vincent683379

IoT Analytics Company Presentation May 2024

IoTAnalytics

The presentation underscores the strategic advantage of treating design systems not just as technical assets but as vital business components that require thoughtful management, robust planning, and strategic alignment with organizational goals. Key Points Covered: - Understanding Design Systems as Business Entities: Conceptualizing design systems as internal business entities can streamline their integration and evolution within a company. - Adoption and Expansion: Elaborating on the importance of tactical adoption across organizational structures, enhancing product suites to cater to user needs and broadening scope to mobile and content authoring solutions. - Data-Driven Development: Utilizing data insights for component development ensures that resources are allocated to create valuable, widely used features. - Financial Modeling for Design Systems: Developing sustainable funding models is crucial for long-term support and success of design systems. - Promoting Internal Buy-In: Stressing on strategies for promoting design systems within the organization to increase engagement and investment from internal stakeholders.

A Business-Centric Approach to Design System Strategy

UXDXConf

Explore the core of Salesforce success in 'Salesforce Adoption – Metrics, Methods, and Motivation.' We will discuss essential metrics, effective methods to drive adoption, and the driving force behind user engagement and explore strategies for onboarding, training, and continuous support that empower users to navigate the platform seamlessly. By leveraging these tools, you can effectively measure adoption against your company’s goals and create an environment where users not only adopt Salesforce but actively contribute to its ongoing success.

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

CzechDreamin

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

Abida Shariff

Already know how to write a basic SOQL query? Great! But what about an *aggregate* SOQL query? You know, the kind that uses aggregate functions like COUNT & MAX along with GROUP BY and HAVING clauses? No? Well, get ready to learn how to slice & dice your org’s data right inside your own dev console. From finding duplicate records to prototyping summary & matrix reports, learn the ins and outs of aggregate queries during this fast-paced but admin-friendly session on advanced SOQL concepts.

SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...

CzechDreamin

Recently uploaded (20)

What's New in Teams Calling, Meetings and Devices April 2024

Buy Epson EcoTank L3210 Colour Printer Online.pdf

Agentic RAG What it is its types applications and implementation.pdf

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf

Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)

Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...

Connecting the Dots in Product Design at KAYAK

Enterprise Knowledge Graphs - Data Summit 2024

Syngulon - Selection technology May 2024.pdf

Top 10 Symfony Development Companies 2024

AI revolution and Salesforce, Jiří Karpíšek

Intro in Product Management - Коротко про професію продакт менеджера

10 Differences between Sales Cloud and CPQ, Blanka Doktorová

Buy Epson EcoTank L3210 Colour Printer Online.pptx

AI presentation and introduction - Retrieval Augmented Generation RAG 101

IoT Analytics Company Presentation May 2024

A Business-Centric Approach to Design System Strategy

Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...

Tokenauthenticatie en xml signature in detail

1. Tokenauthenticatie& XML Signaturein detail

2. Tokenauthenticatie smartcard met private key Certificaat QURX_ EX990011NL token maken SignedInfo maken RSA / SHA sig maken signedData SignedInfo SignatureValue Bericht maken SOAP bericht

3. Transformatie XML 2 SignedData Verstrekkings- Lijstquery QURX_IN990111NL_01.xml signedData.xsl signedData QURX_IN990111NL_01_signedData.xml

4. VerstrekkingsLijstquery

5. signedData X.509 Strong Authentication message id nonce unieke indentificatie van bericht (if duplicate removal has already taken place) notBefore & notAfter time to live security semantics can expire time to store & check nonce addressedParty replay against other receivers Koppeling met bericht BSN voor patiëntgerelateerde berichten Trigger Event Id versieonafhankelijk, itt. InteractionId

6. signedData.xml (pretty print)

7. Token versus bestand

8. Whitespace eruit signedData QURX_IN990111NL_01_signedData.xml remove- whitespace- between- elements.xsl signedData QURX_IN990111NL_01_signedData.xml

9. Exclusive Canonicalization signedData QURX_IN990111NL_01_signedData.xml excc14n (Oxygen gebruikt) signedData excc14n signedData_ excc14n.xml

10. Exclusive Canonicalization

11. Exclusive Canonicalization Dubbele quotes ipv. enkele Namespace declaraties vóór attributen Namespaces alfabetisch rangschikken Linefeed, geen carriage return of CR/LF Geen Byte Order Mark UTF-8

12. Signed Info element signedData excc14n signedData_ excc14n.xml bits SignedInfo template SHA1 hash wsu Id 160 bits maken SignedInfo Base64 karakters SignedInfo SignedInfo.xml

13. SHA: Cryptographic hash Wikipedia: A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional change to the data will change the hash value.

