WEB401 Security Practices for Web Services (Part 2) Keith Ballinger Program Manager XML Messaging Microsoft Corporation.

Slides:



Advertisements
Similar presentations
DEV351 ADO.NET Performance Pablo Castro Program Manager – ADO.NET Team Microsoft Corporation.
Advertisements

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Web Services (ASMX 2.0 and WSE 3.0) Mike Taulty Developer & Platform Group Microsoft Ltd
OFC324 Microsoft Project Server: Putting Enterprise Project Management (EPM) To Work Sam Brooks
DAT304 Leveraging XML and HTTP with Sql Server Irwin Dolobowsky Program Manager Webdata Group.
X.509 Certificate management in.Net By, Vishnu Kamisetty
OFC302 Building Smart Document Solutions in Word & Excel Martin Sawicki Lead Program Manager.
DBA230 Introducing SQL Server 2000 Reporting Services Jason Carlson Product Unit Manager SQL Server Microsoft Corporation.
OFC 322 Building Office Research Web Services: Exposing Corporate Data Through Office Brian Jones Program Manager Authoring Services Martin Sawicki Lead.
Web Service Standards, Security & Management Chris Peiris
DEV334 Creating Application Starting Points & Sharing Best Practices with Enterprise Templates Marc Gusmano Director of Emerging Technologies The Information.
OFC304 Excel 2003 Overview: XML Support Joseph Chirilov Program Manager.
EBZ318 Deploying A Content Management Server 2002 Solution Case Study Daniel Kogan Program Manager Microsoft CMS / E-Biz server Group.
OFC 200 Microsoft Solution Accelerator for Intranets Scott Fynn Microsoft Consulting Services National Practices.
MBL393 Location Aware Devices Chung Webster Application Development Consultant.
DEV290 Building Office Solutions with Visual Studio Eric Carter Lead Developer Developer Platform & Evangelism Microsoft Corporation.
SEC303 Assessing and Managing Privacy in the Enterprise JC Cannon Privacy Strategist.
DEV402 Extending the ASP.NET Runtime Jurgen Postelmans Microsoft Regional Director BeLux U2U.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
OFC 303 Advanced Word XML: Customer-Defined Schemas Brian Jones Program Manager Authoring Services.
1 WS-Privacy Paul Bui Ryan Dickey. 2 Agenda  WS-Privacy  Introduction to P3P  How P3P Works  P3P Details  A P3P Scenario  Conclusion  References.
DEV325 Deploying Visual Studio.NET Applications Billy Hollis Author / Consultant.
OFC290 Information Rights Management in Microsoft Office 2003 Lauren Antonoff Group Program Manager.
DEV339 Best Practices for Debugging Visual Studio.NET Applications Keith Pleas Architect, Guided Design
DEV234 Project Management For.NET Developers Marc Gusmano Director of Emerging Technologies The Information Management Group.
OFC 307 Office 2003 Solution Case Studies Ray Stephenson Smart Client Technical Evangelist
DEV382 Building International Applications with the.NET Framework Christian Nagel Microsoft Regional Director Global Knowledge.
Web 310 XML Schema : What You Need to Know and Why Yasser Shohoud Program Manager XML Messaging Microsoft Corporation.
17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.
DEV337 Modeling Distributed Enterprise Applications Using UML in Visual Studio.NET David Keogh Program Manager Visual Studio Enterprise Tools.
Paul Butterworth Management Technology Architect
Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.
Web305 Security Practices for Web Services (Part 1) : Now I Understand Eric Schmidt Technical Evangelist Platform Strategy & Partner Group Microsoft Corporation.
Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.
DEV384 COM+ Lives : New Features in Enterprise Services Included in Windows Server 2003 Catherine Heller Senior Consultant Microsoft Spain.
DEV333 Instrumenting Applications for Manageability with the Enterprise Instrumentation Framework David Keogh Program Manager Visual Studio Enterprise.
EBZ319 Building Enterprise Web Sites Using MCMS 2002 Daniel Kogan Program Manager CMS Group Microsoft Corporation Pat Miller Developer CMS Group Microsoft.
Windows Role-Based Access Control Longhorn Update
MBL206 A First Look at the Microsoft Location Server (MLS) Steve Lombardi Technical Product Manager MapPoint Business Unit Microsoft Corporation.
EBZ 321 Extending CMS 2002 Publishing Processes Scott Fynn Microsoft Consulting Services National Practices.
OFC291 Microsoft® Office Word XML (part 1 of 3): Introduction Martin Sawicki Lead Program Manager.
DEV303 ASP.NET: Leveraging Visual Studio.NET For Web Projects Tony Goodhew Product Manager Microsoft Corp.
Prabath Siriwardena – Software Architect, WSO2. Patterns Standards Implementations Plan for the session.
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
DEP331 Migrating to Windows XP Mike Coleman Lead Product Manager, Windows XP Microsoft Corporation.
MBL490 Deploying Applications to Smartphone and Microsoft® Powered Pocket PC Marcus Perryman Consultant.
EBIZ327 InfoPath and BizTalk Server 2004 Scott Woodgate Jupiter Product Planner.
MSG331 Exchange Server 2000/2003 Software Development Kit Susan Hill Lead Programmer Writer Microsoft Corporation.
DEV395 No Touch Deployment for Windows Forms Jamie Cool Program Manager.NET Client Microsoft Corporation.
Web Services Security Patterns Alex Mackman CM Group Ltd
EBZ303 Building Applications Using BizTalk Human Workflow Services Nagender Vedula Group Program Manager E-Business Server Group Microsoft Corporation.
EBIZ302 Jupiter Business Process Automation and Web Services David Fong Program Manager.
DEV332 Programming for the Middle Tier in Visual Basic.NET Billy Hollis Author / Consultant.
1 WS-Policy. 2 What’s the Problem? To use a web service a client needs more information than is provided in WSDL file. Examples: –Does service support.
EBZ306 Advanced Business Process Automation Using BizTalk Server 2004 David Fong Program Manager.
Andrew J. Hewatt, Gayatri Swamynathan and Michael T. Wen Department of Computer Science, UC-Santa Barbara A Case Study of the WS-Security Framework.
MSG 334 Creating Exchange Administrative Scripting for the Non-Programmer Susan Hill Lead Programmer Writer Microsoft Corporation.
OFC311 Developing Microsoft Office InfoPath 2003 Solutions: Technical Drilldown Part 1 Tudor Toma Group Program Manager Office Microsoft Corporation.
EBIZ312 Connecting Host Systems to Microsoft Technologies Paul Larsen Aaron Grady Microsoft Corporation.
OFC320 Building EPM Solutions with Microsoft Project Server Ted Dinklocker Program Manager Microsoft Corp.
Applied WSE 2.0 Security Mike Shaw.NET Security Dude
© ETNIC l l Anne Noseda l WSGenCon 2.0 Presentation 1 WSGenCon /02/2010 E2SA – Equipe Support Standard Architecture.
API DOCUMENTATION Swetha Mohandas Microsoft Connect 2016
Web Services Enhancements 2.0
Presentation transcript:

