Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web - based business and XML security. Dagmar Brechlerova.

Published byChester Newton Modified over 8 years ago

Similar presentations

Presentation on theme: "Web - based business and XML security. Dagmar Brechlerova."— Presentation transcript:

1 Web - based business and XML security. Dagmar Brechlerova

2 Problems of security Problems of security Security: important in the business world the integrity of content and transactions privacy and confidentiality to make sure information is used appropriately. In today's web-based business environment, the means for providing that security have changed. The Old Instruments for security work badly Physical security no works as well as in the past. Nice old times: all the computing resources were locked in a central computing room with all jobs submitted locally.

3 Problems of security To create a single security infrastructure do not scale effectively to the Internet The heterogeneous nature of HW and SW systems and to conflicting administrative, application and security requirements. There is too much to administer, too many applications, too many variations Standards are required that can adapt to changing requirements, that can incorporate new technologies while continuing to work with legacy technologies, and that can be deployed modularly. These standards should work well together.

4 XML security XML security defines XML vocabularies for representing security information Use other XML standards if it is possible It may be applied to end- end security ( SSL not) XML security reuse existing cryptography It uses XML technology ( XML schema..)

5 XML Security standards Integrity and signatures - XML Digital Signature Confidentiality - XML Encryption Key Management - XML Key Management Specification (XKMS) Authentication and Authorization Assertions - Security Assertion Markup Language (SAML) Authorization Rules - XML Access Control Markup Language (XACML) as well as major XML Security applications: Web Services Security - Roadmap and WS- Security Privacy - Platform for Privacy Preferences (P3P) Digital Rights Management - eXtensible Rights Markup Language 2.0 (XrML)

6 Signature element <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" /> j6lwx3rvEPO0vKtMup4NbeVu8nk= <Reference URI="http://www.w3.org/TR/2000/WD-xmldsig-core-20000228/signature- example.xml"> UrXLDLBIta6skoV5/A8Q38GEw44= MC0E~LE= CN=EdSimon, O=XMLSecInc.,ST=OTTAWA,C=CA MIID5jCCA0+gA...lVN

7 Encryption- Book book 123-958-74598 12 123654-8988889- 9996874 visa 12-10-2004

8 all http://www.isi.edu/in- notes/iana/assignments/media- types/text/xml A23B45C56

9 Information about card book 123-958- 74598 12 A23B45C564587

10 SAML – Security Assertion Markup SAML defines XML vocabulary for sharing security assertions Authentication and authorization assertions Single sign on

11 XACML

12 Policy from XACML

13 SampleServer

14 Policy from XACML 17:00:00

15 ?????

Download ppt "Web - based business and XML security. Dagmar Brechlerova."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Web Services Security Standards Forum Dr. Phillip M. Hallam-Baker C.Eng. FBCS VeriSign Inc.

Web Services Security Standards Forum Dr. Phillip M. Hallam-Baker C.Eng. FBCS VeriSign Inc.
Web Service Security CS409 Application Services Even Semester 2007.

Web Service Security CS409 Application Services Even Semester 2007.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
0 Web Service Security JongSu Bae. 1  Introduction 2. Web Service Security 3. Web Service Security Mechanism 4. Tool Support 5. Q&A  Contents.

0 Web Service Security JongSu Bae. 1  Introduction 2. Web Service Security 3. Web Service Security Mechanism 4. Tool Support 5. Q&A  Contents.
E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.

E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
WS-Security TC Christopher Kaler Kelvin Lawrence.

WS-Security TC Christopher Kaler Kelvin Lawrence.
XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.

Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.
ΗΛΕΚΤΡΟΝΙΚΟ ΕΜΠΟΡΙΟ Web Services Overview Mary Grammatikou www.netmode.ntua.gr 9/06/2009.

ΗΛΕΚΤΡΟΝΙΚΟ ΕΜΠΟΡΙΟ Web Services Overview Mary Grammatikou 9/06/2009.
Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.

Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.
Remarks on Voting using Cryptography Ronald L. Rivest MIT Laboratory for Computer Science.

Remarks on Voting using Cryptography Ronald L. Rivest MIT Laboratory for Computer Science.
Web services security I

Web services security I
David L. Wasley Office of the President University of California Maybe it’s not PKI … Musings on the business case for PKI EDUCAUSEEDUCAUSE PKI Summit.

David L. Wasley Office of the President University of California Maybe it’s not PKI … Musings on the business case for PKI EDUCAUSEEDUCAUSE PKI Summit.

Similar presentations

Ads by Google