Web Services Introduction WS-Security XKMS
|
|
- Magnus Garrett
- 6 years ago
- Views:
Transcription
1 Web Service Security Wolfgang Werner HP Decus Bonn Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Agenda Web Services Introduction WS-Security XKMS 1
2 Web Services Introduction What is a Web Service? Problem taking different applications running on different operating systems built with different object models using different programming languages and turning them into Web applications. Web Services Introduction What is a Web Service? Web services are building blocks for constructing distributed Web-based applications allows a site to expose programmatic functionality via the Internet are based on open Internet standards such as HTTP, XML, SOAP can be consumed by applications implemented in any language for any platform 2
3 Web Services Introduction: Example Web Service WebService Language="C#" Class="HelloW" %> using System.Web.Services; [WebService(Namespace="urn:HelloW")] public class HelloW : WebService { [ WebMethod ] public string sayhelloto(string name) { return "Hello World " + name; } } Web Services Introduction: SOAP Today's distributed applications use binary protocolls like DCOM and CORBA/IIOP DCOM and CORBA/IIOP don't work in Internet scenarios HTTP is supported widely 3
4 Web Services Introduction: SOAP Simple Object Access Protocol (SOAP) Provides the mechanism for Web Services to communicate with clients and each other 'RPC over the Internet' SOAP uses HTTP as RPC-style transport XML for data encoding Web Services Introduction: SOAP POST /string_server/object17 HTTP/1.1 Host: Content-Type: text/xml Content-Length: 152 SOAPMethodName: urn:strings-com:istring#sayhelloto <SOAP-ENV:Envelope xmlns:soap-env=" <SOAP-ENV:Header></SOAP-ENV:Header> <SOAP-ENV: Body> <m:sayhelloto xmlns:m='urn:strings-com:istring'> <thestring>hello, World</theString> </m: sayhelloto> </SOAP-ENV:Body> </ SOAP-ENV:Envelope> 4
5 Web Services Introduction: Caveats of Webservices Reliability Accounting Performance Trust Security Web Services Introduction: SSL Secure Sockets Layer Open standard Establishes a secure channel between two parties Uses strong encryption 128-bit keys Transport Layer Security TLS Version 1.0 (RFC 2246) the successor of SSL 5
6 Web Services Introduction: SSL mytravel.com Web Server 1 Client requests secure channel 2 Server sends public key certificate 3 Client verifies certificate and sends session key 4 Client sends its public key certificate 5 Server verifies certificate and sends session key 6 Client and Server communicate secure with session key Web Service Introduction: SSL SSL only secures the transmission of the data Integrity not maintained No possibility to sign or encrypt only parts of a document 6
7 Agenda Web Services Introduction WS-Security XKMS WS-Security: Introduction Lack of standardized security No cross-platform open communication Microsoft, IBM and Verisign designed a security modell called "Web Services Security" (WS-Security) Security for Web Services through message integrity, message confidentiality and message authentication 7
8 WS-Security: Introduction Message integrity XML Signature (W3C) Message confidentiality XML Encryption (W3C) Message authentication User Name, X509 Certificates and Kerberos WS-Security: Introduction WS-Security is an additional SOAP header <Soap:Envelope > <Soap:Header>... <Credentials > <UsernameToken...> <Username> </Username> <Password Type= > </Password> </UsernameToken> </Credentials>... </Soap:Header>... <Soap:Body> </Soap:Body> </Soap:Envelope> 8
9 WS-Security: Introduction Placing security related information into the header enables the SOAP processor to handle the token verification seperately allows to pass and remove specific information to different actors (receivers) Keyinfo, DigestMethod, WS-Security: XML Signature The ability to digitally sign a document is not a new concept Apply to the entire document Focused on message transportation There is no standard mechanism to sign only specific portions of a document have multiple signatures on different parts of the document manage persistant signature information 9
