Last Class. A Question. Federated Identity. ID Avalanche. Problem in general SPKI/SDSI. Lecture 6 : Digital Identity Federation and Privacy Management
|
|
- Merilyn Gibson
- 6 years ago
- Views:
Transcription
1 CS489/589: Access Control & System Security Lecture 6 : Digital Identity Federation and Privacy Management Last Class SPKI/SDSI Simplified approach to using PK based services Hierarchical CA Decentralized and distributed CAs Global l namespace Local namespace Focus is on access control, rather than authentication (name, key) (authorization, key) Mathematical framework for understanding TM systems A Designated Center of Academic Excellence in Information Assurance Education by the National Security Agency 2 A Question How many (uid, pwd) you have in use? So, single sign on will help? Federated Identity Any technology to support SSO that you know? 3 A Designated Center of Academic Excellence in Information Assurance Education by the National Security Agency ID Avalanche Problem in general Tasks of managing user profiles are costly and complex Enterprises change their business operation paradigm from clickand mortar to brick and mortar Every new addition of applications is likely to bring in new database for storing user profiles Considering B 2 B environment, problems become worse Identity management as a solution Underlying technologies and processes overarching tasks of Creation, maintenance, and deletion of identities 5 6
2 Problem in specific How about IM in cross domains Federation of identity Mapping of user identities at various service providers Advantages Single Sign On (SSO) and enhanced user convenience Decentralization of user management task Privacy and security of user information Enabling technology should be Cost effective Interoperable Web s as a candidate? Some concerns due to its open nature Need for underpinning technologies for IA Isolated IM Model Each business maintains its own IMD. Also known as silo model Pros Simple to implement Greater control of user s identities and preferences Limits security and privacy risks Cons Inconvenience to users Hardly interoperable Expensive to maintain 7 8 Centralized FIM Model Central Business entity (IDP) defines and brokers trust to all members (SPs) within CoT Pros Easy access to members sites Delegation of creation and administration of user identities Cons Limited choice of companies Most businesses don t want to cede to central authority Single point of failure Distributed FIM Model Each partner maintains control of identity and preference information of its own users, bound to trust user identity issued or authenticated by another Pros Authentication capabilities are distributed across domains of interest (CoT) Delegation of creation and administration of user identities Cons Businesses need to cooperate 9 10 Liberty Alliance Key Concepts An alliance formed to deliver and support a federated network identity solution for the internet provide an open standard that includes decentralized authentication and authorization from multiple vendors enable single sign on for consumers and businesses in an open, federated manner enable consumers to protect the privacy and security of their network identity aim at creating a network identity infrastructure that supports all current and emerging network access devices 11 12
3 Key Concepts, cont Architecture NET Passport Launched in 1999,.NET Passport Is a web based authentication service Provides the users with single sign on (SSO) reducing the amount of information the user needs to remember or resubmit to various sites facilitates using business web site easier for visitors and customers and virtually eliminates the cost of resetting the forgotten usernames and passwords Passport Logon Process Login to identity provider Token issued to client Token sent to service provider Token validated with identity provider Output sent to client 15 CardSpace Logon Process Provider Requests Identity CardSpace Identity Selector pops up Token is built by Identity Selector (with Identity Provider) Token sent to client Output sent to client Liberty vs. Passport Approach to Identity Management Actors Components Criteria Passport Liberty 1.Combination of Silo and Close Community 1.Passport Server 2.Participating Site 3.Users (Passport Account holders) 1.Passport Manager 2.Passport Cookies 3.Web Redirection 1.Federated 1.Identity Provider 2. Provider 3.End-User Authentication Type 1.Centralized 1.Distributed Credentials Creator Maintenance No. of Credentials Determining Authenticator 1.MS Passport Server 2.MS Passport Server 3.One address 1.Passport Server is the sole authenticator 1.Web 2.Metadata and Schemas 3.Web Redirection 1.Provider (SP /IDP) 2.Respective Provider 3.Credential at each Provider Identifiers 1.PUID 1.Pseudonyms 1.Use of Common Domain Cookies 18
4 Web s A Brief Introduction To Web s Another hype in Info. Tech? Likely the next architecture for internet based business computing Basic functionality? A web service communicates over a network to supply a specific set of operations (methods) that other applications can invokes A Designated Center of Academic Excellence in Information Assurance Education by the National Security Agency 20 Why Need? Need for applications to interact Internal systems inventory, accounting, manufacturing and customer support External systems business partners and customers Heterogeneous system environment Coexists old systems with new ones in the enterprise Integration of these system derive them to talk to each other Conventional approach leads to High cost, the risk and the complexity The business disruption and the lost opportunity cost WS and Screen Scrapping Many early web services implementations are deployed to replace screen scrapping Web services Web s is a technology that allows for applications to communicate with each other in a standard format A Web exposes an interface that can be accessed through XML messaging A Web service uses XML based protocol to describe an operation or the data exchange with another web service A group of web services collaborating accomplish the tasks of an application. The architecture of such an application is called Oriented Architecture (SOA) Architectural Difference Multi tier Architecture Current Web applications (for instance, servlets) are based on a client server architecture When a servlet talks to another servlets, one is taking on the role of a client Web services are equal, or peer to peer Three tier model with key differences Loosely coupled Based on ubiquitous architecture The promise of open standards Browser Web services Business object Business Business object object Web server Web application server Business object Business object Business object Data base 23 24
