Presentation is loading. Please wait.

Presentation is loading. Please wait.

Application of XML Schema in Web Services Security Sridhar Guthula W3C XML Schema 1.0 User Experiences 06-21-2005.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Application of XML Schema in Web Services Security Sridhar Guthula W3C XML Schema 1.0 User Experiences 06-21-2005."— Presentation transcript:

1 Application of XML Schema in Web Services Security Sridhar Guthula W3C XML Schema 1.0 User Experiences 06-21-2005

2 QuickTree Inc.2 About me 10 years in enterprise software business XML focus since 1998 Projects –XML Schema 1.0 validation engine, SOAP security framework, XSLT 1.0 compiler, hardware based XML Parser. –Large XML based language for a declarative constraint engine –Storing XML documents in a RDBMS –XML Schemas for Catalog Services, XML based RPCs and Workflows Systems

3 QuickTree Inc.3 QuickTree SOAP Security Module (SSM) Designed from the ground up with OEM integration in mind, the SSM hides the complexities of XML processing and allows network equipment like Firewalls, SSL VPN devices and Load Balancers to inspect and secure Web Services traffic

4 QuickTree Inc.4 SOAP Security in the Network

5 QuickTree Inc.5 Features XML Denial of Service Prevention - Checking for XML well-formedness, nested element depth, element length, message size, external entities, attribute length, etc WSDL Based Access Control - Limit a user or group's access to particular services or operations defined in the WSDL file SOAP Structural and Parameter Validation - Prevent mal-structured SOAP messages and apply parameter validation using type checking with full support for regex based schema types SQL and Command Injection Protection - Detect and block command injection attacks, commonly hidden as valid parameters Streaming mode interface - XML messages can be forwarded to the QuickTree module as they come in without blocking

6 QuickTree Inc.6 QuickTree SOAP Security Module (SSM)

7 QuickTree Inc.7 User Experience

8 QuickTree Inc.8 WSDL Based validation XML Schema 1.0 validation engine (‘C’ based) Generate schema by combining WSDL, XML Schema and SOAP Streaming and Hardwarized Structural Validation vs Data-type validation ACLs Issues –Schema Specification –XML Schemas with multiple target namespaces –xsi:type and encoding style –Mapping WSDL/SOAP types to XML Schema types (Ex: soapenc:arrayType) –Versioning

9 QuickTree Inc.9 Compliance Levels Support compliance/conformance levels (like internationalization standards) –Structural validation and/or Data-type validation –Data-centric or Content-centric Lack of different compliance levels causes vendors to claims full XML Schema compliance. Reduced user confusion and reduced cost in investigating vendor compliance.

10 QuickTree Inc.10 XML Denial of Service Prevention Checking for XML well-formedness, nested element depth, element length, message size, external entities, attribute length, etc Most of the XML Schema designers do not consider security Policies – QuickTree provides global and User-specific Implementation through inheritance, facets

11 QuickTree Inc.11 Validating Canonical XML Support for validating canonical XML Canonical form of a valid xml instance should be valid

12 QuickTree Inc.12 Views or Aspects Given XML Schemas viewed in a different light by different users (network admin, application engineer, customer) Support for different aspects on the same XML Schema Example: Security aspect –Conformance/Compliance Levels: only do structural validation –Ignore Order/Canonicalization: canonical form of a valid xml instance should be valid –DoS configuration values –Xsi:type support

13 QuickTree Inc.13 Contact Info Sridhar Guthula 855 Embedded Way San José, CA 95138-1018 USA 408-979-4800 sguthula@quicktree.com

14 QuickTree Inc.14 Q & A

Download ppt "Application of XML Schema in Web Services Security Sridhar Guthula W3C XML Schema 1.0 User Experiences 06-21-2005."

Similar presentations

Ignite Technologies, Inc. Proprietary Corporate Presentation 3211 Internet Blvd. Suite 300 Frisco, Texas 75034 972-348-6400 Ignite Technologies Fabian.

Ignite Technologies, Inc. Proprietary Corporate Presentation 3211 Internet Blvd. Suite 300 Frisco, Texas Ignite Technologies Fabian.
Best Practices in Web Service Style, Data Binding and Validation (for use in Data-Centric Applications) David Meredith, Asif Akram, Rob Allan CCLRC Daresbury.

Best Practices in Web Service Style, Data Binding and Validation (for use in Data-Centric Applications) David Meredith, Asif Akram, Rob Allan CCLRC Daresbury.
XML-based Network Management Rob Enns

XML-based Network Management Rob Enns
XML: Extensible Markup Language

XML: Extensible Markup Language
Stonesoft Roadmap WHAT FEATURES WILL COME IN 2013-2014.

Stonesoft Roadmap WHAT FEATURES WILL COME IN
Copyright © 1995-2005 Open Applications Group, Inc. All rights reserved 1 OAGi XML Schema User Report June 21, 2005 Michael.

Copyright © Open Applications Group, Inc. All rights reserved 1 OAGi XML Schema User Report June 21, Michael.
Chapters 14 & 15 Internet Databases. E-Commerce  Bringing new products, services, or ideas to market, supporting and enhancing business operations 

Chapters 14 & 15 Internet Databases. E-Commerce  Bringing new products, services, or ideas to market, supporting and enhancing business operations 
1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.

1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
G O B E Y O N D C O N V E N T I O N WORF: Developing DB2 UDB based Web Services on a Websphere Application Server Kris Van Thillo, ABIS Training & Consulting.

G O B E Y O N D C O N V E N T I O N WORF: Developing DB2 UDB based Web Services on a Websphere Application Server Kris Van Thillo, ABIS Training & Consulting.
Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.

Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.
--What is a Database--1 What is a database What is a Database.

--What is a Database--1 What is a database What is a Database.
SaxStore: a n aspect oriented persistence library for Java based on SAX events Riccardo Solmi University of Bologna May 2001.

SaxStore: a n aspect oriented persistence library for Java based on SAX events Riccardo Solmi University of Bologna May 2001.
McGraw-Hill/Irwin Copyright © 2008, The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin Copyright © 2008 The McGraw-Hill Companies, Inc.

McGraw-Hill/Irwin Copyright © 2008, The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin Copyright © 2008 The McGraw-Hill Companies, Inc.
Introduction to soapUI Presented by Kushan Athukorala.

Introduction to soapUI Presented by Kushan Athukorala.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Barracuda Networks Steve Scheidegger Commercial Account Manager 734-887-2422

Barracuda Networks Steve Scheidegger Commercial Account Manager
Learning Information Services Exchanging Data Between Enterprise Systems.

Learning Information Services Exchanging Data Between Enterprise Systems.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Similar presentations

Ads by Google