SlideShare a Scribd company logo
1 of 17
Submitted By :   Md. Hasan Basri
                 Reg. No. : 1010048, Roll: 700030, Session: 2006 -2007
                 Department of Computer Science, IST.
                 National University Bangladesh.

Supervised By:   A.N.M Khaleqdad Khan
                 Assistant Professor, Department of Computer Science,
                 Institute of Science and Technology (IST).
                 National University Bangladesh.
 “Without Trust and Security, Web Services are
 Dead on Arrival.”
                         - Phillip Hallam-Baker
 Providing a key management specification for
 secure web service communication considering the
 principal of symmetric key cryptography.
• Security Requirements
• Public Key Infrastructure (PKI) Challenge
• What is XML Key Management Services (XKMS)
• XKMS Basic Services (Advantages, PKI Essentials)
• XML Signature using XKMS
• XML Encryption using XKMS
• Authentication using XKMS
• Interaction with XKMS
• Conclusion
•   Secure Authentication Requirement: Password-based
    authentication is weak, costly, and difficult to manage
•   Message Security: Message-level confidentiality and non-
    repudiation needed
•   Payload Security: Confidential business information (CBI)
    may require submissions to be signed and encrypted
•   Very complicated technology with some proprietary
    implementations
•   Non-standard interface, difficult to use, deploy, and maintain
•   Very high cost of acquisition, support, and operation
•   Very low interoperability (No PKI standard interfaces)
•   Certificate validation is very challenging
•   A World Wide Web Consortium (W3C) standard, XKMS
    2.0, is finalized
•   A central key depository with Web service interface to PKI
•   Vendor-neutral PKI solution for public key and certificate
    management
•   A very simple access model
•   Foundation for secure Web services (XML signature, XML
    encryption, XKMS)
•   XKMS will be the PKI solution to the Exchange Network,
    and the key element to a strong security model.
•   XKMS Advantages
    –   A Web service interface to PKI technologies, accessible to any applications
        on the Internet
    –   Vendor-neutral PKI solution for public keys and certificates management
    –   Dramatically reduces cost of PKI. Key can be generated and registered at
        anytime on any machine
    –   Online real-time key/certificate validation using a simple Web method
•   PKI Essentials
    – A key is generated and broken up into two pieces – Public
       Key and Private Key
    – Private Key never goes out of your machine, but share Public
       Key with anyone
    – When a data is encrypted using one key, it could only be
       decrypted using another
    – Encryption: Encrypt data using the receiver’s Public Key

    – Signature: Encrypt data using your Private Key
•   XML Key Information Services (XKISS) – Locate and
    validate Public Keys
•   XML Key Registration Services (XKRSS) – Register, revoke,
    recover, and reissue public keys or X.509 certificates
•   Secure key exchange with XML encryption and signature
•   All operations are defined as Web service methods
•   A document is signed using the Private Key and key
    information (KeyName, KeyValue)
•   The receiver locates / validates the Public Key used for the
    signature from an XKMS server
•   The receiver verifies the signature using the valid key
•   The sender locates the receiver’s Public Key from an XKMS
    server
•   The sender encrypts a document using the receiver’s
    Public Key
•   The receiver decrypts the document using the Private Key
•   A user registers Public Key in XKMS
•   The user creates an Authenticate message and signs the
    message using the Private Key
•   Network Authentication and Authorization Server (NAAS)
    locates / validates the user’s Public Key from XKMS
•   NAAS verifies the signature. The user is authenticated if
    the signature is valid – the holder of the Private Key
• XKMS is the foundation for secure exchanges in the
  network – basic component for XML encryption and
  signature
• XKMS provides a simple standard interface to PKI
• Network XKMS services will be available to all
  network nodes and node clients
• XKMS will be integrated into NAAS for key-based
  authentication
• XKMS is the PKI solution without the PKI complexity
  and cost
XML Key Management Protocol for Secure Web Service

More Related Content

What's hot

Apresentação fortinet
Apresentação fortinetApresentação fortinet
Apresentação fortinetinternetbrasil
 
Privacy Enhanced Mail (PEM)
Privacy Enhanced Mail (PEM)Privacy Enhanced Mail (PEM)
Privacy Enhanced Mail (PEM)Palash Mehar
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
Cost and Performance Optimisation in Amazon RDS - AWS Summit Sydney 2018
Cost and Performance Optimisation in Amazon RDS - AWS Summit Sydney 2018Cost and Performance Optimisation in Amazon RDS - AWS Summit Sydney 2018
Cost and Performance Optimisation in Amazon RDS - AWS Summit Sydney 2018Amazon Web Services
 
