Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Published byMiles Matthews Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume."— Presentation transcript:

1 Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume

2 Secure Systems Research Group - FAU Outline Introduction Basic Web Services Standards Web Services Stack Problems with web services standards Some solutions Conclusions

3 Secure Systems Research Group - FAU Introduction A web service is a type of component that is available on the web and can be incorporated in applications or used as a standalone service The goal of web services is to achieve universal interoperability between applications by using Web standards. There are three organizations that are key to the evolution of Web services standards. – W3C – OASIS – WSI Organization

4 Secure Systems Research Group - FAU Basic Web Services Standards XML (eXtensible Markup Language) 1.1 SOAP 1.2 (Simple Object Access Protocol) WSDL (Web Services Description Language) 1.1 UDDI (Universal, Description, Discovery, and Integration) 3.0.2

5 Secure Systems Research Group - FAU XML 1.1 Developed by W3C Fee-free open standard Its primary purpose is to facilitate the sharing of structured data across different information systems, particularly via the Internet. A subset of SGML (Standard Generalized Markup Language)

6 Secure Systems Research Group - FAU SOAP 1.2 OASIS Standard SOAP version 1.2 is a lightweight protocol for exchange of information in a decentralized, distributed environment.

7 Secure Systems Research Group - FAU SOAP 1.2 Structure <soap:Envelope xmlns:soap=http://www.w3.org/2001/12/soap-envelope soap:encodingStyle="http://www.w3.org/2001/12/soap-encoding">......... SOAP Envelope SOAP Header SOAP Body

8 Secure Systems Research Group - FAU 8/13/20158 SOAP security No security specification The SOAP Header provides a flexible mechanism for extending a SOAP message. Although the SOAP Header is the best place to add security features to messages, the SOAP specification itself does not specify such header elements.

9 Secure Systems Research Group - FAU Why do we need SOAP Layer Security? Don't we already have transport layer security mechanisms such as SSL/TLS and IPSec? Secure transport protocols such as SSL/TLS can assure the security of messages during transmission. However, messages are received and processed by intermediaries. Communication links are trusted, but do we trust these intermediaries? Once a message is received and decrypted, how to protect data from illicit access or alteration?

10 Secure Systems Research Group - FAU WSDL It is an XML-based language for describing Web Services and how to access them. It specifies the location of the service and the operations the services exposes. A WSDL document is simply a set of definitions.

11 Secure Systems Research Group - FAU WSDL Structure Definitions Types Message Port Types Binding … http://www.w3schools.com/wsdl/wsdl_binding.asp

12 Secure Systems Research Group - FAU UDDI The Universal Description, Discovery, and Integration specs define a way to publish and discover information about Web services. The UDDI business registration is an XML file that describes a business entity and its Web services

13 Secure Systems Research Group - FAU 8/13/201513 UDDI security Not specified in detail, only general policies Only authorized individuals can publish or change information in the registry Changes or deletions can only be made by the originator of the information Each instance of a registry can define its own user authentication mechanism

14 Secure Systems Research Group - FAU UDDI Schema http://www.idealliance.org/papers/xml02/dx_xml02/papers/04-02-01/04-02-01.html

15 Secure Systems Research Group - FAU Layers and Web Services Standards

16 Secure Systems Research Group - FAU Web Services Stack XML MESSAGING DESCRIPTION AND DISCOVERY SECURITYRELIABLETRANSACTION BUSINESSMANAGEMENT

17 Secure Systems Research Group - FAU XML Specifications These specifications provide all the information necessary to understand XML. Some XML specifications are: – XML 1.1 – XML Namespace – XPath 2.0

18 Secure Systems Research Group - FAU Messaging Standards These messaging standards are intended to give a framework for exchanging information in a decentralized, distributed environment. Some standards are: – SOAP 1.2 – WS-Addressing – WS-Notification

19 Secure Systems Research Group - FAU Description and Discovery Standards The focus of these standards and specifications is the definition of a set of services supporting the discovery of businesses, the Web services they make available and the technical interfaces which may be used to access those services. Some standards are: – UDDI 3.0.2 – WSDL 1.1

20 Secure Systems Research Group - FAU Security Standards Using these security standards, application can engage secure communication designed to work with the general web services framework. Some security standards are: – SAML 2.0 (Security Assertion Markup Language) – SPML 2.0 (Service Provisioning Markup Language) – XACML 2.0 (eXtensible Access Control Markup Language) – WS-Security 1.1

21 Secure Systems Research Group - FAU Reliable Messaging Standards The objective of these standards is to allow messages to be delivered reliably between distributed applications inn the presence of system or network failure. Some reliable messaging standards are: – WS-ReliableMessaging 1.1 – WS-Reliability 1.1 – WS-RM Policy Assertion 1.1

22 Secure Systems Research Group - FAU Transaction Standards These specifications define mechanisms for transactional interoperability between Web services domains and provide a means to compose transactional qualities of service into Web services applications. Some transaction standards are: – WS-Coordination – WS-Transaction – WS-Context

23 Secure Systems Research Group - FAU Business Process Standards These standards specify the potential order of operations from a collection of web services, the data shared between them, which partners are involved and other issues involving how multiple services and organizations participate. Some Business Process are: – WS-BPEL 2.0 (Business Process Execution Language) – WS-Choreography 1.0

24 Secure Systems Research Group - FAU Management Specifications Management specifications are defined in order to discover the existence, availability, performance, usage, as well as the control and configuration of a web service. Some management specifications are: – WS-Management – Management Using Web Services 1.1 – Management of Web Services 1.1

25 Secure Systems Research Group - FAU Problem with WS Standards Several organizations are involved in developing web services standards. Each organization has different goals and different degrees of power and influence. Also, there are many vendors who duplicate each other’s work. – An alliance of Microsoft and IBM – Others such as CA (Computer Associates), HP, and BEA As a result, many standards have been created, they may overlap, and even conflict.

