Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Services Security with WSE 2.0 Muhammad Saqib Ilyas

Published byGabriella Lambert Modified over 8 years ago

Similar presentations

Presentation on theme: "Web Services Security with WSE 2.0 Muhammad Saqib Ilyas"— Presentation transcript:

1 Web Services Security with WSE 2.0 Muhammad Saqib Ilyas muhammad.saqib@ineta.org

2 Speaker.Bio.ToString() Assistant Professor, N.E.D. University Country Leader, INETA Pakistan MVP IEEE Student Branch Counselor Secretary/Treasurer IEEE Communications Society, Karachi Chapter Member IEEE Karachi Section Executive Committee

3 Agenda Security Basics WSE 2.0 programming model Demos

4 Security Basics Encryption Asymmetric Symmetric Message Digest Digital Signature

5 Public key (asymmetric) Messages encrypted with private key, decrypted with public key Vice versa e.g., RSA, Diffie Hellman Confidentiality and authentication Computationally expensive

6 Symmetric Same key for encryption and decryption e.g., DES Share the key securely

7 Message digest Computes a value unique to a message Hashing Integrity

8 Digital signature Compute a message digest over a message Encrypt the message digest using private key Transmit signature with message Decrypt signature using public key

9 Securing web services Use lower layer security such as SSL Limitations

10 WSE 2.0 Provides support for WS-* standards Includes security Approximately 8 MB download http://msdn.microsoft.com/webservices/downloads/default.aspx http://msdn.microsoft.com/webservices/building/wse/

11 WSE 2.0 Architecture Input and output filters Proxy base class WebServicesClientProtocol SoapContext object records particular options: –Username token –Certificate Security token manager

12 WSE Programming Configured in web.config Using GUI tool Add reference to: –Microsoft.Web.Services2.dll Microsoft.Web.Services2 Microsoft.Web.Services2.Security Microsoft.Web.Services2.Security.Tokens

13 Specifications supported WS-Security WS-SecurityPolicy WS-SecureConversation WS-Trust WS-Referral WS-Addressing WS-Policy DIME (Direct Internet Message Encapsulation) WS-Attachments

14 Demo Implementing a SOAP extension Signing using username/password tokens Installing X.509 certificates Signing using X.509 certificates Encryption using multiple tokens

15 Links http://msdn.microsoft.com/webservices http://msaqib.blogspot.com http://www.saqibilyas.info http://www-128.ibm.com/developerworks/webservices/standards/

Download ppt "Web Services Security with WSE 2.0 Muhammad Saqib Ilyas"

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.

Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
WS-Security TC Christopher Kaler Kelvin Lawrence.

WS-Security TC Christopher Kaler Kelvin Lawrence.
Core Web Service Security Patterns

Core Web Service Security Patterns
© 2007 Charteris plc20 June 2015 1 1 Extending Web Service Security with WS-* Presented by Chris Seary MVP Charteris plc, 39-40 Bartholomew Close, London.

© 2007 Charteris plc20 June Extending Web Service Security with WS-* Presented by Chris Seary MVP Charteris plc, Bartholomew Close, London.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 19,20, and 21: April 5, 10, and 12, 2007 Cryptographic Primitives.

1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 19,20, and 21: April 5, 10, and 12, 2007 Cryptographic Primitives.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Web services security I

Web services security I
Prashanth Kumar Muthoju

Prashanth Kumar Muthoju
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
1 Web Services Security XML Encryption, XML Signature and WS-Security.

1 Web Services Security XML Encryption, XML Signature and WS-Security.
X.509 Certificate management in.Net By, Vishnu Kamisetty

X.509 Certificate management in.Net By, Vishnu Kamisetty
Security COMP6017 Topics on Web Services Dr Nicholas Gibbins – 2012-2013.

Security COMP6017 Topics on Web Services Dr Nicholas Gibbins –
AQA Computing A2 © Nelson Thornes 2009 Section 6.4 1 Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Sagar Joshi Senior Security Consultant | ACE Team, Microsoft Information Security

Sagar Joshi Senior Security Consultant | ACE Team, Microsoft Information Security
ECE509 Cyber Security : Concept, Theory, and Practice Cryptography Spring 2014.

ECE509 Cyber Security : Concept, Theory, and Practice Cryptography Spring 2014.

Similar presentations

Ads by Google