Presentation is loading. Please wait.

Presentation is loading. Please wait.

SOAP & Security IEEE Computer Society Utah Chapter Hilarie Orman - Purple Streak Development Tolga Acar - Novell, Inc. October 24, 2002.

Published byWaylon Balmer Modified over 9 years ago

Similar presentations

Presentation on theme: "SOAP & Security IEEE Computer Society Utah Chapter Hilarie Orman - Purple Streak Development Tolga Acar - Novell, Inc. October 24, 2002."— Presentation transcript:

1 SOAP & Security IEEE Computer Society Utah Chapter Hilarie Orman - Purple Streak Development Tolga Acar - Novell, Inc. October 24, 2002

2 SOAP from W3C SOAP is a lightweight protocol for exchange of information in a decentralized, distributed environment. It is an XML based protocol that consists of three parts: – Envelope - defines a framework for describing what is in a message and how to process it, – Encoding Rules - for expressing instances of application-defined data types, – RPC Convention - a convention for representing remote procedure calls and responses.

3 SOAP & XML No processing instructions All elements and attributes must be ns-qualified DTDs are prohibited No schema processing can be required SOAP can use XML schemas Two namespace identifiers: – http://www.w3.org/2001/12/soap-envelope – http://www.w3.org/2001/06/soap-envelope

4 SOAP is … SOAP is a way to format data SOAP is an RPC mechanism SOAP is groomed as a general messaging system SOAP is platform-independent SOAP makes you look cool and up-to- date

5 SOAP is not … SOAP is not a transport protocol SOAP is not a security protocol SOAP does not provide an authenticated session SOAP does not define or provide a trust model SOAP is not a file format SOAP is not a cleaning agent

6 SOAP Message Structure SOAP Header optional SOAP Body SOAP Envelope <env:Envelope xmlns:env=“http://www.w3.org/2001/06/soap-envelope/”> …. Rest of the SOAP message …

7 SOAP Header <env:Envelope xmlns:env=“http://www.w3.org/2001/06/soap-envelope/”> <mysoap:transaction xmlns:mysoap=“http://www.mysoap.org/soap/”> transaction data … rest of the SOAP message - the SOAP body

8 SOAP Body - Request RPC mechanism: method invocation <env:Envelope xmlns:env=“http://www.w3.org/2001/06/soap-envelope/”> <mysoap:getBalance xmlns:mysoap=“http://www.mysoap.org/soap/financial/” env:encodingStyle=“http://www.w3.org/2001/06/soap-encoding”> 567-89-0123

9 SOAP Body - Response RPC mechanism: method return <env:Envelope xmlns:env=“http://www.w3.org/2001/06/soap-envelope/”> <mysoap:getBalanceResponse xmlns:mysoap=“http://www.mysoap.org/soap/financial/” env:encodingStyle=“http://www.w3.org/2001/06/soap-encoding”> 3400.00

10 XML Schema and SOAP Connect an XML Schema document and a SOAP message using namespaces

11 SOAP-HTTP Binding HTTP “POST” method only Must label the body (SOAP message) with “application/soap” MIME type May include a “ SOAPAction: ” HTTP header in requests May include a “ required-SOAPAction: ” HTTP header in responses Best transport to poke through firewalls.

12 HTTP and SOAP SOAP can use any transport protocol GET /mysoapserv/ HTTP/1.1 Host: www.mysoap.org SOAPAction: “HTTP://www.mysoap.org/mysoapserv/” <env:Envelope xmlns:env=“http://www.w3.org/2001/06/soap-envelope/”> <mysoap:getBalanceResponse xmlns:mysoap=“http://www.mysoap.org/soap/financial” env:encodingStyle=“http://www.w3.org/2001/06/soap- encoding”> 3400.00 HTTP SOAP Message

13 SOAP Security Extensions XML Digital Signatures (SOAP-dsig) SOAP header carries digital signature information within a SOAP 1.1 Envelope. Defines header entry C14N of MUST be done within its own context.

14 SOAP Security Extensions Conforming SOAP Applications must satisfy: –MUST be capable of processing XML Signatures. – MUST have a element. –All elements MUST refer to a valid resource within the SOAP envelope. –If header is processed ( mustUnderstand=1 ), it MUST try to validate the signature.

15 Example : SOAP Signature <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> … … <SOAP-SEC:Signature xmlns:SOAP-SEC="http://schemas.xmlsoap.org/soap/security/2000-12" SOAP-ENV:actor="some-URI“ SOAP-ENV:mustUnderstand="1"> … MC0CFFrVLtRlk=... <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2000/CR-xml-c14n-20001026"> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> <ds:Transform Algorithm="http://www.w3.org/TR/2000/CR-xml-c14n-20001026"/> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> j6lwx3rvEPO0vKtMup4NbeVu8nk= <SOAP-ENV:Body xmlns:SOAP- SEC="http://schemas.xmlsoap.org/soap/security/2000-12" SOAP-SEC:id="Body"> IBM

16 Apache XML Project http://xml.apache.org Xerces – XML parsers in (Java/C) Xalan – XML Stylesheet processors (Java/C) Cocoon – XML-based web publishing (Java) SOAP – based on IBM SOAP4J implementation (Java) SOAP Follow-on Project Axis: recently released Axis 1.0 (October 7, 2002).