5 Brokering Architecture Brokering Architecture Broker Subscribe: service description Provider 1 Recommend: service description Broker Subscribe: service description Provider 1 Client Subscribe: service description Provider 2 Client Provider 2 Subscribe: service description Provider Brokering Architecture Oriented Architecture Client Request Response Broker Provider 1 Provider 2 All software components are modeled as services Functional units that are visible for other entities to invoke or consume over the network Design focus is the service s interface Similar to component based software engineering Different in that the focus is shifted to composing services over a network Three Roles in SOA Web s and SOA Registry Registry WSDL SOAP Description XML-Based Messaging HTTP Network Requestor Bind Provider Web Requestor SOAP(WSDL) Web Provider 29 30
6 SOAP SOAP Structure SOAP defines XML based format for sending messages Envelope Data encoding RPC convention Unlike XML RPC, SOAP tries to be neutral to transportation protocol HTTP SMTP Java Message.Net also uses SOAP as the RPC mechanism Application SOAP HTTP TCP IP Application SOAP HTTP TCP IP SOAP Envelope SOAP Header Header Parts SOAP Body SOAP Body part(payload) SOAP Fault A Schematic Architecture HTTP SOAP: Example POST /soap HTTP/1.0 Content Type: text/xml; charset=utf 8 Accept: application/soap+xml, application/dime, multipart/related, text/* User Agent: Axis/1.4 Host: s3.amazonaws.com Content Length: 562 SMTP FTP JMS Others SOAP Envelope SOAP Server Server Application <?xml version="1.0" encoding="iso "?> <s:envelope xmlns:s=" xmlns:xsd=" xmlns:xsi=" <s:body> <CreateBucket xmlns=" /"> <Bucket>my testbucket</bucket> <AWSAccessKeyId>154DZY31MD3BCYR2</AWSAccessKeyId> <Timestamp xsi:type="xsd:datetime"> T01:52:07.278Z</Timestamp> <Signature>B0D9wH2l7sVfCQdFSegrFHFw=</Signature> </CreateBucket> </s:body> </s:envelope> WSDL Defines a web/network service End point Accepts messages Key elements (definitions is root element) Documentation English description Types data type (e.g. structure) Message message format PortType Java class and their operations Binding protocols for message or porttype Specifies web addresses WSDL description may be automatically generated based on Java class definitions 35 Example: WSDL Let s look at the S3 WSDL It has a porttype called AmazonS3 which has a set of operations. In the AmazonS3 port type there are about 20 operations Each operation has an input message and possibly an output message <wsdl:definitions targetnamespace= xmlns:tns=.. > <wsdl:types > <xsd:schema >. </xsd:schema> <wsdl:message name= GetObjectRequest > <wsdl:part element="tns:getobject" name="parameter"/> <wsdl:porttype name="amazons3"> <wsdl:operation name="getobject"> <wsdl:input message="tns:getobjectrequest" name="getobjectrequest"/> <wsdl:output message="tns:getobjectresponse" name="getobjectresponse"/> </wsdl:operation> 36
7 Types <xsd:element name="getobject"> <xsd:complextype> <xsd:sequence> <xsd:element name="bucket" type="xsd:string"/> <xsd:element name="key" type="xsd:string"/> <xsd:element name="getmetadata" " type="xsd:boolean"/> "/ <xsd:element name="getdata" type="xsd:boolean"/> <xsd:element name="inlinedata" type="xsd:boolean"/> <xsd:element name="awsaccesskeyid" type="xsd:string" minoccurs="0"/> <xsd:element name="timestamp" type="xsd:datetime" minoccurs="0"/> <xsd:element name="signature" type="xsd:string" minoccurs="0"/> <xsd:element name="credential" type="xsd:string" minoccurs="0"/> </xsd:sequence></xsd:complextype></xsd:element> PortType Recall a porttype is a collection of operations An Operation is request message + response message <wsdl:porttype name="amazons3"> <wsdl:operation name="getobject"> <wsdl:input message="tns:getobjectrequest" name="getobjectrequest"/> <wsdl:output message="tns:getobjectresponse" name="getobjectresponse"/> </wsdl:operation>. A Binding maps operations of a porttype to protocols Binding <wsdl:binding name="amazons3soapbinding" type="tns:amazons3"> <wsdlsoap:binding style="document" transport=" <wsdl:operation name="getobject"> <wsdlsoap:operation soapaction= "/> <wsdl:input name="getobjectrequest"> <wsdlsoap:body use="literal"/> </wsdl:input> <wsdl:output name="getobjectresponse"> <wsdlsoap:body use="literal"/> </wsdl:output> </wsdl:operation>. </wsdl:binding> So far this is an abstract service We have defined its port types, operations and the details of the messages And we have defined some a way this operations in this porttype are to be bound to soap actions To create a concrete service we need to say where it is <wsdl:service name="amazons3"> <wsdl:port binding="tns:amazons3soapbinding" name="amazons3"> <wsdlsoap:address location=" </wsdl:port> </wsdl:service> </wsdl:definitions> UDDI Directory for web services XML formatted information for Contact points white page Industry classification yellow pages Web service discovery green page, technical information UDDI registry WS Security Challenges Information espionage Information gathering is easy Denial of service Availability of UDDI repository is critical Integrity attacks If one component s integrity is compromised, then it will propagate through the operation of the rest of applications Bypassing of firewalls The complex query can be made through corporate firewalls to damage the system inside 41 42