10 WS-Security: XML Signature Goals: Represent signatures in standard XML format Support signing of specific portions of an XML document Sign arbitrary digital content Including binary data such as JPEG images WS-Security: XML Signature Signature creatiuon and validation must occur on the same bits Canonical XML ( Ensure identical physical representation of logically equivalent XML documents Serializing to a standard form 10
11 WS-Security: XML Signature <Signature xmlns=" <SignedInfo> <CanonicalizationMethod Algorithm=" /> <SignatureMethod Algorithm=" /> <Reference URI="#StudentData"> <DigestMethod Algorithm=" /> <DigestValue>UAbcP0xOFEf0ta6/EVhV9shjXCs=</DigestValue> </Reference> </SignedInfo> <SignatureValue>WE7ZXjb7kGX5d1MOW...</SignatureValue> <Object Id="StudentData"> <Loans> data here. </Loans> </Object> </Signature> WS-Security: XML Signature <SignedInfo> <KeyInfo> <X.509Data xmlns=" <X509Certificate> 9EL4LqrfV8IRXU...bbHcsdMSeZn3En+htDHjM </X.509Certificate> </X509Data> </KeyInfo> </SignedInfo> 11
12 WS-Security: XML Encryption Process to encrypt and decrypt digital content and represent the encrypted content in XML Encrypt only specific portions of a document Have multiple parties encrypt different parts of the document Peristant Storage WS-Security: XML Encryption Supports encryption of Entire XML documents Elements Contents of an element Arbitrary data Builds on exisiting algorithms Provides a standard representation format 12
13 WS-Security: XML Encryption <?xml version="1.0"?> <EncryptedData xmlns=" MimeType="text/xml"> <CipherData> <CipherValue> ys3dhtac.. GDSb3 </CipherValue> </CipherData> </EncryptedData> WS-Security: XML Encryption <Observation doctor="tim Smith" id="bloodpressure"> <EncryptedData xmlns=" Type=" <CipherData> <CipherValue> ys3dhtac.. GDSb3 </CipherValue> </CipherData> </EncryptedData> </Observation> 13
14 WS-Security: Message Authentication Security token propagation Informs the web service who requires the service Username and password information <UsernameToken> Binary formats (X.509 certificates, Kerberos tickets <BinarySecurityToken> WS-Security: Message Authentication <Security> <UsernameToken> <Username>Peter</Username> <Password type="passworddigest"> Q67vzYSMAKonUOFXy19TcMSq4U </Password> </UsernameToken> </Security> <!--A digest is a base64 encoded SHA1 hash value --> 14
15 WS-Security: Message Authentication <Security> <BinarySecurityToken xmlns:wsse=" ValueType="X509v3" Id="myToken" EncodingType="Base64Binary"> MIIEZzCCA9CgAwIBAgIQEmtJZc0... </BinarySecurityToken> </Security> <!-- ValueTypes: X509v3 X.509 v3 certificate Kerberosv5TGT Kerberos v5 TGT ticket. Kerberosv5ST Kerberos v5 service ticket. --> WS-Security: Summary Microsoft has released Web Services Enhancements 1.0 for Microsoft.NET, (WSE) WSE is a.net library that utilize the WS-Security specification WSE has superseded the Web Services Development Kit (WSDK) 15
16 Agenda Web Services Introduction WS-Security XKMS XKMS XKMS: XML Key Management Specification XML Signature and XML Encryption are generally based on PKI PKI based on public and private key pairs(asymmetric encryption) Organizations who wish to communticate exchange their public keys 16
17 XKMS Problems Locating the public keys Key verification Handle multiple PKI implementations No longer XML based Increased complexity of applications XKMS XKMS is a W3C initiative Original input from Microsoft, Verisign and WebMethods Web service for management of PKI based cryptographic keys Applications delegate all PKI processing tasks to a third party trust service 17
18 XKMS Benefits Simplifies usage of XML Signature and XML Encryption Builds a layer of abstraction between the application and multiple PKI implementations Moves the complexety of managing PKI out to the infrastructure level Fits smoothly into the web service environment XKMS mytravel.com Encryted, signed message 1 Key registration Locate myhotel.com Public key 3 XKMS Server myhotel.com Locate and validate mytravel.com Public key PKI Database PKI Server 18