14. SHA SHA1 ... SHA256 1995: SHA-1 NSA 2005: zwaktes in SHA-1 ontdekt 2001: SHA-2 (225, 256, 384, 512) 2008 – 12: SHA-3, open competitie SHA-1 input: message maximum (264 − 1) bits output: 160 bits

15. Base 64 UTF-8: niet alle octets zijn toegestaan! Ergo: binaire data kunnen niet zomaar in XML / UTF-8 Oplossing: bits -> karakters RFC2045 (MIME) alfabet: [A-Z][a-z][0-9]+/

16. SHA + Base64 Input (bits) SHA1 (160 bits) 4vBP5K5M5llABaWYzxCrKIdjS2I= Base 64

17. SignedInfo

18. RSA with SHA SignedInfo (exc c14n) private key bits SHA1 hash 400 bits RSA 160 bits 408 bits ASN.1 DER formaat Base64 3021300906 052b0e0302 1a05000414 karakters 3031300d06 0960864801 6503040201 05000420 SignatureValue SHA 256 -> 464 bits

19. Sender Receiver “Hello world” “Hello world” SHA-1 hash: 5llABaWYz xCrKIdjS... Public key: MIICHzCCAY ygAwIBAgI..... OK Private key: shhhh..... RSA sig value: c9fVK7vYAdv s2DRZVtS... RSA sig value: c9fVK7vYAdv s2DRZVtS...

20.

21. Security Services (X.800) Authentication Authorization Data Confidentiality Data Integrity Non-repudiation

22. Security services

23. Key usage

24. SOAP bericht signedData SignedInfo SignatureValue Certificaat verwijzing QURX_ EX990011NL Header maken Header maken authentication Tokens wss:Security Bericht maken SOAP bericht

25. SOAP bericht

26.

27. Transformatie XML 2 SignedData Verstrekkings- Lijstquery QURX_IN990111NL_01.xml signedData.xsl signedData QURX_IN990111NL_01_signedData.xml

28. Whitespace eruit signedData QURX_IN990111NL_01_signedData.xml remove- whitespace- between- elements.xsl signedData QURX_IN990111NL_01_signedData.xml

29. Exclusive Canonicalization signedData QURX_IN990111NL_01_signedData.xml excc14n (Oxygen gebruikt) signedData excc14n signedData_ excc14n.xml

30. Signed Info element signedData excc14n signedData_ excc14n.xml bits SignedInfo template SHA1 hash wsu Id 160 bits maken SignedInfo Base64 karakters SignedInfo SignedInfo.xml

31. RSA with SHA SignedInfo (exc c14n) private key bits SHA1 hash 400 bits RSA 160 bits 160 bits ASN.1 DER formaat Base64 3021300906 052b0e0302 1a05000414 karakters 3031300d06 0960864801 6503040201 05000420 SignatureValue SHA 256 -> 464 bits

32. SOAP bericht signedData SignedInfo SignatureValue Certificaat verwijzing QURX_ EX990011NL Header maken Header maken authentication Tokens wss:Security Bericht maken SOAP bericht

33. Tokenauthenticatie smartcard met private key Certificaat QURX_ EX990011NL token maken SignedInfo maken RSA / SHA sig maken signedData SignedInfo SignatureValue Bericht maken SOAP bericht

Tokenauthenticatie en xml signature in detail

Recommended

Recommended

More Related Content

More from Marc de Graauw

More from Marc de Graauw (13)

Recently uploaded

Recently uploaded (20)

Tokenauthenticatie en xml signature in detail