8 Countermeasures Enforce trust relationships SAML, XACML, Federated Identity Encrypt transport Links SSL/TLS, SAML Use HTTP proxy filters It will filter out any suspicious requests Technology Solutions SAML (Security Assertion Markup Language) The definition of a format for transferring security assertions between components XACML (extensible Access Control Markup Language) It will integrate access control policies into SAML messages XML Signature A format to digitally sign the content of web services messages, guaranteeing their authenticity XKMS (XML Key Management System) Specifies protocols for the distribution and registration of public encryption keys SAML Security Assertion Markup Language (SAML) 19-Nov-2002: The Security s (SAML) TC won the Protocols category of the 2002 edition of PC Magazine's Technology Excellence awards. It s an XML based framework for exchanging security information XML encoded security assertions XML encoded request/response protocol Rules on using assertions with standard transport and messaging frameworks It s an emerging OASIS standard Vendors and users are involved Codifies current system outputs rather than inventing new technology A Designated Center of Academic Excellence in Information Assurance Education by the National Security Agency 46 Motivations Use Cases Standards are emerging for many facets of collaborative e commerce, such as: Business transactions (e.g., ebxml) Software interactions (e.g., SOAP) But communicating security properties of these interactions isn t well standardized Low interoperability between PMI solutions Tight coupling within components Web based commerce shows the need for federation, standardization, and a more cohesive user experience SAML developed three use cases to drive its requirements and design: 1. Single sign on (SSO) 2. Distributed transaction 3. Authorization service Each use case has one or more scenarios that provide a more detailed roadmap of interaction 47 48
9 SAML Assertions Assertion Structure Assertions are declarations of fact, according to someone SAML assertions are compounds of one or more of three kinds of statement about subject (human or program): Authentication Attribute Authorization decision You can extend SAML to make your own kinds of assertions and statements Assertions can be digitally signed Common Information Issuer ID and issuance timestamp Assertion ID Subject Name plus the security domain Optional subject confirmation, e.g. public key Conditions under which assertion is valid SAML clients must reject assertions containing unsupported conditions Special kind of condition: assertion validity period Additional advice E.g., to explain how the assertion was made Example: Common Info. <saml:assertion MajorVersion= 1 MinorVersion= 0 AssertionID= Issuer= Smith Corporation IssueInstant= T10:02:00Z > <saml:conditions NotBefore= T10:00:00Z NotOnOrAfter= T10:05:00Z > <saml:audiencerestrictioncondition> <saml:audience> URI </saml:audience> </saml:audiencerestrictioncondition> </saml:conditions> <saml:advice> a variety of elements can go here </saml:advice> statements go here </saml:assertion> Authentication Statement An issuing authority asserts that subject S was authenticated by means M at time T Targeted towards SSO uses Caution: Actually checking or revoking of credentials is not in scope for SAML! It merely lets you link back to acts of authentication that took place previously Example: Authn Statement <saml:assertion > <saml:authenticationstatement AuthenticationMethod= password AuthenticationInstant= T10:02:00Z > <saml:subject> <saml:nameidentifier SecurityDomain= smithco.com Name= joeuser /> <saml:confirmationmethod> core-25/sender-vouches </saml:confirmationmethod> </saml:subject> </saml:authenticationstatement> </saml:assertion> 53 54
10 Attribute Statement An issuing authority asserts that subject S is associated with attributes A, B, with values a, b, c Useful for distributed transactions and authorization services Typically this would be gotten from an LDAP repository john.doe in example.com is associated with attribute Department with value Human Resources Example: Attribute Statement <saml:assertion > <saml:attributestatement> <saml:subject> </saml:subject> <saml:attribute AttributeName= PaidStatus AttributeNamespace= > <saml:attributevalue> PaidUp </saml:attributevalue> </saml:attribute> <saml:attribute AttributeName= CreditLimit AttributeNamespace= > <saml:attributevalue> <my:amount currency= USD > </my:amount> </saml:attributevalue> </saml:attribute> </saml:attributestatement> </saml:assertion> Authorization Statement An issuing authority decides whether to grant the request by subject S for access type A to resource R given evidence E Useful for distributed transactions and authorization services The subject could be a human or a program The resource could be a web page or a web service, for example Example: Authorization Stmt. <saml:assertion > <saml:authorizationstatement Decision= Permit Resource= > <saml:subject> </saml:subject> <saml:actions ActionNamespace= core-25/rwedc > <saml:action>read</saml:action> </saml:actions> </saml:authorizationstatement> </saml:assertion> Protocol for Getting Assertion SAML Requests SAML Request for Assertion of Certain Type Asserting Party Response Assertion You can query for specific kinds of assertion/statement Authentication query Attribute query Authorization decision query You can ask for an assertion with a particular ID By providing an ID reference By providing a SAML artifact Relying Party 59 60