19 XKMS XKMS is comprised of two parts XML Key Information Service Specification (XKISS) Locate service Validate service XML Key Registration Service Specification (XKRSS) Register service XKMS XKISS Direct processing support for the ds:keyinfo element used by XML Encryption and XML Signature Based on any PKI like X.509, SPKI or PGP Locate and validate public keys 19
20 XKMS XKISS Locate Service Retrieve a public key registered Resolve the ds:keyinfo element and provide the client with the required public key information May use local data, relay the request to other servers or act as a gateway to an underlying PKI infrastructure XKMS <SOAP:Envelope> <LocateRequest> <KeyInfoQuery> <ds:keyname>myhotel.com</ds:keyname> </KeyInfoQuery> </LocateRequest> </SOAP:Envelope> Get public key (proprietary format) <SOAP:Envelope> <LocateResult> <ds:keyinfo> <ds:keyname>myhotel.com</ds:keyname> <ds:keyvalue>...afg7we7...</ds:keyvalue> </dskeyinfo> </LocateResult> </SOAP:Envelope> mytravel.com xkms.verisign.com PKI infrastructure 20
21 XKMS XKISS Validate Service provides the functionallity of the Locate Service and key validation Key - name binding Key status Validity period Key usage Not revoked XKMS XKISS security issues Communication between the client and the trust service must be secure Authenticity Integrity Correspondance XKISS specification recommends Digital signatures Transport layer security Packet layer security 21
22 XKMS XKRSS Register Service Support for registration and further management of public key information Generate or register public/private key pairs Support for the entire certificate life cycle XKMS The generation of public and private keys can be delegated to the XKRSS service to generate a public and private key pair Advantage: the responsibility of maintaining a private key goes with the service provider Disadvantage: the private key information is exposed to the service provider.??? be completed at the client's end??? 22
23 XKMS Support for the entire certificate life cycle Register Reissue Revocation Recovery XKMS Client authentication: XKRSS specification does not specify any authentication policy Left to the trust service provider Shared secret most commonly used 23
24 XKMS: Implementations Entrust Verisign Phaos XKMS &.Net Not covered... XACML XTAML SAML Liberty Alliance Passport P3P authxml WS-Policy WS-Trust WS-SecureConversation WS-SecurityPolicy... 24
Web Services Security
Web Services Security Submitted to Dr. Stefan Robila As Part of CMPT-585, Final Project By Nagalakshmi Kohareswaran Shilpa Venugopal Department of Computer Science Montclair State University Montclair,
More informationLesson 13 Securing Web Services (WS-Security, SAML)
Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element
More informationSOA-Tag Koblenz 28. September Dr.-Ing. Christian Geuer-Pollmann European Microsoft Innovation Center Aachen, Germany
SOA-Tag Koblenz 28. September 2007 Dr.-Ing. Christian Geuer-Pollmann European Microsoft Innovation Center Aachen, Germany WS-FooBar Buchstabensuppe WS-BusinessActivity MTOM XPath InfoSet XML WS-Management
More informationWeb Services Security SOAP Messages with Attachments (SwA) Profile 1.0 Interop 1 Scenarios
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Web Services Security SOAP Messages with Attachments (SwA) Profile 1.0 Interop 1 Scenarios Working Draft 04, 21 Oct 2004 Document identifier:
More informationAPI Security. PHP Tek Rob Richards
API Security PHP Tek 2012 Rob Richards rrichards@mashery.com Who am I? Rob Richards Mashery Email: rrichards@mashery.com Twitter: @mashery Slides: www.cdatazone.org WWW Danger! Danger! Traditional Web
More informationA Signing Proxy for Web Services Security
A Signing Proxy for Web Services Security Dr. Ingo Melzer Prof. Mario Jeckle What is a Web Service? Web Service Directory Description UDDI/WSIL WSDL Transport Content Infrastructure SOAP XML Web Service
More informationCOP 4814 Florida International University Kip Irvine. Inside WCF. Updated: 11/21/2013
