More Related Content
Similar to Secured SOA (20)
More from Prabath Siriwardena (20)
Secured SOA
- 32. CLIENT_HELLO
Highest SSL Version,
Ciphers Supported,
Data Compression Methods,
SessionId = 0,
Random Data
- 33. SERVER_HELLO
Selected SSL Version,
Selected Cipher,
Selected Data Compression Method,
Assigned Session Id,
Random Data
- 47. <soap:Envelope >
<soap:Body>
<ns1:withdrawMoney >
<param1></ param1>
<param2></ param2>
<param3></ param3>
</ ns1:withdrawMoney >
</soap:Body>
</soap:Envelope>
- 48. <soap:Envelope >
<soap:Body>
<ns1:withdrawMoney >
<param1></ param1>
<param2></ param2>
<param3></ param3>
</ ns1:withdrawMoney >
</soap:Body>
</soap:Envelope>
- 58. <wsse:UsernameToken wsu:Id="Example-1">
<wsse:Username> ... </wsse:Username>
<wsse:Password
Type="..."> ... </wsse:Password>
<wsse:Nonce
EncodingType="..."> ... </wsse:Nonce>
<wsu:Created> ... </wsu:Created>
</wsse:UsernameToken>
- 59. NOBODY Can See the Message
in Clear Text Other
than the Intended Recipient
- 68. <Envelope>
<Header>
<Signature>
</Signature>
</Header>
<Body>
<Message>
</Message>
</Body>
</Envelope>
- 70. 1
<Envelope>
<Body>
<Message>
</Message>
</Body>
</Envelope>
- 71. 2 <Envelope>
<Header>
<Signature>
</Signature>
</Header>
<Body>
<Message>
</Message>
</Body>
</Envelope>
- 72. 3 <Envelope>
<Header>
<Signature>
</Signature>
</Header>
<Body>
<EncryptedData>
</EncryptedData>
</Body>
</Envelope>
- 74. 1
<Envelope>
<Body>
<Message>
</Message>
</Body>
</Envelope>
- 75. 2
<Envelope>
<Body>
<EncryptedData>
</EncryptedData>
</Body>
</Envelope>
- 76. 3 <Envelope>
<Header>
<Signature>
</Signature>
</Header>
<Body>
<EncryptedData>
</EncryptedData>
</Body>
</Envelope>
- 77. WS - Security
XML Username X.509 Token
XML Signature
Encryption Token Profile Profile
- 89. <s:Envelope>
<s:Header>
<wsa:Action>
http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue
</wsa:Action>
</s:Header>
<s:Body>
<wst:RequestSecurityToken>
<wst:TokenType>
http://example.org/mySpecialToken
</wst:TokenType>
<wst:RequestType>
http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue
</wst:RequestType>
</wst:RequestSecurityToken>
</s:Body>
</s:Envelope>
- 90. <s:Envelope>
<s:Header>
<wsa:Action>
http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Issue
</wsa:Action>
</s:Header>
<s:Body>
<wst:RequestSecurityTokenResponseCollection>
<wst:RequestSecurityTokenResponse>
<wst:RequestedSecurityToken>
<xyz:CustomToken xmlns:xyz="...">
</xyz:CustomToken>
</wst:RequestedSecurityToken>
</wst:RequestSecurityTokenResponse>
</wst:RequestSecurityTokenResponseCollection>
</s:Body>
</s:Envelope>
- 91. WS - Trust
WS - Security
Username X.509
XML XML
Token Token
Signature Encryption
Profile Profile
- 93. How Do We Communicate
our Security
Requirements to
Outsiders ?