Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Web Services Akylbek Zhumabayev Rochester Institute of Technologies.

Similar presentations


Presentation on theme: "Secure Web Services Akylbek Zhumabayev Rochester Institute of Technologies."— Presentation transcript:

1 Secure Web Services Akylbek Zhumabayev Rochester Institute of Technologies

2 Legend Implemented Standard Implemented in additional product Security Layer Existing Standard Implemented in part of solutions

3 Security Standards for WS XML XML Signature (W3C) XML Encryption (W3C) SOAP WS-Addressing (W3C) WS-Security (OASIS) Resource Trust Secure Context Policy SAML Kerberos REL X.509 WS-SecureConversation (IBM) XACML (OASIS) RBAC (NIST) EPAL (IBM) WS-Policy (W3C) WS-Security Policy (OASIS) WS-Trust (OASIS) XKMS (W3C) WS-Federation (IBM) IDFF Shibboleth Reliability WS-Reliable Messaging (OASIS) WS-Reliability (OASIS) U/P

4 Popular Solutions Microsoft WCF Sun Metro (JAX-WS + JAXB + WSIT) Apache Axis2 (Rampart + Rahas + Sandesha2) Apache CXF (based on JAX-WS) More: IBM WebSphere WSO2 Web Service Framework BEA WebLogic

5 Microsoft WCF XML XML Signature (W3C) XML Encryption (W3C) SOAP WS-Addressing (W3C) WS-Security (OASIS) Resource Trust Secure Context Policy SAML Kerberos REL X.509 WS-SecureConversation (IBM) XACML (OASIS) RBAC (NIST) EPAL (IBM) WS-Policy (W3C) WS-Security Policy (OASIS) WS-Trust (OASIS) XKMS (W3C) WS-Federation (IBM) IDFF Shibboleth Reliability WS-Reliable Messaging (OASIS) WS-Reliability (OASIS) U/P

6 Sun Metro XML XML Signature (W3C) XML Encryption (W3C) SOAP WS-Addressing (W3C) WS-Security (OASIS) Resource Trust Secure Context Policy SAML Kerberos REL X.509 WS-SecureConversation (IBM) XACML (OASIS) RBAC (NIST) EPAL (IBM) WS-Policy (W3C) WS-Security Policy (OASIS) WS-Trust (OASIS) XKMS (W3C) WS-Federation (IBM) IDFF Shibboleth Reliability WS-Reliable Messaging (OASIS) WS-Reliability (OASIS) U/P

7 Apache Axis2 XML XML Signature (W3C) XML Encryption (W3C) SOAP WS-Addressing (W3C) WS-Security (OASIS) Resource Trust Secure Context Policy SAML Kerberos REL X.509 WS-SecureConversation (IBM) XACML (OASIS) RBAC (NIST) EPAL (IBM) WS-Policy (W3C) WS-Security Policy (OASIS) WS-Trust (OASIS) XKMS (W3C) WS-Federation (IBM) IDFF Shibboleth Reliability WS-Reliable Messaging (OASIS) WS-Reliability (OASIS) U/P

8 Apache CXF XML XML Signature (W3C) XML Encryption (W3C) SOAP WS-Addressing (W3C) WS-Security (OASIS) Resource Trust Secure Context Policy SAML Kerberos REL X.509 WS-SecureConversation (IBM) XACML (OASIS) RBAC (NIST) EPAL (IBM) WS-Policy (W3C) WS-Security Policy (OASIS) WS-Trust (OASIS) XKMS (W3C) WS-Federation (IBM) IDFF Shibboleth Reliability WS-Reliable Messaging (OASIS) WS-Reliability (OASIS) U/P

9 Common WS-* Stack WS-Addressing WS-Security: Username/Password, SAML, X.509 SAML includes XML Encryption and XML Signature WS-Trust (except Apache CXF) WS-Security Policy (except Apache) WS-Policy (except Apache Axis2) WS-Secure Conversation (except Apache CXF) WS-Reliable Messaging

10 1-MS, 2-Sun, 3-Axis2, 4-CXF XML XML Signature XML Encryption SOAP WS-Addressing WS-Security Resource Trust Secure Context Policy SAML Kerberos (1,2) REL X.509 WS-SecureConversation (1,2,3) XACML RBAC EPAL WS-Policy (1,2,4) WS-Security Policy (1,2) WS-Trust (1,2,3) XKMS WS-Federation IDFF Shibboleth Reliability WS-Reliable Messaging WS-Reliability (2) U/P

11 GSI XML XML Signature (W3C) XML Encryption (W3C) SOAP WS-Addressing (W3C) WS-Security (OASIS) Resource Trust Secure Context Policy SAML Kerberos REL X.509 WS-SecureConversation (IBM) XACML (OASIS) RBAC (NIST) EPAL (IBM) WS-Policy (W3C) WS-Security Policy (OASIS) WS-Trust (OASIS) XKMS (W3C) WS-Federation (IBM) IDFF Shibboleth Reliability WS-Reliable Messaging (OASIS) WS-Reliability (OASIS) U/P


Download ppt "Secure Web Services Akylbek Zhumabayev Rochester Institute of Technologies."

Similar presentations


Ads by Google