COP 4814 Florida International University Kip Irvine Inside WCF Updated: 11/21/2013 Inside Windows Communication Foundation, by Justin Smith, Microsoft Press, 2007 History and Motivations HTTP and XML
More informationWeb Services Security. Dr. Ingo Melzer, Prof. Mario Jeckle
Web Services Security Dr. Ingo Melzer, Prof. Mario Jeckle What is a Web Service? Infrastructure Web Service I. Melzer -- Web Services Security 2 What is a Web Service? Directory Description UDDI/WSIL WSDL
More informationXML Key Information System for Secure e-trading
XML Key Information System for Secure e-trading Nam-Je Park, Ki-Young Moon, Sung-Won Sohn Informatoion Security Research Division Electronics Telecommunications Research Institute(ETRI) 161 Gajeong-dong,
More informationNetwork Security Essentials
Network Security Essentials Fifth Edition by William Stallings Chapter 4 Key Distribution and User Authentication No Singhalese, whether man or woman, would venture out of the house without a bunch of
More informationWeb Services Security
Web Services Security scs2wl@comp.leeds.ac.uk MSc Information Systems 2002/03 School of Computing University of Leeds Leeds, LS2 9JT, UK Supervisor: Mr. Bill Whyte Table of Contents Summary... I Acknowledgments...II
More information1 URI stands for Universal Resource Identifier.
Chapter 1. XML Security The extendible Markup Language (XML) allows organizations to agree on a common, interoperable markup for document formatting (vocabulary), and use it to exchange business documents,
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More informationNAADS DSS web service usage Contents
NAADS DSS web service usage Contents NAADS DSS web service usage... 1 NAADS DSS Service... 2 NAADS DSS web service presentation... 2 NAADS DSS verification request... 2 NAADS DSS verification response...
More informationHP Instant Support Enterprise Edition (ISEE) Security overview
HP Instant Support Enterprise Edition (ISEE) Security overview Advanced Configuration A.03.50 Mike Brandon Interex 03 / 30, 2004 2003 Hewlett-Packard Development Company, L.P. The information contained
More informationEncryption, Signing and Compression in Financial Web Services
Danske Bank Encryption, Signing and Compression in Financial Web Services Details of how to call the Danske Bank financial web service Version 2.4.8 Encryption, Signing and Compression in Financial Web
More informationINTEGRATED SECURITY SYSTEM FOR E-GOVERNMENT BASED ON SAML STANDARD
INTEGRATED SECURITY SYSTEM FOR E-GOVERNMENT BASED ON SAML STANDARD Jeffy Mwakalinga, Prof Louise Yngström Department of Computer and System Sciences Royal Institute of Technology / Stockholm University
More informationCA SiteMinder Web Services Security
CA SiteMinder Web Services Security Policy Configuration Guide 12.52 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationHow to Overcome Web Services Security Obstacles
How to Overcome Web Services Security Obstacles Dick Mackey SystemExperts Corporation Agenda Introduction to Web Services Web Services threats Web Services security standards What s here today What you
More informationWeb Services Security - Basics
Web Services Security - Basics Michael Pühlhöfer, Senior IT-Architect, IBM Software Group Member of IBM Technical Expert Council 1 Agenda 1. Security Requirements for Peer-to-Peer Applications 2. Web Services
More informationWeb Services Security: SAML Interop 1 Scenarios
1 2 3 4 Web Services Security: SAML Interop 1 Scenarios Working Draft 04, Jan 29, 2004 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 Document identifier: Location: http://www.oasis-open.org/committees/wss/
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationKEY DISTRIBUTION AND USER AUTHENTICATION
KEY DISTRIBUTION AND USER AUTHENTICATION Key Management and Distribution No Singhalese, whether man or woman, would venture out of the house without a bunch of keys in his hand, for without such a talisman
More informationT SOAP and UDDI. Tancred Lindholm, Sasu Tarkoma and Pekka Nikander Aalto University
T-110.5140 SOAP and UDDI Tancred Lindholm, Sasu Tarkoma and Pekka Nikander Aalto University 1 Lecture outline SOAP Document style vs. RPC style SOAP SOAP intermediaries Data encoding in SOAP UDDI White,