11 Example: Authn Query <samlp:request MajorVersion= 1 MinorVersion= 0 RequestID= > <samlp:authenticationquery> <saml:subject> <saml:nameidentifier SecurityDomain= smithco.com com Name= joeuser /> </saml:subject> </samlp:authenticationquery> </samlp:request> Example: Attribute Query <samlp:request > <samlp:attributequery> <saml:subject> <saml:nameidentifier SecurityDomain= smithco.com Name= joeuser /> </saml:subject> <saml:attributedesignator AttributeName= PaidStatus AttributeNamespace= > </saml:attributedesignator> </samlp:attributequery> </samlp:request> Example: Authr. Query SAML based SSO <samlp:request > <samlp:authorizationquery Resource= > <saml:subject> <saml:nameidentifier SecurityDomain= smithco.com Name= joeuser /> </saml:subject> <saml:actions ActionNamespace= core-25/rwedc > <saml:action>read</saml:action> </saml:actions> <saml:evidence> <saml:assertion> </saml:assertion> </saml:evidence> </samlp:authorizationquery> </samlp:request> Single Sign Out 65
Electronic ID at work: issues and perspective
Electronic ID at work: issues and perspective Antonio Lioy < lioy @ polito.it > Politecnico di Torino Dip. Automatica e Informatica Why should I have/use an (e-) ID? to prove my identity to an "authority":
More informationDelegated authentication Electronic identity: delegated and federated authentication, policy-based access control
Delegated authentication Electronic identity: delegated and federated authentication, policy-based access control Antonio Lioy < lioy @ polito.it > several RPs (Replying Party) may decide to delegate authentication
More informationISA 767, Secure Electronic Commerce Xinwen Zhang, George Mason University
Identity Management and Federated ID (Liberty Alliance) ISA 767, Secure Electronic Commerce Xinwen Zhang, xzhang6@gmu.edu George Mason University Identity Identity is the fundamental concept of uniquely
More informationNetwork Security. Chapter 10. XML and Web Services. Part II: II: Securing Web Services Part III: Identity Federation
Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Network Security Chapter 10 Application Layer Security: Web Services (Part 2) Part I: Introduction
More informationDeveloping Interoperable Web Services for the Enterprise
Developing Interoperable Web Services for the Enterprise Simon C. Nash IBM Distinguished Engineer Hursley, UK nash@hursley.ibm.com Simon C. Nash Developing Interoperable Web Services for the Enterprise
More informationEnterprise SOA Experience Workshop. Module 8: Operating an enterprise SOA Landscape
Enterprise SOA Experience Workshop Module 8: Operating an enterprise SOA Landscape Agenda 1. Authentication and Authorization 2. Web Services and Security 3. Web Services and Change Management 4. Summary
More informationIntroduction to Web Service
Introduction to Web Service Sagara Gunathunga ( Apache web Service and Axis committer ) CONTENTS Why you need Web Services? How do you interact with on-line financial service? Conclusion How do you interact
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationIntroducing Shibboleth. Sebastian Rieger
Introducing Shibboleth Sebastian Rieger sebastian.rieger@gwdg.de Gesellschaft für wissenschaftliche Datenverarbeitung mbh Göttingen, Germany CLARIN AAI Hands On Workshop, 25.02.2009, Oxford eresearch Center
More informationOn the Creation of Distributed Simulation Web- Services in CD++
On the Creation of Distributed Simulation Web- Services in CD++ Rami Madhoun, Bo Feng, Gabriel Wainer, Abstract CD++ is a toolkit developed to execute discrete event simulations following the DEVS and
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationImplement SAML 2.0 SSO in WLS using IDM Federation Services
Implement SAML 2.0 SSO in WLS using IDM Federation Services Who we are Experts At Your Service > Over 60 specialists in IT infrastructure > Certified, experienced, passionate Based In Switzerland > 100%
More informationWeb Services Security: SAML Interop 1 Scenarios
1 2 3 4 Web Services Security: SAML Interop 1 Scenarios Working Draft 04, Jan 29, 2004 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 Document identifier: Location: http://www.oasis-open.org/committees/wss/
More informationSOAP Web Services Objektumorientált szoftvertervezés Object-oriented software design. Web services 11/23/2016. Outline. Remote call.
SOAP Web Services Objektumorientált szoftvertervezés Object-oriented software design Outline Web Services SOAP WSDL Web Service APIs.NET: WCF Java: JAX-WS Dr. Balázs Simon BME, IIT 2 Remote call Remote
More informationWeb Based Single Sign-On and Access Control
0-- Web Based Single Sign-On and Access Control Different username and password for each website Typically, passwords will be reused will be weak will be written down Many websites to attack when looking
More informationIdentity Provider for SAP Single Sign-On and SAP Identity Management
Implementation Guide Document Version: 1.0 2017-05-15 PUBLIC Identity Provider for SAP Single Sign-On and SAP Identity Management Content 1....4 1.1 What is SAML 2.0.... 5 SSO with SAML 2.0.... 6 SLO with
More informationOIO Bootstrap Token Profile
> OIO Bootstrap Token Profile Version 1.0.1 IT- & Telestyrelsen March 2010 2 Content [ Document History 4 Introduction 5 Characteristics of bootstrap tokens 5 Related profiles 6 Assumptions 6 Token Requirements
More informationSOAP Specification. 3 major parts. SOAP envelope specification. Data encoding rules. RPC conventions
SOAP, UDDI and WSDL SOAP SOAP Specification 3 major parts SOAP envelope specification Defines rules for encapsulating data Method name to invoke Method parameters Return values How to encode error messages
More informationServices and Identity Management Contents. A Basic Web Service. Web applications. Applications and Services
Contents Services and Identity Management 1.12.2008 Prof. Sasu Tarkoma Introduction and motivation Contemporary applications and services Web services architecture overview Protocol stack WSDL, SOAP, UDDI
More informationIdentität und Autorisierung als Grundlage für sichere Web-Services. Dr. Hannes P. Lubich IT Security Strategist
Identität und Autorisierung als Grundlage für sichere Web-Services Dr. Hannes P. Lubich IT Security Strategist The Web Services Temptation For every $1 spent on software $3 to $5 is spent on integration
More informationWSDL. Stop a while to read about me!