Introduction to Cassandra: Replication and Consistency
Introduction to Cassandra: Replication and ConsistencyIntroduction to Cassandra: Replication and Consistency
Introduction to Cassandra: Replication and ConsistencyBenjamin Black
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSiQHub
 
On Prem vs Cloud SlideShare
On Prem vs Cloud SlideShareOn Prem vs Cloud SlideShare
On Prem vs Cloud SlideShareTim Conti
 
Cloud Computing Principles and Paradigms: 3 enriching the integration as a se...
Cloud Computing Principles and Paradigms: 3 enriching the integration as a se...Cloud Computing Principles and Paradigms: 3 enriching the integration as a se...
Cloud Computing Principles and Paradigms: 3 enriching the integration as a se...Majid Hajibaba
 
Research in Internet of Things' Operating Systems (IoT OS's)
Research in Internet of Things' Operating Systems (IoT OS's)Research in Internet of Things' Operating Systems (IoT OS's)
Research in Internet of Things' Operating Systems (IoT OS's)Salahuddin ElKazak
 
Top 10 Data Center Success Criteria
Top 10 Data Center Success CriteriaTop 10 Data Center Success Criteria
Top 10 Data Center Success CriteriaInternap
 
Ike Al Pres on 5G and 5G Advanced selected Capabilities to LF Edge Akraino Su...
Ike Al Pres on 5G and 5G Advanced selected Capabilities to LF Edge Akraino Su...Ike Al Pres on 5G and 5G Advanced selected Capabilities to LF Edge Akraino Su...
Ike Al Pres on 5G and 5G Advanced selected Capabilities to LF Edge Akraino Su...Ike Alisson
 
Cloud Privacy & Security compliance
Cloud Privacy & Security complianceCloud Privacy & Security compliance
Cloud Privacy & Security complianceBryan Starbuck
 

What's hot (20)

vm provisioning
vm provisioningvm provisioning
vm provisioning
 
Apresentação fortinet
Apresentação fortinetApresentação fortinet
Apresentação fortinet
 
Meraki SD-WAN.pdf
Meraki SD-WAN.pdfMeraki SD-WAN.pdf
Meraki SD-WAN.pdf
 
Forescout exam
Forescout examForescout exam
Forescout exam
 
Privacy Enhanced Mail (PEM)
Privacy Enhanced Mail (PEM)Privacy Enhanced Mail (PEM)
Privacy Enhanced Mail (PEM)
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)
 
Mis chapter 2
Mis chapter 2Mis chapter 2
Mis chapter 2
 
Cost and Performance Optimisation in Amazon RDS - AWS Summit Sydney 2018
Cost and Performance Optimisation in Amazon RDS - AWS Summit Sydney 2018Cost and Performance Optimisation in Amazon RDS - AWS Summit Sydney 2018
Cost and Performance Optimisation in Amazon RDS - AWS Summit Sydney 2018
 
Introduction to Cassandra: Replication and Consistency
Introduction to Cassandra: Replication and ConsistencyIntroduction to Cassandra: Replication and Consistency
Introduction to Cassandra: Replication and Consistency
 
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETSDISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
DISCUSSION ON SECURITY MEASURES FOR PIPELINE CYBER ASSETS
 
models of distributed computing
models of distributed computingmodels of distributed computing
models of distributed computing
 
On Prem vs Cloud SlideShare
On Prem vs Cloud SlideShareOn Prem vs Cloud SlideShare
On Prem vs Cloud SlideShare
 
Cloud Computing Principles and Paradigms: 3 enriching the integration as a se...
Cloud Computing Principles and Paradigms: 3 enriching the integration as a se...Cloud Computing Principles and Paradigms: 3 enriching the integration as a se...
Cloud Computing Principles and Paradigms: 3 enriching the integration as a se...
 
Research in Internet of Things' Operating Systems (IoT OS's)
Research in Internet of Things' Operating Systems (IoT OS's)Research in Internet of Things' Operating Systems (IoT OS's)
Research in Internet of Things' Operating Systems (IoT OS's)
 
Top 10 Data Center Success Criteria
Top 10 Data Center Success CriteriaTop 10 Data Center Success Criteria
Top 10 Data Center Success Criteria
 
Data centers on the Edge
Data centers on the EdgeData centers on the Edge
Data centers on the Edge
 
Ike Al Pres on 5G and 5G Advanced selected Capabilities to LF Edge Akraino Su...
Ike Al Pres on 5G and 5G Advanced selected Capabilities to LF Edge Akraino Su...Ike Al Pres on 5G and 5G Advanced selected Capabilities to LF Edge Akraino Su...
Ike Al Pres on 5G and 5G Advanced selected Capabilities to LF Edge Akraino Su...
 