More informationDatapower is both a security appliance & can provide a firewall mechanism to get into Systems of Record
1 2 3 Datapower is both a security appliance & can provide a firewall mechanism to get into Systems of Record 5 White boxes show the access points for different kinds of security. That s what we will
More informationSecurity aspects of XML and Web services
Security aspects of XML and Web services Eduardo B. Fernandez Florida Atlantic University Boca Raton, FL www.cse.fau.edu/~ed 9/1/01 1 Outline Introduction: architectures XML security: transmission XML
More informationConcepts of Web Services Security
Concepts of Web Services Security Session MCP/OS/MTP 4066 2:45 3:45pm, Halloween 2017 MGS, Inc. Software Engineering, Product & Services firm founded in 1986 Products and services to solve business problems:
More informationIdentität und Autorisierung als Grundlage für sichere Web-Services. Dr. Hannes P. Lubich IT Security Strategist
Identität und Autorisierung als Grundlage für sichere Web-Services Dr. Hannes P. Lubich IT Security Strategist The Web Services Temptation For every $1 spent on software $3 to $5 is spent on integration
More informationUser Authentication Principles and Methods
User Authentication Principles and Methods David Groep, NIKHEF User Authentication - Principles and Methods 1 Principles and Methods Authorization factors Cryptographic methods Authentication for login
More informationWeb Services, ebxml and XML Security
Web Services, ebxml and XML Security Dr David Cheung Director Center for E-Commerce E Infrastructure Development Electronic Commerce Models Business to Customer (B2C) Convenient access to services Business
More informationExam : Title : IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP. Version : Demo
Exam : 000-609 Title : IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP Version : Demo 1. Which of the following is an advantage of using WS-Security instead of SSL? A. Provides assured message
More informationChapter 6: Digital Certificates Introduction Authentication Methods PKI Digital Certificate Passing
Chapter 6: Digital Certificates Introduction Methods PKI Digital Certificate Passing Prof Bill Buchanan OBE http://asecuritysite.com/crypto06 http://asecuritysite.com/encryption Identity on the Internet
More informationCredential Mapping in Grids
Credential Mapping in Grids E S T E B A N T A L A V E R A Master of Science Thesis Stockholm, Sweden 2007 ICT/ECS-2007-33 Credential Mapping in Grids Master of Science Thesis ESTEBAN TALAVERA GONZÁLEZ
More informationSimple Object Access Protocol (SOAP) Reference: 1. Web Services, Gustavo Alonso et. al., Springer
Simple Object Access Protocol (SOAP) Reference: 1. Web Services, Gustavo Alonso et. al., Springer Minimal List Common Syntax is provided by XML To allow remote sites to interact with each other: 1. A common
More informationTechnologies for Securing the Networked Supply Chain. Alex Deacon Advanced Products and Research Group VeriSign, Inc.
Technologies for Securing the Networked Supply Chain Alex Deacon Advanced Products and Research Group VeriSign, Inc. Agenda Introduction Security challenges Security technologies in use today Applying
More informationEnterprise SOA Experience Workshop. Module 8: Operating an enterprise SOA Landscape
Enterprise SOA Experience Workshop Module 8: Operating an enterprise SOA Landscape Agenda 1. Authentication and Authorization 2. Web Services and Security 3. Web Services and Change Management 4. Summary
More informationzentrale Sicherheitsplattform für WS Web Services Manager in Action: Leitender Systemberater Kersten Mebus
Web Services Manager in Action: zentrale Sicherheitsplattform für WS Kersten Mebus Leitender Systemberater Agenda Web Services Security Oracle Web Service Manager Samples OWSM vs
More informationOracle Application Server
Oracle Application Server Web Services Security Guide 10g (10.1.3.1.0) B28976-01 September 2006 Oracle Application Server Web Services Security Guide 10g (10.1.3.1.0) B28976-01 Copyright 2006, Oracle.
