1 / 10

Secure Web Services Development

Learn to enhance web services security using WSE 2.0 with features like WS-Security, Secure SOAP Messages, WS-SecurityPolicy, and more. Understand WSE architecture and policies for securing and routing SOAP messages.

ssergio
Download Presentation

Secure Web Services Development

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Web ServicesDevelopment with Microsoft Web Services Enhancements (WSE 2.0) Jim Van Dyke

  2. WSE 2.0 • Add-on to Visual Studio .NET and the .NET Framework • Interface Tool and Classes that implement the WS-* Specifications

  3. WS-* Specifications • WS-Security • Secure SOAP Messages; Confidentiality (encryption) and Integrity (digital signatures) • WS-SecureConversation • Secure Communications; Security Contexts

  4. WS-* Specifications • WS-Policy and WS-SecurityPolicy • Means to specify security policies and requirements (e.g., security token requirements) • WS-Trust • Means to exchange security tokens; Communications protocol for federation • WS-Federation • Brokering Trust, Single Sign-in/out, Attributes, and Pseudonyms

  5. WSE: Major Features • Securing Web services • Security credentials, Digital signing, Encryption • Policy • SOAP messaging • Routing SOAP messages • Sending attachments with SOAP messages

  6. WSE Architecture • WSE filter chains are integrated with the SOAP Messaging built-into WSE and the ASP.NET Web services infrastructure.

  7. WSE Architecture

  8. WSE Policies • There are four basic steps to configure a Web service's policy: • Create a policy file. • Declare the set of policies for the policy file. • Map the policies to SOAP endpoints. • Configure the policy file.

  9. WSE Policies • WSE has built-in support the following policy assertions: • Security token • Integrity • Confidentiality • Message age • Message predicate

  10. Basic FederationDirect Trust Token Exchange IP/STS IP/STS Trust Get identity token Get accesstoken 1 2 Resource Requestor 3 Partially adapted from workshop slides by Tony Nadalin (IBM) and Chris Kaler (Microsoft)

More Related