Presentation is loading. Please wait.

Presentation is loading. Please wait.

0 Web Service Security JongSu Bae. 1  Introduction 2. Web Service Security 3. Web Service Security Mechanism 4. Tool Support 5. Q&A  Contents.

Published byLucy Waters Modified over 9 years ago

Similar presentations

Presentation on theme: "0 Web Service Security JongSu Bae. 1  Introduction 2. Web Service Security 3. Web Service Security Mechanism 4. Tool Support 5. Q&A  Contents."— Presentation transcript:

1 0 Web Service Security JongSu Bae

2 1  Introduction 2. Web Service Security 3. Web Service Security Mechanism 4. Tool Support 5. Q&A  Contents

3 2 1. Introduction  Web Service Security concept (1)To prevent unexpected external threat or risk (2)To secure Web services Provide Secure or trusted message communication mechanisms for Web Services Secure Messaging

4 3 1. Introduction  Web Service Security trend Gartner, Web Services Projects Remain a Priority, 2004/4 Gartner, Hype Cycle for Web Services, 2004/6

5 4 2. Web Service Security  Web Service Security Threat Message Alteration affect message integrity, whereby, an attacker may modify parts (or the whole) message Confidentiality unauthorized entities obtain access to information with in a message or message parts Man-in-the-middle attacker to compromise a SOAP intermediary and then intercepts messages between the web service requester and the ultimate receiver Spoofing attacker assumes the identity of a trusted entity in order to sabotage the security of the target entity Denial of Service focus on preventing legitimate users of a service from the ability to use the service Replay Attacks an intruder intercepts a message and then replays it back to a targeted agent

6 5  Web Service Security Requirement 2. Web Service Security Authentication Mechanisms verify the identities of the requester and provider agents Authorizationcontrol the requester access to appropriate system resources Data Integrity and Confidentiality Ensures that the data is only accessible by the intended parties Integrity of Transactions and Communications ensure that the business process was done properly and the flow of operations was executed in a correct manner End-to-End Integrity and Confidentiality of Messages integrity and confidentiality of messages must be ensured even in the presence of intermediaries Audit Trails play the role of an audit guard that can monitor; watch resources and other agents Distributed Enforcement of Security Policies define a security policy and enforce it across various platforms with varying privileges Non-Repudiationprovide evidence about the occurrence of transactions

7 6 2. Web Service Security  Web Service Security Standard OrganizationWorking GroupProtocol NameCurrent State W3C XML Encryption Working Group XML SignatureApproved XML Encryption Working Group XML EncryptionApproved XML Key Management Working Group XKMS 2.0Approved OASIS Security Services TC(Technical Committee) SAML 2.0Approved eXtensible Access Control Markup Language TC XACML 2.0Approved Web Services Security TCWS-Security 1.1Approved WS-I Basic Security Profile Working Group WS-I Basic Security Profile Draft

8 7 3. Web Service Security Mechanism  Web Service Security Methods Security methodTechnologiesDescriptions Transmission Level Security (Point-to-point) SSL/TLSsecure sockets layer, transport layer security XML Firewall/ Gateway Provide network level message validation Message Level Security (End-to-End) XML encryptionAdd ciphered text in SOAP Message XML signatureAdd signature in SOAP Message WS-SecurityEnhancing SOAP message to provide integrity and confidentiality by accommodate a wide variety of security models and encryption technologies like SAML, XML Encryption, etc. SAMLAllows business entities to make assertions XKMSXML Key Management XACMLDefines access control policy OthersWS-SecureConversation, WS-Federation, WS- Authorization, WS-Policy, WS-Trust, WS-Privacy

9 8 3. Web Service Security Mechanism  Message Level Security Original requester Ultimate receiver Intermediary All Message Decrypt All Message Encrypt Original requester Ultimate receiver Intermediary All Message Encrypt Message Encrypt All Message Decrypt Message Decrypt http, etc SOAP Security model  Transmission Level Security vs Message Level Security

10 9 3. Web Service Security Mechanism  Transmission Level Security Provides Point-to-point security mechanism Secures each communication entries O O O O O XML Firewall/Gateway  SSL/TLS Send or Receive message by secure communication session Works transmission and TCP/IP Layer Software based  XML Firewall/Gateway validate XML schema based incoming message Software & Hardware based O O O O O

11 10 3. Web Service Security Mechanism  Message Level Security  XML signature  XML Encryption Enveloping Signature Enveloped Signature Detached Signature Gil-dong,Hong …… s98asd32fl2kjJSD9 …… s98asd32fl2kjJSD9

12 11 4. Tool Support  Security Requirement and Standard XML Signatur e XML Encryption WS- Security XKMSSAMLXACML WS- Trust WS- Policy Confidentiality Integrity Authentication Authorization Nonrepudiation Key Management Trust Management Privacy Policies

13 12 4. Tool Support  Web Service Security support tool VendorWAS/Development ToolSupportetc BEAWebLogic Server 8.1 / WebLogic Workshop 8.1 Web Services Security(WS- Security) Version 1.0 (2002/4/5) IBMWebSphere Application Server 5.1 / WebSphere Studio Application Developer 5.1.1 Web Services Security(WS- Security) Version 1.0 (2002/4/5) Web Services Security Addendum (2002/8/18) Web Services Security: SOAP Message Security Working Draft13 (2003/5/13) MSIIS6.0/ Microsoft Windows Server / Microsoft Visual Studio.NET Web Services Security(WS- Security) Version 1.0 (2002/4/5) Web Services Security Addendum (2002/8/18) WSE (Web Service Enhancement)

14 13 5. Q&A Thank you for listening

Download ppt "0 Web Service Security JongSu Bae. 1  Introduction 2. Web Service Security 3. Web Service Security Mechanism 4. Tool Support 5. Q&A  Contents."

Similar presentations

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Cryptography and Network Security

Cryptography and Network Security
Unissons nos Talents T O G E T H E RT A L E N T E D 1 Web Services Security – Challenges & Trends Magan Pal Singh Technical Architect, Sopra Group

Unissons nos Talents T O G E T H E RT A L E N T E D 1 Web Services Security – Challenges & Trends Magan Pal Singh Technical Architect, Sopra Group
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.

SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Christopher Irish David Orr Sophya Kheim Adam Lange Daniel Palma

Christopher Irish David Orr Sophya Kheim Adam Lange Daniel Palma
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Core Web Service Security Patterns

Core Web Service Security Patterns
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Chapter 8 Web Security.

Chapter 8 Web Security.
Web services security I

Web services security I
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Similar presentations

Ads by Google