More informationReal-Time Connectivity Specifications
Real-Time Connectivity Specifications United Concordia Companies, Inc. (UCCI) 2006 Contents 1. Real-Time Overview 2. Requirements 3. SOAP Messages 4. SOAP Faults 5. UCCI EDI WebServices Certificate 1.
More informationPrincess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)
Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536) Prepared by Dr. Samia Chelloug E-mail: samia_chelloug@yahoo.fr Content
More informationDigitaliseringsstyrelsen
Signing Service Interface Version: 1.7 ID: 32309 2013-06-24 Table of Contents 1 PURPOSE... 3 2 OVERVIEW... 4 3 SIGNING REQUEST MESSAGE... 5 4 SIGNING RESPONSE MESSAGE... 7 5 BACK CHANNEL WEB SERVICE...
More informationCOSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS
COSC 301 Network Management Lecture 15: SSL/TLS and HTTPS Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 15: SSL/TLS and HTTPS 1 Today s Focus WWW WWW How to secure web applications?
More informationAMERICAN UNIVERSITY OF BEIRUT PRIDE POLICY-DRIVEN WEB SECURITY FOR HANDHELD WIRELESS DEVICES
AMERICAN UNIVERSITY OF BEIRUT PRIDE POLICY-DRIVEN WEB SECURITY FOR HANDHELD WIRELESS DEVICES by CAMILLE GEORGES GASPARD A thesis submitted in partial fulfillment of the requirements for the degree of Master
More informationPretty Good Privacy (PGP
PGP - S/MIME - Internet Firewalls for Trusted System: Roles of Firewalls Firewall related terminology- Types of Firewalls - Firewall designs - SET for E-Commerce Transactions. Pretty Good Privacy (PGP
More informationCREATION AND CONFIGURATION OF WEB SERVICE FROM RFC AND DEPLOYMENT IN ANOTHER SYSTEM
CREATION AND CONFIGURATION OF WEB SERVICE FROM RFC AND DEPLOYMENT IN ANOTHER SYSTEM Applies to: SAP Summary The purpose of this document is to provide creation and configuration of web service from function
More informationDigital Certificate Operation in a Complex Environment PKI ARCHITECTURE QUESTIONNAIRE
Digital Certificate Operation in a Complex Environment A project within the Joint Information Systems Committee s Authentication, Authorisation and Accounting middleware programme PKI ARCHITECTURE QUESTIONNAIRE
More informationPublic-key Infrastructure Options and choices
Public-key Infrastructure Options and choices Tim Moses Director, Advanced Security Technology April 98 1997 Entrust Technologies Overview General-purpose and Dedicated PKIs Trust models Two-key architecture
More information2010 Martin v. Löwis. Data-centric XML. XML Signature and Encryption
Data-centric XML XML Signature and Encryption Overview Canonicalization Signature Encryption 2 Canonical XML (1) http://www.w3.org/tr/2001/rec-xml-c14n-20010315 Definition of canonical form: Document is
More informationAn Overview of Secure and Authenticated Remote Access to Central Sites
Workshop on Data Access to Micro-Data (WDA) Nuernberg, August 20-21 An Overview of Secure and Authenticated Remote Access to Central Sites Dr Milan Marković Banca Intesa ad Beograd, Serbia milan.markovic@bancaintesabeograd.com
More informationCryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent
More informationNetwork Security. Chapter 10. XML and Web Services. Part II: II: Securing Web Services Part III: Identity Federation
Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Network Security Chapter 10 Application Layer Security: Web Services (Part 2) Part I: Introduction
More informationBut where'd that extra "s" come from, and what does it mean?
SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying
More informationOMA Device Management Security
OMA Device Management Security Approved Version 1.2.1 17 Jun 2008 Open Mobile Alliance OMA-TS-DM_Security-V1_2_1-20080617-A OMA-TS-DM_Security-V1_2_1-20080617-A Page 2 (27) Use of this document is subject
More informationChapter 17 Web Services Additional Topics
Prof. Dr.-Ing. Stefan Deßloch AG Heterogene Informationssysteme Geb. 36, Raum 329 Tel. 0631/205 3275 dessloch@informatik.uni-kl.de Chapter 17 Web Services Additional Topics Prof. Dr.-Ing. Stefan Deßloch
More informationXenApp 5 Security Standards and Deployment Scenarios
XenApp 5 Security Standards and Deployment Scenarios 2015-03-04 20:22:07 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents XenApp 5 Security Standards
More informationSummary of PGP Services
Table 15.1 Summary of PGP Services Function Algorithms Used Description Digital signature Message encryption Compression Email compatibility DSS/SHA or RSA/SHA CAST or IDEA or Three-key Triple DES with
More informationSMart esolutions Information Security
Information Security Agenda What are SMart esolutions? What is Information Security? Definitions SMart esolutions Security Features Frequently Asked Questions 12/6/2004 2 What are SMart esolutions? SMart
More informationChapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure
More informationFederated Web Services with Mobile Devices
Federated Web Services with Mobile Devices Rajeev Angal Architect Sun Microsystems Pat Patterson Architect Sun Microsystems Session TS-6673 Copyright 2006, Sun Microsystems, Inc., All rights reserved.
More informationKey Management and Distribution
Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationC exam. IBM C IBM WebSphere Application Server Developer Tools V8.5 with Liberty Profile. Version: 1.
C9510-319.exam Number: C9510-319 Passing Score: 800 Time Limit: 120 min File Version: 1.0 IBM C9510-319 IBM WebSphere Application Server Developer Tools V8.5 with Liberty Profile Version: 1.0 Exam A QUESTION
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationUNITE 2007 Technology Conference
UNITE 2007 Technology Conference Some Considerations for MCP Applications using Web Services Michael S. Recant MGS, Inc. Session MCP4027 1:30pm 2:30pm Monday, September 10, 2007 MGS, Inc. Software Engineering,
More informationPretty Good Privacy (PGP)
Pretty Good Privacy (PGP) -- PGP services -- PGP key management (c) Levente Buttyán (buttyan@crysys.hu) What is PGP? general purpose application to protect (encrypt and/or sign) files can be used to protect
More informationOASIS XACML XML DSig Profile
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 OASIS XACML XML DSig Profile Working draft 0.2, 14 March 2003 Document identifier: wd-aha-dsigprofile-02.sxw
More informationKerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos
Kerberos and Public-Key Infrastructure Key Points Kerberos is an authentication service designed for use in a distributed environment. Kerberos makes use of a thrusted third-part authentication service
More informationCoding & Information Theory Lab.
통합인증시스템설계및구현 연세대학교전기 전자공학과정연식, 송홍엽 Coding & Information Theory Lab. Introduction Previous Works Contents Design and Implementation of Public-Key Infrastructure Design and Implementation of Single Sign-On
More informationIBM i Version 7.2. Security Digital Certificate Manager IBM
IBM i Version 7.2 Security Digital Certificate Manager IBM IBM i Version 7.2 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information
More informationWeb Services Security X509 Certificate Token Profile
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 Web Services Security X509 Certificate Token Profile Working Draft 04, 19th May 2003 Document identifier: WSS-X509-04 Location:
More informationNAADS DSS web service usage Contents
NAADS DSS web service usage Contents NAADS DSS web service usage... 1 NAADS DSS Service... 2 NAADS DSS web service presentation... 2 NAADS DSS verification request... 2 NAADS DSS verification response...
More informationExam Name: IBM WebSphere Datapower SOA. Appliances Firmware V3.8.1, Solution Implementation
Vendor: IBM Exam Code: 000-609 Exam Name: IBM WebSphere Datapower SOA Appliances Firmware V3.8.1, Solution Implementation Version: DEMO 1. Which of the following is an advantage of using WS-Security instead
More informationUsing the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway
Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway Applying Application Delivery Technology to Web Services Overview The Cisco ACE XML Gateway is the newest
More informationIntegrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise
System z Integrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise SC28-6880-00 System z Integrating the Hardware Management Console s Broadband Remote Support
More informationNew open source CA development as Grid research platform.
