Presentation is loading. Please wait.

Presentation is loading. Please wait.

WS-SecureConversation Xiuduan Fang. 2 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action.

Similar presentations


Presentation on theme: "WS-SecureConversation Xiuduan Fang. 2 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action."— Presentation transcript:

1 WS-SecureConversation Xiuduan Fang

2 2 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action Conclusion References

3 3 Introduction to WS- SecureConversation Why introduce WS-SecureConversation? Consider the functions of WS-Security –message integrity –message confidentiality –single message authentication

4 4 Introduction to WS- SecureConversation What if senders and receivers need to exchange multiple messages?

5 5 Introduction to WS- SecureConversation A Feasible Solution –Encrypt all messages with a security token issued by a token issuing service. Drawback: the size of each message can become a performance bottleneck.

6 6 Introduction to WS- SecureConversation A Better Solution –WS-SecureConvsation Similar to SSL Introduce a security context A SecurityContextToken is applied. Once created, the messages are smaller and can be processed faster by both ends.

7 7 Introduction to WS- SecureConversation Goals –Define how security contexts are established –Specify how derived keys are computed and passed Non-Goals –Define how trust is established or determined—that is done by WS-Trust

8 8 Introduction Introduction Security Context Token Establishing Security Context Deriving Keys SecureConversation in Action Conclusion References

9 9 Security Context Token describes a security context.

10 10 Syntax of Security Context Token …......

11 11 Security Context Token Example uuid:f1971e12-f d-bf7d- 29c78a0a81eb T02:52:55Z T06:52:55Z

12 12 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action Conclusion References

13 13 Establishing Security Context A security context needs to be created and shared by the communicating parties before being used. How? 1.created by a security token service (STS) 2.created by one of the communicating parties and propagated with a message 3.created through negotiation

14 14 Way 1: Created by STS

15 15 Example Example wsse:SecurityContextToken wsse:ReqIssue

16 16 Example Example uuid:......

17 17 Way 2: Created by One of The Communicating Parties Process –The initiator creates a security context token and sends it to the other parties in a message –The recipient can then choose whether or not to accept the security context token Application –This model works when the sender is trusted to always create a new security context token.

18 18 Way 3: Created through Negotiation Process –The initiating party sends a request to the other party –A is returned. –Repeat the above 2 steps until a final response containing a and a is received. Application –There is a need to negotiate among the participants on the contents of the security context token, such as the shared secret

19 19 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action Conclusion References

20 20 Deriving Keys Once the context and secret have been established (authenticated), Derived Keys Mechanism can be used to compute derived keys for each key usage in the secure context. Example – Four keys may be derived so that two parties can sign and encrypt using separate keys.

21 21 Deriving Keys Algorithms –Using a common secret, parties may define different key derivations to use –Default: P_SHA-1 function (referred to as wsse:PSHA1) P_SHA1 (secret, label + seed)

22 22 Deriving Keys The element is used to indicate that the key for a specific security token is generated from the function of P_SHA-1. Example 2

23 23 Subsequent Derivation Example.../derivedKeySource NewLabel FHFE

24 24 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action Conclusion References

25 25 SecureConversation In Action Web Service Enhancements (WSE) 2.0 for.NET 2.0 improves the implementation of secure conversations in Web services architecture. Demonstration

26 26 Predefined Security Tokens in WSE 2.0

27 27 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action Conclusion References

28 28 Conclusion of WS- SecureConversation The WS-SecureConversation specification defines extensions to allow security context establishment and sharing, and session key derivation.

29 29 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action Conclusion References

30 30 Primary References us/dnglobspec/html/ws-secureconversation.asphttp://msdn.microsoft.com/library/default.asp?url=/library/en- us/dnglobspec/html/ws-secureconversation.asp –Official specification describing WS-SecureConversation us/dnwse/html/wssecdrill.asphttp://msdn.microsoft.com/library/default.asp?url=/library/en- us/dnwse/html/wssecdrill.asp –A good reference that explains how to use Web Services Enhancements 2.0 to implement security, trust, and secure conversations in Web services architecture.

31 31 Secondary References 9B9A-C5F6-4C95-87B7-FC7AB49B3EDD&displaylang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyId=21FB 9B9A-C5F6-4C95-87B7-FC7AB49B3EDD&displaylang=en –The WSE 2.0 technology preview provides early access to new advanced Web services capabilities. –The latest advanced Web services capabilities to keep pace with the evolving Web services protocol specifications.

32 Questions?


Download ppt "WS-SecureConversation Xiuduan Fang. 2 Agenda Introduction Security Context Token Establishing Security Context Deriving Keys SecureCoversation in Action."

Similar presentations


Ads by Google