1 / 16

A Guide to Secure Web Services with GJXML

A Guide to Secure Web Services with GJXML. Hey I downloaded an IEPD!. Cool, how do you write a web service?. Moo! I use Java . I use .NET. Local Law Enforcement Records Management Systems. Publish pointers from RMS to Gateway Cache. 2) End Users Search Cache, Request Incident Report.

winola
Download Presentation

A Guide to Secure Web Services with GJXML

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Guide to Secure Web Services with GJXML Hey I downloaded an IEPD! Cool, how do you write a web service? Moo! I use Java I use .NET

  2. Local Law Enforcement Records Management Systems • Publish pointers from RMS • to Gateway Cache 2) End Users Search Cache, Request Incident Report 3) Gateway requests Incident Report from RMS 5) Gateway displays Incident Report 4) RMS returns Incident Report Service-Oriented Architecture WIJIS Justice Gateway The WIJIS Justice Gateway: A single, secure point of read-only access to disparate state and local justice information resources.

  3. WIJIS Developer Guide Service providers should be mapping data to GJXML, not bogged down in implementation details WIJIS • Provide • example WSDL – Contract First! • Server and client implementation in multiple languages • compile schema into objects • XSLT • http://www.wijiscommons.org/gjxdm_example/

  4. Incident Report IEPD – The Homer Simpson Case Study IEPD can be downloaded here: http://www.search.org/programs/info/xml-iep.asp WIJIS • Let’s take a look, we see… • Instance Examples • Document and constraint schemas Doh, Now what?

  5. DOT NET 2.0 Instructions Generate C# Objects from WSDL with this command: wsdl.exe /server http://wijis.wisconsin.gov/wsdl/RecordRetrievalServiceWithIEPD.wsdl WIJIS Create .NET Web Service and add references • Example C# files and instructions here: • http://www.wijiscommons.org/gjxdm_example/#dotNet

  6. Testing the Service – The Python Way Create a sample invocation file WIJIS • Run the sample python script • Script can be run over http, https or https w/ client certificates Keep the test client simple! • Examples available here: • http://www.wijiscommons.org/gjxdm_example/#client

  7. Java Instructions - Overview Generate Jar File from WSDL using Jaxb Download sample Record Retrieval Service Project for Eclipse WIJIS provides Ant tasks in project Full details at: http://www.wijiscommons.org/gjxdm_example/#java WIJIS

  8. Make your XML look Pretty - XSLT WIJIS Gateway invokes services, then: WIJIS Needed to transform results End users are not machines but humans WIJIS Distributing XSLT helps service providers inspect Incident Reports before publishing • Instance and transformed documents here • http://www.wijiscommons.org/gjxdm_example/#xslt

  9. WIJIS – Security Overview Incident Report request conducted over HTTPS with X509 Client Certificates WIJIS Layer 3 IP Address filtering WIJIS runs our own certificate authority Authorization granted based on name in certificate

  10. WIJIS – 4 Security Tests Certificate signed by WIJIS Certificate Authority WIJIS Certificate is not expired Name in Certificate matches name on wire Certificate has been revoked

  11. X509 Certificate Request Process Client creates a private key openssl genrsa -out MyPrivateKey.key 1024 WIJIS • Using private key, client creates a Certificate Signing Request (CSR) • openssl req -new -nodes -key MyPrivateKey.key -out MyCSR.csr CSR sent to CA and signed certificate is returned • Signed certificate can be joined with Private Key • openssl pkcs12 -export -in MyCertificate.pem -inkey MyPrivateKey.key -out MyPFXFile.pfx

  12. X509 Certificate Tools OpenSSL useful for both .NET and Java users. Keytool useful only for Java users Microsoft CertUtil – Not really useful for anyone WIJIS

  13. Example Server Configurations with SSL and Client Certificates IIS 6.0 Step by Step available at:http://www.wijiscommons.org/gjxdm_example/#dotNet Apache Tomcat 5.5 Step by Step available at: http://www.wijiscommons.org/gjxdm_example/#java WIJIS

  14. IEPD Distribution Suggestions In addition to Instance Examples, include Example WSDL Auto-generated C# files and Jar Files (JaxB) Sample Implementations and test client XSLT with sample HTML output WIJIS

  15. Developer Guide – Return on Investment Lowers the barriers to secure web services using GJXML WIJIS Re-use of code saves developer time for agencies/vendors and stretches grant $$ Vendors integrate with WIJIS once and can distribute to all customers Prior to Guide: 0 Services, now 7 vendors, over 73 agencies in 8 months

  16. wijiscommons.org/gjxdm_example – wijis developer guide oja.wi.gov/wijis – WIJIS Web Page wijisgateway.org – WIJIS Blog Links Contact Info • James.pingel@wisconsin.gov • Yogesh.chawla@wisconsin.gov

More Related