WSDL Stop a while to read about me! Part of the code shown in the following slides is taken from the book Java by D.A. Chappell and T. Jawell, O Reilly, ISBN 0-596-00269-6 What is WSDL? Description Language
More informationSOA SOA SOA SOA SOA SOA SOA SOA SOA SOA SOA SOA SOA SOA
P P CRM - Monolithic - Objects - Component - Interface - . IT. IT loosely-coupled Client : - Reusability - Interoperability - Scalability - Flexibility - Cost Efficiency - Customized SUN BEA IBM - extensible
More informationWarm Up to Identity Protocol Soup
Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital
More informationMajor SAML 2.0 Changes. Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007
Major SAML 2.0 Changes Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007 Tokens, Protocols, Bindings, and Profiles Tokens are requests and assertions Protocols bindings are communication
More informationPAUL MESTEREAGA MAHMOUD ABUBAKR KEVIN VAN GYSEGHEM
PAUL MESTEREAGA MAHMOUD ABUBAKR KEVIN VAN GYSEGHEM 1 ? Initial sender Intermediary Intermediary Intermediary http http http http Ultimate receiver Soap message Soap message Soap message Soap message 2
More informationInternational Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 6, Nov-Dec 2015
RESEARCH ARTICLE OPEN ACCESS Middleware Interoperability using SOA for Enterprise Business Application T Sathis Kumar Assistant Professor Department of Computer Science and Engineering Saranathan College
More informationPreliminary. Database Publishing Wizard Protocol Specification
[MS-SSDPWP]: Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages,
More informationWA1670 SOA Testing Workshop. Student Labs. Web Age Solutions Inc.
WA1670 SOA Testing Workshop Student Labs Web Age Solutions Inc. 1 Table of Contents Quiz...3 Labs - A Note to the Students...12 Lab 1 - Getting To Know a Service...13 Lab 2 - WSDL Tests...23 Lab 3 - Functional
More informationIdentity management. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014
Identity management Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 Outline 1. Single sign-on 2. SAML and Shibboleth 3. OpenId 4. OAuth 5. (Corporate IAM) 6. Strong identity 2
More informationWEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices
WEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices Chris Steel, Ramesh Nagappan, Ray Lai www.coresecuritypatterns.com February 16, 2005 15:25 16:35
More informationKerberos SAML Profiles
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Kerberos SAML Profiles Working Draft 03, 10 th February 2004 Document identifier: draft-sstc-solution-profile-kerberos-03
More informationWill open standards increase ecommerce?
Liberty Alliance Project Open Standards for Network Identity Will open standards increase ecommerce? Bill Smith Director, Liberty Alliance Technology Sun Microsystems Permissions The author has graciously
More informationIdentity management. Tuomas Aura T Information security technology. Aalto University, autumn 2011
Identity management Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2011 Outline 1. Single sign-on 2. OpenId 3. SAML and Shibboleth 4. Corporate IAM 5. Strong identity 2
More information(9A05803) WEB SERVICES (ELECTIVE - III)
1 UNIT III (9A05803) WEB SERVICES (ELECTIVE - III) Web services Architecture: web services architecture and its characteristics, core building blocks of web services, standards and technologies available
More informationChapter 17 Web Services Additional Topics
Prof. Dr.-Ing. Stefan Deßloch AG Heterogene Informationssysteme Geb. 36, Raum 329 Tel. 0631/205 3275 dessloch@informatik.uni-kl.de Chapter 17 Web Services Additional Topics Prof. Dr.-Ing. Stefan Deßloch
More informationSession 2.1: Federations: Foundation. Scott Koranda Support provided by the National Institute of Allergy and Infectious Diseases
Session 2.1: Federations: Foundation Scott Koranda Support provided by the National Institute of Allergy and Infectious Diseases Scott Koranda's participation has been funded in whole or in part with federal
More informationIdentity-Enabled Web Services
Identity-Enabled s Standards-based identity for 2.0 today Overview s are emerging as the preeminent method for program-toprogram communication across corporate networks as well as the Internet. Securing
More informationRealisation of SOA using Web Services. Adomas Svirskas Vilnius University December 2005
Realisation of SOA using Web Services Adomas Svirskas Vilnius University December 2005 Agenda SOA Realisation Web Services Web Services Core Technologies SOA and Web Services [1] SOA is a way of organising
More informationAccess Control Service Oriented Architecture
http://www.cse.wustl.edu/~jain/cse571-09/ftp/soa/index.html 1 of 13 Access Control Service Oriented Architecture Security Yoon Jae Kim, yj1dreamer AT gmail.com (A project report written under the guidance
More informationA Mechanism for Federated Identification Services for Public Access Portals Using Access-Cards
A Mechanism for Federated Identification Services for Public Access Portals Using Access-Cards Sylvia Encheva Stord/Haugesund University College Bjørnsonsg. 45 5528 Haugesund, Norway sbe@hsh.no Sharil
More information@WebService OUT params via javax.xml.ws.holder