WEB401 Security Practices for Web Services (Part 2) Keith Ballinger Program Manager XML Messaging Microsoft Corporation

Agenda Trusting clients and services Enabling a manageable B2B infrastructure Creating a security context Faster security performance Authoring security policy Removing the need for writing a lot of security code

Trust Relationships and identity How do I prove who I am? Who can vouch for me? How do you know you can trust him? These questions are answered with signed security tokens WS-Trust defines a protocol for issuing and obtaining security tokens

Trust Several models for issuing tokens Client obtains token Service obtains token for client Etc… Client Token Issuer Service ClientService Token Issuer 2 Token Issuer 1 Client Token Issuer Service

Trust Requesting a security token (RST)... Issuing a security token (RSTR)

Trust RST is usually signed with a token the token issuer trusts RSTR issues new token Proof of possession token can also returned This token includes a key that the requestor can use to prove he’s allowed to use the issued token

Issuing a custom XML-based security token demo demo

Secure conversation Token issuing can also occur between two parties Client Service And Token Issuer Typically, this is done to create higher performance security processing WS-SecureConversation is an example

Secure conversation WS-SecureConversation details how to issue a SecurityContextToken In WSE, this lightweight token takes the place of a more processing intensive token Client Service And Token Issuer Request for SCT SCT Issued to client Series of messages signed with issued SCT

Building a Secure Conversation with WSE demo demo

Policy Beyond what WSDL provides, what else is needed to describe a Web service? Security requirements Reliable messaging assurances Protocol versioning Etc… These other attributes of a service can be described with WS-Policy XML-base language Complex:,, etc…

Policy <wsp:Policy wsu:Id="message-age"> <wsse:MessageAge wsp:Usage="wsp:Required" Age="5“ />

Security policy WS-SecurityPolicy specifies the assertions for expressing requirements related to WS- Security Can be embedded inside the other two

Security Policy X509v3 wsp:Body()

Role-based security IPrincipal is the.NET interface for role- based authoriztion bool IsInRole(String str) SecurityToken.Principal Implementation of IPrincipal Automatically set for UsernameToken and KerberosSecurityToken Call method explicitly or use Policy

Role-Based Authorization using Security Policy demo demo

Suggested Reading And Resources The tools you need to put technology to work! TITLE Available Writing Secure Code, Second Edition: Today Microsoft Press books are 20% off at the TechEd Bookstore Also buy any TWO Microsoft Press books and get a FREE T-Shirt

Community Resources Most Valuable Professional (MVP) Newsgroups Converse online with Microsoft Newsgroups, including Worldwide User Groups Meet and learn with your peers

evaluations evaluations

© 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.