Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Systems Research Group - FAU 1 Web Services Products and Tools Ingrid Buckley Dept. of Computer Science and Engineering Florida Atlantic University.

Similar presentations


Presentation on theme: "Secure Systems Research Group - FAU 1 Web Services Products and Tools Ingrid Buckley Dept. of Computer Science and Engineering Florida Atlantic University."— Presentation transcript:

1 Secure Systems Research Group - FAU 1 Web Services Products and Tools Ingrid Buckley Dept. of Computer Science and Engineering Florida Atlantic University Boca Raton, FL, USA April 18, 2007

2 Secure Systems Research Group - FAU 2 AGENDA Objective Introduction Web Service Products –Standards –Features Web Service Tools Web Service Patterns Conclusion

3 Secure Systems Research Group - FAU 3 Objectives Evaluation of products and development tools used to create web services including their capabilities. Identifying areas that either have no support or can be better enhanced to increase the overall efficiency of the products and tools used in the development of web services. Providing some possible solutions.

4 Secure Systems Research Group - FAU 4 Introduction A Web Service is a component in a system designed to support interoperable machine to machine interaction over a network. Web services are frequently just Web APIs that can be accessed over a network, such as the –Internet –executed on a remote system hosting the requested services. Web services communicate using XML messages that follow the SOAP standard. Web services are regulated by web service standards.

5 Secure Systems Research Group - FAU 5 Web Service Products Web services are generally used in two ways: –for remote procedure calls (RPC) –Document Style Several products are available on the market that offer one or more of these functionalities. There are two basic architectural approaches for platforms that support web services: –Microsoft.NET –Sun ONE (J2EE) There are a variety of companies that develop products to implement web services, these include: –IBM, Microsoft, IONA, BEA, and SUN

6 Secure Systems Research Group - FAU 6 Web Service Products Xtradyne - Xtradyne's WS-DBC IBM - Tivoli Identity Manager and Tivoli Access Manager IONA – Artix Netegrity - TransactionMinder Forum Sentry™ Web Services Security Suite Microsoft Trust Bridge BEA - BEA WebLogic Enterprise Security

7 Secure Systems Research Group - FAU 7 Xtradyne - Xtradyne's WS-DBC The Web Services Domain Boundary Controller (WS-DBC) is an XML Firewall. It provides protection against malformed messages and malicious content, encryption/decryption of XML messages, XML digital signatures, authentication, authorization, and audit. It conforms to WS-Security, SAML WSDL, XML Digital Signatures standards.

8 Secure Systems Research Group - FAU 8 IBM - Tivoli Identity Manager and Tivoli Access Manager Tivoli Identity Manager is a policy-based user management solution. Tivoli Access Manager is a policy-based access control solution. Provides authentication and authorization APIs that allow integration with application platforms such as J2EE. This product conforms to WS-Federation and SAML standards.

9 Secure Systems Research Group - FAU 9 IONA – Artix Artix is an extensible Enterprise Service Bus (ESB). It enables an enterprise to integrate and expose its applications as web services. The security features include a role based access control mechanism, authentication, support with WS- Security, Single sign-on (SSO), Netegrity plugin, LDAP plugin, Active Directory Plug-In. It conforms to the WS-Security and SAML standards.

10 Secure Systems Research Group - FAU 10 Netegrity - TransactionMinder TransactionMinder provides centralized authentication, policy-based authorization, and audit for web services transactions By intercepting requests made to web services, analyzing it and communicating with the Netegrity Policy Server. Netegrity conforms to SOAP messages, WSDL, SAML and XML Digital Signatures standards.

11 Secure Systems Research Group - FAU 11 Forum Sentry™ Web Services Security Suite Enables trusted information sharing using XML data and Web services across different security domains and business processes. Forum Sentry supports the implementation of secure service-oriented architectures and event-driven applications. Conforms to XML Digital Signature, XML Encryption, WS-Encryption, WS-Digital Signatures, WSDL 1.1/1.2, WS-Security, SAML, XKMS and WS-I Basic Profile standards.

12 Secure Systems Research Group - FAU 12 Microsoft Trust Bridge Microsoft Trust Bridge technology will allow different organizations using the Windows operating system to exchange user identities and interoperate in heterogeneous environments. Using industry standard XML Web services protocols including Kerberos, WS-Security and forthcoming protocols in WS-Policy and the WS-Security family. Federated identity management makes it easier for businesses to interact with customer, partners and suppliers, thus increasing communication amongst stakeholders.

13 Secure Systems Research Group - FAU 13 BEA - BEA WebLogic Enterprise Security BEA WebLogic Enterprise Security provides access control to applications based on policies. Includes policy-based delegated administration, authentication with single sign-on, consolidated auditing, and dynamic-role and policy-based authorization with delegation. Conforms to the SAML and WSDL 1.1 standard.