Systems Life Cycle
Systems Life CycleSystems Life Cycle
Systems Life Cycle
 
Cloud Privacy & Security compliance
Cloud Privacy & Security complianceCloud Privacy & Security compliance
Cloud Privacy & Security compliance
 
WS - Security
WS - SecurityWS - Security
WS - Security
 

Similar to XML Key Management Protocol for Secure Web Service

The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...DATA SECURITY SOLUTIONS
 
Blockchain Introduction
Blockchain IntroductionBlockchain Introduction
Blockchain IntroductionAyham Madi
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
 
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...Shumon Huque
 
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxAliMohamed855266
 
020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPSJackio Kwok
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measuresMaarten Smeets
 
KMS at Okta - Intermediate Level
KMS at Okta - Intermediate LevelKMS at Okta - Intermediate Level
KMS at Okta - Intermediate LevelJon Todd
 
Isse 2014 homomorphic encryption and porticor post event
Isse 2014 homomorphic encryption and porticor   post eventIsse 2014 homomorphic encryption and porticor   post event
Isse 2014 homomorphic encryption and porticor post eventICT Economic Impact
 
InitVerse Blockchain - 5 minutes to understand the blockchain.pdf
InitVerse Blockchain - 5 minutes to understand the blockchain.pdfInitVerse Blockchain - 5 minutes to understand the blockchain.pdf
InitVerse Blockchain - 5 minutes to understand the blockchain.pdfInitVerse Blockchain
 
Information Security Lesson 9 - Keys - Eric Vanderburg
Information Security Lesson 9 - Keys - Eric VanderburgInformation Security Lesson 9 - Keys - Eric Vanderburg
Information Security Lesson 9 - Keys - Eric VanderburgEric Vanderburg
 
Block chain fundamentals and hyperledger
Block chain fundamentals and hyperledgerBlock chain fundamentals and hyperledger
Block chain fundamentals and hyperledgersendhilkumarks
 

Similar to XML Key Management Protocol for Secure Web Service (20)

PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in Bangladesh
 
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...The Future of PKI. Using automation tools and protocols to bootstrap trust in...
The Future of PKI. Using automation tools and protocols to bootstrap trust in...
 
Blockchain Introduction
Blockchain IntroductionBlockchain Introduction
Blockchain Introduction
 
Unit08
Unit08Unit08
Unit08
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
 
PKI & SSL
PKI & SSLPKI & SSL
PKI & SSL
 
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
Single Sign-On, Two Factor & more: Advanced Authentication & Authorization at...
 
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptx
 
Wpa3
Wpa3Wpa3
Wpa3
 
Public Blockchain Development Services
Public Blockchain Development ServicesPublic Blockchain Development Services
Public Blockchain Development Services
 
Webinar- Internet of Things: Application Frameworks in IoT
Webinar- Internet of Things: Application Frameworks in IoTWebinar- Internet of Things: Application Frameworks in IoT
Webinar- Internet of Things: Application Frameworks in IoT
 
020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measures
 
KMS at Okta - Intermediate Level
KMS at Okta - Intermediate LevelKMS at Okta - Intermediate Level
KMS at Okta - Intermediate Level
 
Isse 2014 homomorphic encryption and porticor post event
Isse 2014 homomorphic encryption and porticor   post eventIsse 2014 homomorphic encryption and porticor   post event
Isse 2014 homomorphic encryption and porticor post event
 
InitVerse Blockchain - 5 minutes to understand the blockchain.pdf
InitVerse Blockchain - 5 minutes to understand the blockchain.pdfInitVerse Blockchain - 5 minutes to understand the blockchain.pdf
InitVerse Blockchain - 5 minutes to understand the blockchain.pdf
 
Information Security Lesson 9 - Keys - Eric Vanderburg
Information Security Lesson 9 - Keys - Eric VanderburgInformation Security Lesson 9 - Keys - Eric Vanderburg
Information Security Lesson 9 - Keys - Eric Vanderburg
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Block chain fundamentals and hyperledger
Block chain fundamentals and hyperledgerBlock chain fundamentals and hyperledger
Block chain fundamentals and hyperledger
 
BlockChain-1.pptx
BlockChain-1.pptxBlockChain-1.pptx
BlockChain-1.pptx
 

More from Md. Hasan Basri (Angel)

More from Md. Hasan Basri (Angel) (9)

Introduction to Apache Hadoop Eco-System
Introduction to Apache Hadoop Eco-SystemIntroduction to Apache Hadoop Eco-System
Introduction to Apache Hadoop Eco-System
 
Information Security Engineering
Information Security EngineeringInformation Security Engineering
Information Security Engineering
 
