Web - based business and XML security. Dagmar Brechlerova.

Slides:

Advertisements

Similar presentations

Public Key Infrastructure and Applications

Advertisements

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

Web Services Security Standards Forum Dr. Phillip M. Hallam-Baker C.Eng. FBCS VeriSign Inc.

Web Service Security CS409 Application Services Even Semester 2007.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

0 Web Service Security JongSu Bae. 1  Introduction 2. Web Service Security 3. Web Service Security Mechanism 4. Tool Support 5. Q&A  Contents.

E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

WS-Security TC Christopher Kaler Kelvin Lawrence.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.

ΗΛΕΚΤΡΟΝΙΚΟ ΕΜΠΟΡΙΟ Web Services Overview Mary Grammatikou 9/06/2009.

Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.

Remarks on Voting using Cryptography Ronald L. Rivest MIT Laboratory for Computer Science.

Web services security I

David L. Wasley Office of the President University of California Maybe it’s not PKI … Musings on the business case for PKI EDUCAUSEEDUCAUSE PKI Summit.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Public Key Infrastructure Ammar Hasayen ….

Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.

Security COMP6017 Topics on Web Services Dr Nicholas Gibbins –

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

SAML in Authorization Policies draft-guenther-geopriv-saml-policy-00.

Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.

W3C Web Services Architecture Security Discussion Kick-Off Abbie Barbir, Ph.D. Nortel Networks.

Web Services Security and Further References Presented by Ashraf Memon Presented by Ashraf Memon.

Semantic Web Technologies Research Topics and Projects discussion Brief Readings Discussion Research Presentations.

Dr. Rebhi S. Baraka Advanced Topics in Information Technology (SICT 4310) Department of Computer Science Faculty of Information Technology.

Access Control and Markup Languages Pages 183 – 187 in the CISSP 1.

Shibboleth Access Management System Walter Hoehn & David Millman, Columbia University.

 A Web service is a method of communication between two electronic devices over World Wide Web.

SWEB SWEB Security and Privacy Technologies – Implementation Aspects Venue:SWEB Day in APV, Novi Sad Author(s):Dr. Milan Marković Organisations:MISANU.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #22 Secure Web Information.

CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.

E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.

Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.

Web Services Security Standards Dr. Phillip M. Hallam-Baker C.Eng. FBCS VeriSign Inc.

Web Services Security Mike Shaw Architectural Engineer.

Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.

T Network Application Frameworks and XML XML Security Basics Sasu Tarkoma Based on slides by Pekka Nikander.

Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.

TAG Presentation 18th May 2004 Paul Butler

TAG Presentation 18th May 2004 Paul Butler

Pooja programmer,cse department

Security & .NET 12/1/2018.

Service-Oriented Computing: Semantics, Processes, Agents

Service-Oriented Computing: Semantics, Processes, Agents

Tim Bornholtz Director of Technology Services

Presentation transcript:

Web - based business and XML security. Dagmar Brechlerova

Problems of security Problems of security Security: important in the business world the integrity of content and transactions privacy and confidentiality to make sure information is used appropriately. In today's web-based business environment, the means for providing that security have changed. The Old Instruments for security work badly Physical security no works as well as in the past. Nice old times: all the computing resources were locked in a central computing room with all jobs submitted locally.

Problems of security To create a single security infrastructure do not scale effectively to the Internet The heterogeneous nature of HW and SW systems and to conflicting administrative, application and security requirements. There is too much to administer, too many applications, too many variations Standards are required that can adapt to changing requirements, that can incorporate new technologies while continuing to work with legacy technologies, and that can be deployed modularly. These standards should work well together.

XML security XML security defines XML vocabularies for representing security information Use other XML standards if it is possible It may be applied to end- end security ( SSL not) XML security reuse existing cryptography It uses XML technology ( XML schema..)

XML Security standards Integrity and signatures - XML Digital Signature Confidentiality - XML Encryption Key Management - XML Key Management Specification (XKMS) Authentication and Authorization Assertions - Security Assertion Markup Language (SAML) Authorization Rules - XML Access Control Markup Language (XACML) as well as major XML Security applications: Web Services Security - Roadmap and WS- Security Privacy - Platform for Privacy Preferences (P3P) Digital Rights Management - eXtensible Rights Markup Language 2.0 (XrML)

Signature element <CanonicalizationMethod Algorithm=" <SignatureMethod Algorithm=" /> j6lwx3rvEPO0vKtMup4NbeVu8nk= <Reference URI=" example.xml"> UrXLDLBIta6skoV5/A8Q38GEw44= MC0E~LE= CN=EdSimon, O=XMLSecInc.,ST=OTTAWA,C=CA MIID5jCCA0+gA...lVN

Encryption- Book book visa

all notes/iana/assignments/media- types/text/xml A23B45C56

Information about card book A23B45C564587

SAML – Security Assertion Markup SAML defines XML vocabulary for sharing security assertions Authentication and authorization assertions Single sign on

XACML

Policy from XACML

SampleServer

Policy from XACML 17:00:00

?????