Presentation is loading. Please wait.

Presentation is loading. Please wait.

cetis Really Complex Web Service Specifications Scott Wilson.

Similar presentations


Presentation on theme: "cetis Really Complex Web Service Specifications Scott Wilson."— Presentation transcript:

1 cetis Really Complex Web Service Specifications Scott Wilson

2 cetis Beyond SOAP WS-Security WS-Policy WS-SecurityPolicy WS-Routing WS-Eventing WS-ReliableMessaging ebMS SAML WS-Federation WS-Events WS-Reliability WS-SecureConversation BPEL4WS WSRP

3 cetis Whats all this for? Its not needed for every service, but sometimes plain SOAP isnt enough They overlap a heck of a lot Some are more useful than others Some basic categories: –Enhancements to security –Enhancements to message delivery –Enhancements to service management

4 cetis Security Problem: How do we make our WS transactions more secure?

5 cetis Security Answers –Use address translation and proxies –Use wire-level encryption via TLS over HTTP –Overflow protection at router with max message sizes –Validate payloads using XSD –Timestamp messages, and use NTP to synchronise times across servers

6 cetis Security Answers –Sign payloads using XML-DS –Encrypt message parts using XML-Enc –Authenticate incoming messages using HTTP authentication (basic/digest) –Authenticate incoming messages using WS-Security token exchange –Authenticate incoming messages by processing SAML Authentication Assertions –Use WS-SecureConversation to manage the session credentials

7 cetis Delivery Problem: How can we improve the reliability and manageability of delivering messages?

8 cetis Delivery Answers: –provide routing and addressing information using WS-Routing and WS-Addressing –Use WS- Reliability or WS-ReliableMessaging or ebMS to ensure once- only guaranteed delivery –Enable event-driven messaging using WS-Events or WS-Eventing or WS-Notification –Manage target state synchronisation using WS- ResourceProperties and WS-ResourceLifetime

9 cetis Management Problem: How do we better manage our web services, in particular how do we make dynamic discovery work?

10 cetis Management Answers: –Identity member services using WS-Federation and WS-Trust –Identity service policies using WS-Policy –Identify service security capabilities using WS-SecurityPolicy –Sequence the transaction flows using BPEL4WS, WS-BusinessActivity, WS- Coordination and/or WS- AtomicTransaction

11 cetis Q: Do we really need all this stuff?

12 cetis A: No, not really

13 cetis Well, maybe some of it WS-Security is really useful at transporting usernames and password digests (or Kerberos tickets) so you can authenticate agent users to service providers SAML is really useful for providing signed assertions about authentication when you dont want to transport credentials

14 cetis And… XML-Enc and XML-DS are really useful for securing message parts from snooping and interference

15 cetis …. And the rest? Eventually it will be nice to do event-driven messaging, using something like WS-Eventing, when the message brokers play nicely, likewise WS-Reliability/ReliableMessaging BPEL4WS looks like its worth keeping an eye on

16 cetis The IMS approach Basic WS-I, plus some standard application- level error codes: –WSDL 1.1 –SOAP 1.1 WS-Security: –However you want to use it WS-EverythingElse: –No comment


Download ppt "cetis Really Complex Web Service Specifications Scott Wilson."

Similar presentations


Ads by Google