Presentation on theme: "Tuesday, June 10, 2003 Web Services Brief Overview & Security Assertion Coordinator Pattern by Mohammad Abushadi & Riaz Ahmed for Security Group CSE -"— Presentation transcript:
Tuesday, June 10, 2003 Web Services Brief Overview & Security Assertion Coordinator Pattern by Mohammad Abushadi & Riaz Ahmed for Security Group CSE - FAU
Tuesday, June 10, 2003 Agenda Overview W3C definition Standards used Tools Architecture Security Assertion Coordinator Pattern
Tuesday, June 10, 2003 Definition Software system identified by a URI(Uniform Resource Identifier) whose public interfaces and bindings are defined and described using XML. Its definition can be discovered by other software systems. These systems may then interact with the Web service in a manner prescribed by its definition, using XML based messages conveyed by Internet protocols. [W3C-1]
Tuesday, June 10, 2003 Example Orbitarium Web Service: This is a web service for retrieving the astronomical positions of the Sun, Moon, and planets of the Solar System at the current time, or at any past present or future date. The service is free for public. [Orbit-1] Note: The service is up and running and freely available for public.
Tuesday, June 10, 2003 Standards UDDI: Universal Description, Discovery and Integration. Like yellow pages for Web Services. Service information. Can be public/global or private/local. [Uddi-1] WSDL: Web Services Description Language. Is XML based. To hold information like the web service interfaces, access protocols and so. Similar to IDL. SOAP: Simple Object Access Protocol. Is XML based. Uses http as mean of transfer, making it easy to work with firewalls since most firewalls allow http. SAML: Security Assertion Markup Language. Uses assertions. Three type of assertion: authentication, attribute and authorization. Is used on top of SOAP.
Tuesday, June 10, 2003 Tools Two types: Microsoft or Java based. MS.NET Studio Sun One Studio IBM WebSphere BEA WebLogic and many more…
Tuesday, June 10, 2003 Client UDDI Directory WSDL Service URI/URL HTTP Server Web Service SOAP Message DB Simple Architecture Find Service
Tuesday, June 10, 2003 Fig. Communication between SOAP client and server.[Prfct]
Tuesday, June 10, 2003 Role-based Security Assertion Coordinator Pattern (by: Dr. Ed Fernandez, Mohammad Abushadi, Riaz Ahmed) Intent: Seamless exchange of security data in distributed environment while maintaining role based access controls to resources in organizations.
Tuesday, June 10, 2003 Context: A distributed environment including heterogeneous systems and web services. Problem: Current systems lack feasible solutions to the problem of providing precise access control to resources, often requiring custom-built approaches that may not be easy to upgrade or modify. The growth of the number of networked business partners and their processes requires a means to exchange security information in a standardized format that is flexible to change at the same time. Costs are involved in custom integration processes, where time becomes crucial in achieving a quicker time-to-market competitive advantage. Costs include developer cost and development time.
Tuesday, June 10, 2003 The security of the shared data becomes another concern. Consistency of data exchange has to be assured. Interoperability of systems across various implementation platforms stands as a significant obstacle. Adding a new layer of security verification policies often proves tedious and costly in the current systems.
Tuesday, June 10, 2003 Problem: Distributed systems are in great need of integrating their inner processes that share commonly used data. Exchange of security related data in particular poses an important problem when the issues of interoperability is of concern. Organizations must be able to easily add new security layers across the distributed environment with little changes. Distributed environments must not resort to expensive global custom code changes in order to reflect new changes in security policies or data structure. Organizations in the distributed environment must have the ability to quickly achieve higher, more refined levels of security data control for better adherence to the continuously changing nature of organizational business rules. Each online destination site often has its own custom-made authentication system.
Tuesday, June 10, 2003 Solution: Exchange security information using a standard. In particular, manage security data in the form of XML-based SAML assertions using the SOAP protocol over HTTP.