@WebService OUT params via javax.xml.ws.holder Example webservice-holder can be browsed at https://github.com/apache/tomee/tree/master/examples/webservice-holder With SOAP it is possible to return multiple
More informationModulo II WebServices
Modulo II WebServices Prof. Ismael H F Santos April 05 Prof. Ismael H. F. Santos - ismael@tecgraf.puc-rio.br 1 Bibliografia April 05 Prof. Ismael H. F. Santos - ismael@tecgraf.puc-rio.br 2 1 Ementa History
More informationDistributed Systems. Web Services (WS) and Service Oriented Architectures (SOA) László Böszörményi Distributed Systems Web Services - 1
Distributed Systems Web Services (WS) and Service Oriented Architectures (SOA) László Böszörményi Distributed Systems Web Services - 1 Service Oriented Architectures (SOA) A SOA defines, how services are
More informationCase study group setup at catme.org Please respond before Tuesday next week to have better group setup
Notes Case study group setup at catme.org Please respond before Tuesday next week to have better group setup Discussion To boost discussion, one write-up for the whole group is fine Write down the names
More informationSecurity Assertions Markup Language (SAML)
Security Assertions Markup Language (SAML) The standard XML framework for secure information exchange Netegrity White Paper PUBLISHED: MAY 20, 2001 Copyright 2001 Netegrity, Inc. All Rights Reserved. Netegrity
More informationINFORMATION TECHNOLOGY. Automated Railcar Release, Switch and Resequence XML and WSDL documentation
INFORMATION TECHNOLOGY Automated Railcar Release, Switch and Resequence XML and WSDL documentation Revision Date: December 21, 2017 Table of Contents 1 Introduction... 4 1.1 Purpose of this document...
More informationSecurity Assertion Markup Language (SAML) applied to AppGate XDP
1 Security Assertion Markup Language (SAML) applied to AppGate XDP Jamie Bodley-Scott AppGate Product Manager May 2016 version2 This document provides background on SAML for those of you who have not used
More informationSistemi ICT per il Business Networking
Corso di Laurea Specialistica Ingegneria Gestionale Sistemi ICT per il Business Networking SOA and Web Services Docente: Vito Morreale (vito.morreale@eng.it) 1 1st & 2nd Generation Web Apps Motivation
More informationOracle Utilities Opower Energy Efficiency Web Portal - Classic Single Sign-On
Oracle Utilities Opower Energy Efficiency Web Portal - Classic Single Sign-On Configuration Guide E84772-01 Last Update: Monday, October 09, 2017 Oracle Utilities Opower Energy Efficiency Web Portal -
More informationIVOA Support Interfaces: Mandatory Interfaces Version 0.3
IVOA Support Interfaces: Mandatory Interfaces Version 0.3 IVOA Working Draft 2007 May 16 This version: http://www.ivoa.net/internal/ivoa/ivoagridandwebservices /VOSupportInterfacesMandatory-0.3.pdf Previous
More informationImplementing a Ground Service- Oriented Architecture (SOA) March 28, 2006
Implementing a Ground Service- Oriented Architecture (SOA) March 28, 2006 John Hohwald Slide 1 Definitions and Terminology What is SOA? SOA is an architectural style whose goal is to achieve loose coupling
More informationNo Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
[MS-SSDPWP]: Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages,
More informationXML Web Service? A programmable component Provides a particular function for an application Can be published, located, and invoked across the Web
Web Services. XML Web Service? A programmable component Provides a particular function for an application Can be published, located, and invoked across the Web Platform: Windows COM Component Previously
More informationNetwork Security Essentials
Network Security Essentials Fifth Edition by William Stallings Chapter 4 Key Distribution and User Authentication No Singhalese, whether man or woman, would venture out of the house without a bunch of
More informationFederated Identification Architecture
Federated Identification Architecture Arezoo Haghshenas Department of Computer Tehran South Branch, Islamic Azad University Tehran, Iran Mir Ali Seyyedi Department of Computer Tehran South Branch, Islamic
More informationService Oriented Architectures Visions Concepts Reality
Service Oriented Architectures Visions Concepts Reality CSC March 2006 Alexander Schatten Vienna University of Technology Vervest und Heck, 2005 A Service Oriented Architecture enhanced by semantics, would
More informationWeb Services in Cincom VisualWorks. WHITE PAPER Cincom In-depth Analysis and Review
Web Services in Cincom VisualWorks WHITE PAPER Cincom In-depth Analysis and Review Web Services in Cincom VisualWorks Table of Contents Web Services in VisualWorks....................... 1 Web Services
More informationDocuSign Single Sign On Implementation Guide Published: June 8, 2016
DocuSign Single Sign On Implementation Guide Published: June 8, 2016 Copyright Copyright 2003-2016 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights and patents
More informationArticulation Transfer Clearinghouse Implementation Guide
Articulation Transfer Clearinghouse for 8/2/2007 Implementation Details TABLE OF CONTENTS INTRODUCTION... 3 Project Identification... 3 DOCUMENT CONTROL... 4 Update History... 4 ENVIRONMENTS... 5 METHODS...