14 Secure Systems Research Group - FAU 14 Security Standards StandardsIBMIONABEAXTRADYNENETEGRITYFORUM Microsoft Trust Bridge XML EncryptionXXX XML SignatureXXX SAMLXXXXXX X WS-SecurityXXXX WS- EncryptionXXXX X WS-ReliabiltyX WS-TRUSTXX WS-FederationXX WSDL XX

15 Secure Systems Research Group - FAU 15 Security Features Functionalities IBMIONABEAXTRADYNENETEGRITYFORUM Microsoft Trust Bridge XML schema validationXX Web services access controlXXXXXXX User AuthenticationXXXXXXX AuditXXXXX AlertsXX Standards validation Virus scanningXXX Integrity checksXXX SSOXXX

16 Secure Systems Research Group - FAU 16 Web Service Tools GlassFish Eclipse Web Tools Platform (WTP) MissionKit Stylus Studio®

17 Secure Systems Research Group - FAU 17 GlassFish GlassFish is an open source application server which implements some new features in the Java EE 5 platform. The Java EE 5 platform includes the latest versions of technologies such as: JavaServer Pages(JSP)2.1 –JavaServer Faces(JSF) 1.2 –Servlet 2.4 – EnterpriseJavaBeans 3.0 –Java API for Web Services (JAX-WS) 2.0 – Java Architecture for XML Binding –(JAXB) 2.0, –Web Services Metadata for the Java Platform 1.0.

18 Secure Systems Research Group - FAU 18 Eclipse Web Tools Platform (WTP) Eclipse web tools platform project extends the Eclipse platform with tools for developing web services and Java EE applications. It includes source and graphical editors for a variety of languages, wizards and built-in applications. Includes tools and APIs to support deploying, running, and testing web applications.

19 Secure Systems Research Group - FAU 19 MissionKit The Altova MissionKit for XML Developers is designed for XML and software developers, it includes XML data integration, and style sheet design capabilities. MissionKit supports: –XML, XSD, XSLT, and XQuery development –WSDL and SOAP Web services development –XML, database, flat file, EDI, and Web services data mapping / conversion –Graphical Web services creation –XML-aware file and directory differencing/merging –Advanced XML Schema management –Semantic Web development

20 Secure Systems Research Group - FAU 20 Stylus Studio ® Stylus Studio® 2008 XML Enterprise Suite provides a set of XML tools and features for working with XML, XQuery, web services, XML publishing, and other XML technologies. Stylus Studio includes the following features: –Apache Axis: Stylus Studio® uses Apache Axis to query web services for exploring, to retrieve data through web services, and to generate code for web services. Additionally, using the support of the XML converters, web services through Axis can be built into your own applications, called and executed through XSLT and/or XQuery, and used in XML pipelines and XML reports. –Integrating Web Services using XQuery : Web services provide process abstraction while XQuery provides a flexible means for data abstraction. –Web Service Data Mapping :Stylus Studio® allows you to use web services as XML data sources to be used in live XML mapping projects.

21 Secure Systems Research Group - FAU 21 Mashups A mashup is a web application that combines data from more than one source into a single integrated tool. These are being used more in web services to deliver a richer and more interactive experience to users. The following are a few editors that are used to create mashups: –Google Mashup Editor –Openkapow –Microsoft Popfly Mashup Editor

22 Secure Systems Research Group - FAU 22 Google Mashup Editor Google Mashup Editor is an AJAX development framework and a set of tools that enable developers to quickly and easily create simple web applications and mashups with Google services like Google Maps and Google Base.

23 Secure Systems Research Group - FAU 23 Openkapow Openkapow is an open service platform which all you to build your own services (called robots) and deploy them. The robots accesses web sites and allows the use of data, functionality and even the user interface of other web sites.

24 Secure Systems Research Group - FAU 24 Microsoft Popfly Mashup Editor Microsoft Popfly Mashup Editor is a tool for creating and sharing mashups built on Silverlight technology. In addition to its tools for developers, Popfly is offering some consumer-facing applications that allow users to create web pages and build custom widgets to their blogs and social networking profiles.

25 Secure Systems Research Group - FAU 25 Web Service Patterns XACML Authorization –Enables an organization to represent authorization rules in a standard manner. XACML Access Control Evaluation –This pattern decides if a request is authorized to access a resource according to policies defined by the XACML Authorization pattern. WSPL –Enables an organization to represent access control policies for its web services in a standard manner. – It also enables a web services consumer to express its requirements in a standard manner.

26 Secure Systems Research Group - FAU 26 Patterns Enumerate existing patterns to define or build on existing ones. These patterns are for Security only

27 Secure Systems Research Group - FAU 27 Conclusion Many of the web service products and tools discussed only conform to a few of the web services standards. It is difficult to select the right web services product or tool. Many companies do not explicitly state the features and standards which are supported by their products or tools.It is time consuming to acquire the standards that a tool or product conforms to. Many products are not compliant with the WS-Reliability standard and many tools do not implement it.

28 Secure Systems Research Group - FAU 28 Conclusion …. Patterns are used to solve recurrent general problems in a given context, they are flexible in how they can be used in different products and tools of varying purposes. A possible solution in overcoming this problem is using web service patterns in the implementation and design of web services products and tools. More web service patterns could be written to conform to a combination of web service industry standards Easier for customers to make informed decisions regarding a particular tool based on the web service patterns it implements.

29 Secure Systems Research Group - FAU 29 Conclusion A pattern can be specialized or generalized to suit the need of a product or tool. Create composite web service patterns which can be used to implement many web service standards. Web service products can be implemented using such composite patterns. Easier for web services developers to implement them into web service products and tools which could streamline the integration of more web service standards into web service products and tools


Download ppt "Secure Systems Research Group - FAU 1 Web Services Products and Tools Ingrid Buckley Dept. of Computer Science and Engineering Florida Atlantic University."

Similar presentations


Ads by Google