1 / 20

Web Services

Web Services. Brief Overview & Security Assertion Coordinator Pattern. by Mohammad Abushadi & Riaz Ahmed for Security Group CSE - FAU. Agenda. Overview W3C definition Standards used Tools Architecture Security Assertion Coordinator Pattern. Definition.

landry
Download Presentation

Web Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web Services Brief Overview & Security Assertion Coordinator Pattern by Mohammad Abushadi & Riaz Ahmed for Security Group CSE - FAU

  2. Agenda • Overview • W3C definition • Standards used • Tools • Architecture • Security Assertion Coordinator Pattern

  3. Definition Software system identified by a URI(Uniform Resource Identifier) whose public interfaces and bindings are defined and described using XML. Its definition can be discovered by other software systems. These systems may then interact with the Web service in a manner prescribed by its definition, using XML based messages conveyed by Internet protocols. [W3C-1]

  4. Example Orbitarium Web Service: This is a web service for retrieving the astronomical positions of the Sun, Moon, and planets of the Solar System at the current time, or at any past present or future date. The service is free for public. [Orbit-1] Note: The service is up and running and freely available for public.

  5. Standards • UDDI:Universal Description, Discovery and Integration. Like yellow pages for Web Services. Service information. Can be public/global or private/local. [Uddi-1] • WSDL:Web Services Description Language. Is XML based. To hold information like the web service interfaces, access protocols and so. Similar to IDL. • SOAP:Simple Object Access Protocol. Is XML based. Uses http as mean of transfer, making it easy to work with firewalls since most firewalls allow http. • SAML:Security Assertion Markup Language. Uses assertions. Three type of assertion: authentication, attribute and authorization. Is used on top of SOAP.

  6. Tools Two types: Microsoft or Java based. • MS .NET Studio • Sun One Studio • IBM WebSphere • BEA WebLogic • and many more…

  7. Simple Architecture SOAP Message DB Service URI/URL Find Service WSDL

  8. Fig. Communication between SOAP client and server.[Prfct]

  9. Role-based Security Assertion Coordinator Pattern(by: Dr. Ed Fernandez, Mohammad Abushadi, Riaz Ahmed) Intent: Seamless exchange of security data in distributed environment while maintaining role based access controls to resources in organizations.

  10. Context: A distributed environment including heterogeneous systems and web services. Problem: • Current systems lack feasible solutions to the problem of providing precise access control to resources, often requiring custom-built approaches that may not be easy to upgrade or modify. • The growth of the number of networked business partners and their processes requires a means to exchange security information in a standardized format that is flexible to change at the same time. • Costs are involved in custom integration processes, where time becomes crucial in achieving a quicker time-to-market competitive advantage. Costs include developer cost and development time.

  11. The security of the shared data becomes another concern. Consistency of data exchange has to be assured. • Interoperability of systems across various implementation platforms stands as a significant obstacle. • Adding a new layer of security verification policies often proves tedious and costly in the current systems.

  12. Problem: • Distributed systems are in great need of integrating their inner processes that share commonly used data. Exchange of security related data in particular poses an important problem when the issues of interoperability is of concern. Organizations must be able to easily add new security layers across the distributed environment with little changes. • Distributed environments must not resort to expensive global custom code changes in order to reflect new changes in security policies or data structure. • Organizations in the distributed environment must have the ability to quickly achieve higher, more refined levels of security data control for better adherence to the continuously changing nature of organizational business rules. • Each online destination site often has its own custom-made authentication system.

  13. Solution: Exchange security information using a standard. In particular, manage security data in the form of XML-based SAML assertions using the SOAP protocol over HTTP.

  14. Cont…

  15. Cont…

  16. Cont…

  17. Cont…

  18. Consequences: • Benefits: • Centralized data exchange • Standardized approach • Role-based access • Extensibility • Liabilities: • Complex to implement • Computationally expensive

  19. Variants: • Single Sign On • Back Office Transactions

  20. Credits • [W3C-1] http://www.w3.org/TR/2003/WD-ws-gloss-20030514/ • [Orbit-1] http://www.orbitarium.com/ • [Uddi-1] http://www.uddi.org • [Prfct] http://www.perfectxml.com/articles/xml/interop.asp

More Related