More informationeid Interoperability for PEGS WS-Federation
eid Interoperability for PEGS WS-Federation Workshop Brussels 10 May 2007 Agenda 1 Scope 2 Category 3 Approach and description 4 Relevance for eid Interoperability 5 Pro s and Con s 6 Relationship with
More informationCOP 4814 Florida International University Kip Irvine. Inside WCF. Updated: 11/21/2013
COP 4814 Florida International University Kip Irvine Inside WCF Updated: 11/21/2013 Inside Windows Communication Foundation, by Justin Smith, Microsoft Press, 2007 History and Motivations HTTP and XML
More informationWeb Services Foundations: SOAP, WSDL and UDDI
Web Services Foundations: SOAP, WSDL and UDDI Helen Paik School of Computer Science and Engineering University of New South Wales Alonso Book Chapter 5-6 Webber Book Chapter 3-4 Mike Book Chapter 4-5 References
More informationCmpE 596: Service-Oriented Computing
CmpE 596: Service-Oriented Computing Pınar Yolum pinar.yolum@boun.edu.tr Department of Computer Engineering Boğaziçi University CmpE 596: Service-Oriented Computing p.1/53 Course Information Topics Work
More informationThe Business of Identity: Business Drivers and Use Cases of Identity Web Services
The Business of Identity: Business Drivers and Use Cases of Identity Web Services Roger Sullivan, Vice President, Liberty Alliance Vice President, Oracle Corporation Liberty s Architecture Liberty Identity
More informationWeb Applications. Web Services problems solved. Web services problems solved. Web services - definition. W3C web services standard
Web Applications 31242/32549 Advanced Internet Programming Advanced Java Programming Presentation-oriented: PAGE based App generates Markup pages (HTML, XHTML etc) Human oriented : user interacts with
More informationAdvanced Configuration for SAML Authentication
The advanced configuration for SAML authentication includes: Configuring Multiple Identity Providers Multiple Identity Providers can be configured to a SAML authentication service on the Barracuda Web
More informationCA SiteMinder Federation
CA SiteMinder Federation Legacy Federation Guide 12.52 SP1 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationService Interface Design RSVZ / INASTI 12 July 2006
Architectural Guidelines Service Interface Design RSVZ / INASTI 12 July 2006 Agenda > Mandatory standards > Web Service Styles and Usages > Service interface design > Service versioning > Securing Web
More informationTest Plan for Liberty Alliance SAML Test Event Test Criteria SAML 2.0
1 2 3 4 5 6 7 8 9 10 11 Test Plan for Liberty Alliance SAML Test Event Test Criteria SAML 2.0 Version 3.1 Editor: Kyle Meadors, Drummond Group Inc. Abstract: This document describes the test steps to achieve
More informationSOA Policy Service Versioning Standards
SOA Policy Service Versioning Standards Contents Document Location... 3 Document Revision History... 3 Related Policies... 3 Terminology Used in this Document... 4 Definitions... 4 1 Purpose... 6 2 Scope...
More informationLesson 13 Securing Web Services (WS-Security, SAML)
Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element
More informationIdentity Systems and Liberty Specification Version 1.1 Interoperability
Identity Systems and Liberty Specification Version 1.1 Interoperability A Liberty Alliance Technical Whitepaper 14 th February, 2003 Document Description: Liberty and 3rd Party Identity Systems White Paper-07.doc.
More informationEnhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation
Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of
More informationTivoli Federated Identity Manager. Sven-Erik Vestergaard Certified IT Specialist Security architect SWG Nordic
Tivoli Federated Identity Manager Sven-Erik Vestergaard Certified IT Specialist Security architect SWG Nordic svest@dk.ibm.com IBM Software Day Vilnius 2009 Agenda IBM strategy on IAA What is a federation
More informationFederated Web Services with Mobile Devices
Federated Web Services with Mobile Devices Rajeev Angal Architect Sun Microsystems Pat Patterson Architect Sun Microsystems Session TS-6673 Copyright 2006, Sun Microsystems, Inc., All rights reserved.
More informationFederated Identity Manager Business Gateway Version Configuration Guide GC
Tivoli Federated Identity Manager Business Gateway Version 6.2.1 Configuration Guide GC23-8614-00 Tivoli Federated Identity Manager Business Gateway Version 6.2.1 Configuration Guide GC23-8614-00 Note
More informationSOA-20: The Role of Policy Enforcement in SOA Management
SOA-20: The Role of Policy Enforcement in SOA Management Phil Walston VP Product Management Layer 7 Technologies Overview Discuss policy in SOA, the role of Policy Enforcement Points and where this fits
More informationWeb-Based Systems. INF 5040 autumn lecturer: Roman Vitenberg
Web-Based Systems INF 5040 autumn 2013 lecturer: Roman Vitenberg INF5040, Roman Vitenberg 1 Two main flavors Ø Browser-server WWW application Geared towards human interaction Not suitable for automation
More informationGlobal Reference Architecture: Overview of National Standards. Michael Jacobson, SEARCH Diane Graski, NCSC Oct. 3, 2013 Arizona ewarrants
Global Reference Architecture: Overview of National Standards Michael Jacobson, SEARCH Diane Graski, NCSC Oct. 3, 2013 Arizona ewarrants Goals for this Presentation Define the Global Reference Architecture
More informationMotivation. Aspect-oriented Model-driven Service-oriented architecture. Motivation. Objective. I have a dream... I have a dream...