Introduction to Blockchain Technology
Introduction to Blockchain TechnologyIntroduction to Blockchain Technology
Introduction to Blockchain Technology
 
MicroService Architecture
MicroService ArchitectureMicroService Architecture
MicroService Architecture
 
Test Driven Development
Test Driven DevelopmentTest Driven Development
Test Driven Development
 
Introduction to Bank Reconciliation
Introduction to Bank ReconciliationIntroduction to Bank Reconciliation
Introduction to Bank Reconciliation
 
Agile/Scrum Methodology Gains Your Productivity
Agile/Scrum Methodology Gains Your ProductivityAgile/Scrum Methodology Gains Your Productivity
Agile/Scrum Methodology Gains Your Productivity
 
ISO 8583 Financial Message Format
ISO 8583 Financial Message FormatISO 8583 Financial Message Format
ISO 8583 Financial Message Format
 
Signature based virus detection and protection system
Signature based virus detection and protection systemSignature based virus detection and protection system
Signature based virus detection and protection system
 

Recently uploaded

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Recently uploaded (20)

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 

XML Key Management Protocol for Secure Web Service

  • 1. Submitted By : Md. Hasan Basri Reg. No. : 1010048, Roll: 700030, Session: 2006 -2007 Department of Computer Science, IST. National University Bangladesh. Supervised By: A.N.M Khaleqdad Khan Assistant Professor, Department of Computer Science, Institute of Science and Technology (IST). National University Bangladesh.
  • 2.  “Without Trust and Security, Web Services are Dead on Arrival.” - Phillip Hallam-Baker
  • 3.  Providing a key management specification for secure web service communication considering the principal of symmetric key cryptography.
  • 4. • Security Requirements • Public Key Infrastructure (PKI) Challenge • What is XML Key Management Services (XKMS) • XKMS Basic Services (Advantages, PKI Essentials) • XML Signature using XKMS • XML Encryption using XKMS • Authentication using XKMS • Interaction with XKMS • Conclusion
  • 5. Secure Authentication Requirement: Password-based authentication is weak, costly, and difficult to manage • Message Security: Message-level confidentiality and non- repudiation needed • Payload Security: Confidential business information (CBI) may require submissions to be signed and encrypted
  • 6. Very complicated technology with some proprietary implementations • Non-standard interface, difficult to use, deploy, and maintain • Very high cost of acquisition, support, and operation • Very low interoperability (No PKI standard interfaces) • Certificate validation is very challenging
  • 7.
  • 8. A World Wide Web Consortium (W3C) standard, XKMS 2.0, is finalized • A central key depository with Web service interface to PKI • Vendor-neutral PKI solution for public key and certificate management • A very simple access model • Foundation for secure Web services (XML signature, XML encryption, XKMS) • XKMS will be the PKI solution to the Exchange Network, and the key element to a strong security model.
  • 9.
  • 10. XKMS Advantages – A Web service interface to PKI technologies, accessible to any applications on the Internet – Vendor-neutral PKI solution for public keys and certificates management – Dramatically reduces cost of PKI. Key can be generated and registered at anytime on any machine – Online real-time key/certificate validation using a simple Web method
  • 11. PKI Essentials – A key is generated and broken up into two pieces – Public Key and Private Key – Private Key never goes out of your machine, but share Public Key with anyone – When a data is encrypted using one key, it could only be decrypted using another – Encryption: Encrypt data using the receiver’s Public Key – Signature: Encrypt data using your Private Key
  • 12. XML Key Information Services (XKISS) – Locate and validate Public Keys • XML Key Registration Services (XKRSS) – Register, revoke, recover, and reissue public keys or X.509 certificates • Secure key exchange with XML encryption and signature • All operations are defined as Web service methods
  • 13. A document is signed using the Private Key and key information (KeyName, KeyValue) • The receiver locates / validates the Public Key used for the signature from an XKMS server • The receiver verifies the signature using the valid key
  • 14. The sender locates the receiver’s Public Key from an XKMS server • The sender encrypts a document using the receiver’s Public Key • The receiver decrypts the document using the Private Key
  • 15. A user registers Public Key in XKMS • The user creates an Authenticate message and signs the message using the Private Key • Network Authentication and Authorization Server (NAAS) locates / validates the user’s Public Key from XKMS • NAAS verifies the signature. The user is authenticated if the signature is valid – the holder of the Private Key
  • 16. • XKMS is the foundation for secure exchanges in the network – basic component for XML encryption and signature • XKMS provides a simple standard interface to PKI • Network XKMS services will be available to all network nodes and node clients • XKMS will be integrated into NAAS for key-based authentication • XKMS is the PKI solution without the PKI complexity and cost