17 Microsoft.NET Easy Web service setup with Microsoft IIS Download (www.microsoft.com) –.NET Framework SDK –ASP.NET SDK –SOAP Toolbox Use your favorite programming language

18 Web Services & SOAP Interop Stack HTTP UDDI SOAP XML Universal Service Interop Protocol (WSDL ?)

Download ppt "SOAP & Security IEEE Computer Society Utah Chapter Hilarie Orman - Purple Streak Development Tolga Acar - Novell, Inc. October 24, 2002."

Similar presentations

Web Service Architecture

Web Service Architecture
Web Service Ahmed Gamal Ahmed Nile University Bioinformatics Group

Web Service Ahmed Gamal Ahmed Nile University Bioinformatics Group
General introduction to Web services and an implementation example

General introduction to Web services and an implementation example
Simple Object Access Protocol (SOAP) v1.1 CS-328 Dick Steflik.

Simple Object Access Protocol (SOAP) v1.1 CS-328 Dick Steflik.
SOAP.

SOAP.
SOAP. Service Broker Basic SOAP Message Exchange Service Consumer Service Provider http transport SOAP message WSDL describing service SOAP message http.

SOAP. Service Broker Basic SOAP Message Exchange Service Consumer Service Provider http transport SOAP message WSDL describing service SOAP message http.
Apache Axis2 SOAP Primer. Agenda What is SOAP? Characteristics SOAP message structure Header blocks Fault notification Exercises.

Apache Axis2 SOAP Primer. Agenda What is SOAP? Characteristics SOAP message structure Header blocks Fault notification Exercises.
SOAP : Simple Object Access Protocol

SOAP : Simple Object Access Protocol
SOAP Overview Simple Object Access Protocol CSCI 7818 - Topics in Software Engineering Web Infrastructure, Services, and Applications

SOAP Overview Simple Object Access Protocol CSCI Topics in Software Engineering Web Infrastructure, Services, and Applications
An Analysis of SOAP Security Vinod Pandarinathan Vijay Asokan Parthiv Nayak.

An Analysis of SOAP Security Vinod Pandarinathan Vijay Asokan Parthiv Nayak.
1 Understanding Web Services Presented By: Woodas Lai.

1 Understanding Web Services Presented By: Woodas Lai.
CIS 375—Web App Dev II SOAP.

CIS 375—Web App Dev II SOAP.
XML in the real world (2) SOAP. What is SOAP? ► SOAP stands for Simple Object Access Protocol ► SOAP is a communication protocol ► SOAP is for communication.

XML in the real world (2) SOAP. What is SOAP? ► SOAP stands for Simple Object Access Protocol ► SOAP is a communication protocol ► SOAP is for communication.
SOAP SOAP is a protocol for accessing a Web Service. SOAP stands for Simple Object Access Protocol * SOAP is a communication protocol * SOAP is for communication.

SOAP SOAP is a protocol for accessing a Web Service. SOAP stands for Simple Object Access Protocol * SOAP is a communication protocol * SOAP is for communication.
Topics Acronyms in Action SOAP 6 November 2008 CIS 340.

Topics Acronyms in Action SOAP 6 November 2008 CIS 340.
Information Management NTU Web Services. Information Management NTU What Are Web Services? Semantically encapsulate discrete functionality Loosely coupled,

Information Management NTU Web Services. Information Management NTU What Are Web Services? Semantically encapsulate discrete functionality Loosely coupled,
SE 370: Programming Web Services Week 4: SOAP & NetBeans Copyright © Steven W. Johnson February 1, 2013.

SE 370: Programming Web Services Week 4: SOAP & NetBeans Copyright © Steven W. Johnson February 1, 2013.
Web Services Darshan R. Kapadia Gregor von Laszewski 1http://grid.rit.edu.

Web Services Darshan R. Kapadia Gregor von Laszewski 1http://grid.rit.edu.
SOAP 20041094 Lee Jong-uk. Introduction What is SOAP? The features of SOAP The structure of SOAP SOAP exchange message model & message Examples of SOAP.

SOAP Lee Jong-uk. Introduction What is SOAP? The features of SOAP The structure of SOAP SOAP exchange message model & message Examples of SOAP.
SOAP Quang Vinh Pham Simon De Baets Université Libre de Bruxelles1.

SOAP Quang Vinh Pham Simon De Baets Université Libre de Bruxelles1.

Similar presentations

Ads by Google