Motivation Aspect-oriented Model-driven Service-oriented architecture TTT presentation 2 April 2009 Luís Ferreira ires I heard during a keynote presentation of a wellknown person at ECOWS 2007 an enthusiastic
More informationWeb services for a Software Development Platform
Degree Project Web services for a Software Development Platform Yue Wang 2010-08-17 Subject: Computer Science Level: Master Course code: 5DV00E Abstract Web service is a sophisticated SOA technology with
More informationCA SiteMinder. Federation Manager Guide: Legacy Federation. r12.5
CA SiteMinder Federation Manager Guide: Legacy Federation r12.5 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationU.S. E-Authentication Interoperability Lab Engineer
Using Digital Certificates to Establish Federated Trust chris.brown@enspier.com U.S. E-Authentication Interoperability Lab Engineer Agenda U.S. Federal E-Authentication Background Current State of PKI
More informationReview of differences in SAML V2.0 from SAML V1.1 and ID-FF V1.2
Review of differences in SAML V2.0 from SAML V1.1 and ID-FF V1.2 Eve Maler 21 April 2004 Thanks to Scott and JohnK for comments (line numbers are from sstc-saml-core-08-diff-from-02) SAML V2.0 diffs in
More informationIntegrated Security Context Management of Web Components and Services in Federated Identity Environments
Integrated Security Context Management of Web Components and Services in Federated Identity Environments Apurva Kumar IBM India Research Lab. 4, Block C Vasant Kunj Institutional Area, New Delhi, India-110070
More informationWeb Services Security - Focus on SAML and XACML
The Open University of Israel Department of Mathematics and Computer Science Web Services Security - Focus on SAML and XACML Final Paper submitted as partial fulfillment of the requirements towards an
More informationYour Auth is open! Oversharing with OpenAuth & SAML
Your Auth is open! Oversharing with OpenAuth & SAML Andrew Pollack Northern Collaborative Technologies 2013 by the individual speaker Sponsors 2013 by the individual speaker Who Am I? Andrew Pollack President
More information@WebService handlers
@WebService handlers with @HandlerChain Example webservice-handlerchain can be browsed at https://github.com/apache/tomee/tree/master/examples/webservicehandlerchain In this example we see a basic JAX-WS
More informationThis tutorial is going to help all those readers who want to learn the basics of WSDL and use its features to interface with XML-based services.
i About the Tutorial This is a brief tutorial that explains how to use to exchange information in a distributed environment. It uses plenty of examples to show the functionalities of the elements used
More informationIntroduction to Web Services & SOA
References: Web Services, A Technical Introduction, Deitel & Deitel Building Scalable and High Performance Java Web Applications, Barish Service-Oriented Programming (SOP) SOP A programming paradigm that
More informationIntroduction to Web Services
Introduction to Web Services SWE 642, Spring 2008 Nick Duan April 9, 2008 1 Overview What are Web Services? A brief history of WS Basic components of WS Advantages of using WS in Web application development
More informationWSDL Document Structure
WSDL Invoking a Web service requires you to know several pieces of information: 1) What message exchange protocol the Web service is using (like SOAP) 2) How the messages to be exchanged are structured
More informationUser Management Interfaces for Earth Observation Services
Open Geospatial Consortium Inc. Date: 208-04-23 Reference number of this OGC project document: 07-118r1 Version: 0.0.2 Category: OGC Interoperability Program Report Editors: R.Smillie, A.Cucumel SPACEBEL
More informationRealMe. SAML v2.0 Messaging Introduction. Richard Bergquist Datacom Systems (Wellington) Ltd. Date: 15 November 2012
RealMe Version: Author: 1.0 APPROVED Richard Bergquist Datacom Systems (Wellington) Ltd Date: 15 November 2012 CROWN COPYRIGHT This work is licensed under the Creative Commons Attribution 3.0 New Zealand
More informationCA SiteMinder Federation
CA SiteMinder Federation Partnership Federation Guide 12.52 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationXML Grammar and Parser for the Web Service. Offerings Language
XML Grammar and Parser for the Web Service Offerings Language by Kruti Patel, B. Eng. A thesis submitted to the Faculty of Graduate Studies and Research in partial fulfillment of the requirements for the
More informationCA SiteMinder Web Services Security
CA SiteMinder Web Services Security Policy Configuration Guide 12.52 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationC exam. IBM C IBM WebSphere Application Server Developer Tools V8.5 with Liberty Profile. Version: 1.
C9510-319.exam Number: C9510-319 Passing Score: 800 Time Limit: 120 min File Version: 1.0 IBM C9510-319 IBM WebSphere Application Server Developer Tools V8.5 with Liberty Profile Version: 1.0 Exam A QUESTION
More informationOIO WS-Trust Profile. Version 1.0. IT- & Telestyrelsen October 2009
> OIO WS-Trust Profile Version 1.0 IT- & Telestyrelsen October 2009 Content > Document History 3 Introduction 4 Related profiles 4 General Requirements 5 Usage 5 Processing Rules
More information