Presentation is loading. Please wait.

Presentation is loading. Please wait.

WS-SecureConversation Xiuduan Fang. 2 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action.

Published byAlejandra Botten Modified over 9 years ago

Similar presentations

Presentation on theme: "WS-SecureConversation Xiuduan Fang. 2 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action."— Presentation transcript:

1 WS-SecureConversation Xiuduan Fang

2 2 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action Conclusion References

3 3 Introduction to WS- SecureConversation Why introduce WS-SecureConversation? Consider the functions of WS-Security –message integrity –message confidentiality –single message authentication

4 4 Introduction to WS- SecureConversation What if senders and receivers need to exchange multiple messages?

5 5 Introduction to WS- SecureConversation A Feasible Solution –Encrypt all messages with a security token issued by a token issuing service. Drawback: the size of each message can become a performance bottleneck.

6 6 Introduction to WS- SecureConversation A Better Solution –WS-SecureConvsation Similar to SSL Introduce a security context A SecurityContextToken is applied. Once created, the messages are smaller and can be processed faster by both ends.

7 7 Introduction to WS- SecureConversation Goals –Define how security contexts are established –Specify how derived keys are computed and passed Non-Goals –Define how trust is established or determined—that is done by WS-Trust

8 8 Introduction Introduction Security Context Token Establishing Security Context Deriving Keys SecureConversation in Action Conclusion References

9 9 Security Context Token describes a security context.

10 10 Syntax of Security Context Token......... …......

11 11 Security Context Token Example <wsse:SecurityContextToken wsu:Id="SecurityToken- f3dfe69f-4bd6-41f9-b198-bb6247d14780"> uuid:f1971e12-f402-433d-bf7d- 29c78a0a81eb 2003-07-08T02:52:55Z 2003-07-08T06:52:55Z

12 12 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action Conclusion References

13 13 Establishing Security Context A security context needs to be created and shared by the communicating parties before being used. How? 1.created by a security token service (STS) 2.created by one of the communicating parties and propagated with a message 3.created through negotiation

14 14 Way 1: Created by STS

15 15 Example Example wsse:SecurityContextToken wsse:ReqIssue

16 16 Example Example uuid:......

17 17 Way 2: Created by One of The Communicating Parties Process –The initiator creates a security context token and sends it to the other parties in a message –The recipient can then choose whether or not to accept the security context token Application –This model works when the sender is trusted to always create a new security context token.

18 18 Way 3: Created through Negotiation Process –The initiating party sends a request to the other party –A is returned. –Repeat the above 2 steps until a final response containing a and a is received. Application –There is a need to negotiate among the participants on the contents of the security context token, such as the shared secret

19 19 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action Conclusion References

20 20 Deriving Keys Once the context and secret have been established (authenticated), Derived Keys Mechanism can be used to compute derived keys for each key usage in the secure context. Example – Four keys may be derived so that two parties can sign and encrypt using separate keys.

21 21 Deriving Keys Algorithms –Using a common secret, parties may define different key derivations to use –Default: P_SHA-1 function (referred to as wsse:PSHA1) P_SHA1 (secret, label + seed)

22 22 Deriving Keys The element is used to indicate that the key for a specific security token is generated from the function of P_SHA-1. Example 2

23 23 Subsequent Derivation Example.../derivedKeySource NewLabel FHFE... 3 0

24 24 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action Conclusion References

25 25 SecureConversation In Action Web Service Enhancements (WSE) 2.0 for.NET 2.0 improves the implementation of secure conversations in Web services architecture. Demonstration

26 26 Predefined Security Tokens in WSE 2.0

27 27 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action Conclusion References

28 28 Conclusion of WS- SecureConversation The WS-SecureConversation specification defines extensions to allow security context establishment and sharing, and session key derivation.

29 29 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action Conclusion References

30 30 Primary References http://msdn.microsoft.com/library/default.asp?url=/library/en- us/dnglobspec/html/ws-secureconversation.asphttp://msdn.microsoft.com/library/default.asp?url=/library/en- us/dnglobspec/html/ws-secureconversation.asp –Official specification describing WS-SecureConversation http://msdn.microsoft.com/library/default.asp?url=/library/en- us/dnwse/html/wssecdrill.asphttp://msdn.microsoft.com/library/default.asp?url=/library/en- us/dnwse/html/wssecdrill.asp –A good reference that explains how to use Web Services Enhancements 2.0 to implement security, trust, and secure conversations in Web services architecture.

31 31 Secondary References http://www.microsoft.com/downloads/details.aspx?FamilyId=21FB 9B9A-C5F6-4C95-87B7-FC7AB49B3EDD&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyId=21FB 9B9A-C5F6-4C95-87B7-FC7AB49B3EDD&displaylang=en –The WSE 2.0 technology preview provides early access to new advanced Web services capabilities. http://msdn.microsoft.com/webservices/building/wse/default.aspx –The latest advanced Web services capabilities to keep pace with the evolving Web services protocol specifications.

32 Questions?

Download ppt "WS-SecureConversation Xiuduan Fang. 2 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action."

Similar presentations

Advanced Piloting Cruise Plot.

Advanced Piloting Cruise Plot.
1

1
Feichter_DPG-SYKL03_Bild-01. Feichter_DPG-SYKL03_Bild-02.

Feichter_DPG-SYKL03_Bild-01. Feichter_DPG-SYKL03_Bild-02.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Working with MS-ACCESS IS 240 – Database Management Lecture #2 – 2004-01-20 Assoc. Prof. M. E. Kabay, PhD, CISSP Norwich University

Working with MS-ACCESS IS 240 – Database Management Lecture #2 – Assoc. Prof. M. E. Kabay, PhD, CISSP Norwich University
Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
Author: Julia Richards and R. Scott Hawley

Author: Julia Richards and R. Scott Hawley
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
UNITED NATIONS Shipment Details Report – January 2006.

UNITED NATIONS Shipment Details Report – January 2006.
Business Transaction Management Software for Application Coordination 1 www.choreology.com Business Processes and Coordination.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.

Title Subtitle.
My Alphabet Book abcdefghijklm nopqrstuvwxyz.

My Alphabet Book abcdefghijklm nopqrstuvwxyz.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.

FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Addition Facts 1 - 20.

Addition Facts
Year 6 mental test 5 second questions

Year 6 mental test 5 second questions
Year 6 mental test 10 second questions

Year 6 mental test 10 second questions
2010 fotografiert von Jürgen Roßberg © 2009. Fr 1 Sa 2 So 3 Mo 4 Di 5 Mi 6 Do 7 Fr 8 Sa 9 So 10 Mo 11 Di 12 Mi 13 Do 14 Fr 15 Sa 16 So 17 Mo 18 Di 19.

2010 fotografiert von Jürgen Roßberg © Fr 1 Sa 2 So 3 Mo 4 Di 5 Mi 6 Do 7 Fr 8 Sa 9 So 10 Mo 11 Di 12 Mi 13 Do 14 Fr 15 Sa 16 So 17 Mo 18 Di 19.

Similar presentations

Ads by Google