26 Secure Systems Research Group - FAU Problem with WS Standards (cont..) Web services standards are not clear which makes it difficult for vendors to develop products that comply with standards and for users to decide what product to use.

27 Secure Systems Research Group - FAU Some Solutions We can describe web services standards as patterns. Then, compare standards using their UML class diagram along with their written elements: 1.Compare the problem that they solve 2.Compare the context in which they solve the problem 3.Compare the way they solve the problem 4.In the class diagram, find some similar components of the solution and some similar architecture that structure these components.

28 Secure Systems Research Group - FAU Some Solutions (cont…) As a result, we can discover potentially overlapping and inconsistent aspects between them. We wrote several patterns for this purpose but more work is needed.

29 Secure Systems Research Group - FAU Web Services Standard Patterns XACML (eXtensible Access Control Markup Language) Policy Language XACML Access Control Evaluation WSPL (Web Service Policy Language) WS-Policy SAML (Security Assertion Markup Language)

30 Secure Systems Research Group - FAU XACML WS-Policy Policy Language

31 Secure Systems Research Group - FAU This pattern extends the WS- Security pattern, by attaching to each web service endpoint a Policy. Context: – It is intended for securing web services. A WS-Policy is bound to a specific Web Service endpoint. WS-Policy is to be used in a decentralized context where each service provider has a Reference Monitor to control access to the Web Service. The intent of this pattern is to write all policies in a common language using standard format. Context: – This is more general. An XACML policy is used by the organization’s Reference Monitor to control access to an organization’s resource. XACML is to be used in a centralized context where the Reference Monitor controls access to many web resources. XACML WS-Policy Policy Language

32 Secure Systems Research Group - FAU Conclusions There is a large number of standards and it is hard to find the right one. We need to develop more patterns for standards. A good catalog of patterns is needed. We need to compare more standards against each other. We need to make a good classification of standards by objectives. Also, make tables to exhibit their common aspects and differences.

Download ppt "Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume."

Similar presentations

Web Service Architecture

Web Service Architecture
Siebel Web Services Siebel Web Services March, From

Siebel Web Services Siebel Web Services March, From
Tuesday, June 10, 2003 Web Services Brief Overview & Security Assertion Coordinator Pattern by Mohammad Abushadi & Riaz Ahmed for Security Group CSE -

Tuesday, June 10, 2003 Web Services Brief Overview & Security Assertion Coordinator Pattern by Mohammad Abushadi & Riaz Ahmed for Security Group CSE -
An Introduction to Web Services Sriram Krishnan, Ph.D.

An Introduction to Web Services Sriram Krishnan, Ph.D.
31242/32549 Advanced Internet Programming Advanced Java Programming

31242/32549 Advanced Internet Programming Advanced Java Programming
Web Service Ahmed Gamal Ahmed Nile University Bioinformatics Group

Web Service Ahmed Gamal Ahmed Nile University Bioinformatics Group
UDDI v3.0 (Universal Description, Discovery and Integration)

UDDI v3.0 (Universal Description, Discovery and Integration)
General introduction to Web services and an implementation example

General introduction to Web services and an implementation example
Web Services Seminar: Service Description Languages

Web Services Seminar: Service Description Languages
Web Services Nasrullah. Motivation about web service There are number of programms over the internet that need to communicate with other programms over.

Web Services Nasrullah. Motivation about web service There are number of programms over the internet that need to communicate with other programms over.
WEB SERVICES DAVIDE ZERBINO.

WEB SERVICES DAVIDE ZERBINO.
SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.

SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Presentation 7 part 2: SOAP & WSDL. Ingeniørhøjskolen i Århus Slide 2 Outline Building blocks in Web Services SOA SOAP WSDL (UDDI)

Presentation 7 part 2: SOAP & WSDL. Ingeniørhøjskolen i Århus Slide 2 Outline Building blocks in Web Services SOA SOAP WSDL (UDDI)
Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.

Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.
A New Computing Paradigm. Overview of Web Services Over 66 percent of respondents to a 2001 InfoWorld magazine poll agreed that Web services are likely.

A New Computing Paradigm. Overview of Web Services Over 66 percent of respondents to a 2001 InfoWorld magazine poll agreed that "Web services are likely.
2006 IEEE International Conference on Web Services ICWS 2006 Overview.

2006 IEEE International Conference on Web Services ICWS 2006 Overview.
CS 522 WebServices -Sujeeth Narayan -Ankur Patwa.

CS 522 WebServices -Sujeeth Narayan -Ankur Patwa.
Web Services Michael Smith Alex Feldman. What is a Web Service? A Web service is a message-oriented software system designed to support inter-operable.

Web Services Michael Smith Alex Feldman. What is a Web Service? A Web service is a message-oriented software system designed to support inter-operable.
1 Simple Object Access Protocol (SOAP) by Kazi Huque.

1 Simple Object Access Protocol (SOAP) by Kazi Huque.

Similar presentations

Ads by Google