1 / 14

A Pattern for WS-Security

A Pattern for WS-Security. Presented by Keiko Hashizume. Outline. Introduction A Pattern for WS-Security Conclusion. Introduction.

micheal
Download Presentation

A Pattern for WS-Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Pattern for WS-Security Presented by Keiko Hashizume

  2. Outline • Introduction • A Pattern for WS-Security • Conclusion

  3. Introduction • Web services standards are confusing which makes it difficult for vendors to develop products that comply with standards and for users to decide what product to use. • That is why we need to develop patterns for these standards. • Patterns embody the knowledge and experience of software developers about a recurrent problem. A pattern solves a specific problem in a given context and can be tailored to fit different situations.

  4. WS-Security Standard • Originally developed by IBM, Microsoft, VeriSign, and Forum Systems. • OASIS Specification • Latest Version: WS-Security 1.1 • Approved on February 2006

  5. A Pattern for WS-Security • WS-Security Standard describes enhancements to SOAP messaging through • Message Confidentiality • Message Integrity • Message Authentication • Non-repudiation • Context • Users of web services send and receive SOAP messages through the Internet.

  6. A Pattern for WS-Security • Problem • Forces: • We need to prevent unauthorized users from reading data during transit. • We need to protect data in transit from being modified by attackers. • We need to verify the producer of the message. • We need to prevent message replay.

  7. A Pattern for WS-Security • Solution • Use a set of mechanisms to improve security by describing how to add security information in the header part of a message. • Elements that can be included in the SOAP security header : • Security tokens • Encryption • Digital signature • Timestamps

  8. Structure - Class Diagram

  9. Dynamics • Sequence Diagram for the UC: Encrypt an element using Security Tokens

  10. A Pattern for WS-Security • Dynamics • Sequence Diagram for the UC: Sign an element using Security Tokens

  11. A Pattern for WS-Security • Consequences This pattern presents the following advantages: • XML Encryption allows to hide information from unauthorized users. • XML Digital signature is used to verify whether a message was modified in transit. • The combination of XML Signature and security tokens verifies that the user is who he claims to be. • We can prevent message replay using timestamps . The pattern also has some (possible) liabilities: • This pattern does not describe fixed security protocols.

  12. A Pattern for WS-Security • Know Uses Several vendors have developed products that support WS-Security. • Xtradyne’s WS-DBC (Web Service Domain Boundary Controller) http://www.xtradyne.com/products/ws-dbc/WSDBCfeatures.htm • IONA Artixwww.iona.com/info/aboutus/collateral/Artix%20and%20Security.pdf • Forum Sentry™ http://forumsys.com/products_sentry_specs.htm • Microsoft Trust Bridge http://www.microsoft.com/presspass/press/2002/Jun02/06-06TrustbridgePR.mspx

  13. A Pattern for WS-Security • Related Patterns WS-Security uses XML Signature and XML Encryption Secure Channel contains a set of security protocols that provide identity authentication and secure, private communication through encryption. Strategy

  14. Conclusion • We need to develop related patterns such as XML Encryption and XML Signature. • We need to develop patterns for the WS – family such as WS-Policy, WS-Privacy, WS-SecureConversation, WS-Federation, and WS-Authorization.

More Related