New open source CA development as Grid research platform. National Research Grid Initiative in Japan Takuto Okuno. 1 About NAREGI PKI Group (WP5) 2 NAREGI Authentication Service Perspective To develop
More informationHiggins SAML2 IdP Tutorial
Higgins SAML2 IdP Tutorial Version 1.1, Oct 18 th 2007, msabadello@parityinc.net The Higgins SAML2 IdP supports the SP initiated SSO profile defined by SAML2 specifications. Two parties are involved in
More informationData Transport. Publisher's Note
Data Transport Publisher's Note This document should be considered a draft until the message formats have been tested using the latest release of the Apache Foundation's SOAP code. When those tests are
More informationSECURE YOUR INTEGRATIONS. Maarten Smeets
SECURE YOUR INTEGRATIONS Maarten Smeets 07-06-2018 About Maarten Integration consultant at AMIS since 2014 Several certifications SOA, BPM, MCS, Java, SQL, PL/SQL, Mule, AWS, etc Enthusiastic blogger http://javaoraclesoa.blogspot.com
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationIdentity-Enabled Web Services
Identity-Enabled s Standards-based identity for 2.0 today Overview s are emerging as the preeminent method for program-toprogram communication across corporate networks as well as the Internet. Securing
More informationCERN Certification Authority
CERN Certification Authority Emmanuel Ormancey (IT/IS) What are Certificates? What are Certificates? Digital certificates are electronic credentials that are used to certify the identities of individuals,
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 6 Release 1 System i Security Digital Certificate Manager Version 6 Release 1 Note Before using this information and the product it supports, be sure
More informationPKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures
Public Key Infrastructures Public Key Infrastructure Definition and Description Functions Components Certificates 1 2 PKI Services Security Between Strangers Encryption Integrity Non-repudiation Key establishment
More informationProgramming Web Services in Java
Programming Web Services in Java Description Audience This course teaches students how to program Web Services in Java, including using SOAP, WSDL and UDDI. Developers and other people interested in learning
More informationIBM. Security Digital Certificate Manager. IBM i 7.1
IBM IBM i Security Digital Certificate Manager 7.1 IBM IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in
More informationPROGRAMMING Kyriacou E. Frederick University Cyprus. Network communication examples
ACSC424 NETWORK APPLICATION PROGRAMMING Kyriacou E. Frederick University Cyprus communication examples The OSI reference model (proposed by ISO) Application A Application B 2 Application Application Presentation
More informationIndustry Advisory DIGITAL SIGNATURES AND C14N CROSS PLATFORM COMPATIBILITY ISSUES: RECOMMENDATIONS FOR FEMA IPAWS CONTENTS AND OTHER CAP SYSTEMS.
DIGITAL SIGNATURES AND C14N CROSS PLATFORM COMPATIBILITY ISSUES: RECOMMENDATIONS FOR FEMA IPAWS AND OTHER CAP SYSTEMS. CONTENTS OVERVIEW AND RECOMMENDATIONS... 1 BACKGROUND: IPAWS AND EXCLUSIVE CANONICALIZATION...
More informationTestpassport.
Testpassport http://www.testpassport.cn Exam : 000-609 Title : IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP Version : Demo 1 / 15 1. Which of the following is an advantage of using WS-Security
More informationIdentity management. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014
Identity management Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 Outline 1. Single sign-on 2. SAML and Shibboleth 3. OpenId 4. OAuth 5. (Corporate IAM) 6. Strong identity 2
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 11: Public Key Infrastructure Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Public key infrastructure Certificates Trust
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationThe BritNed Explicit Auction Management System. Kingdom Web Services Interfaces
The BritNed Explicit Auction Management System Kingdom Web Services Interfaces Version 5.2 February 2015 Page 2 of 141 Contents 1. PREFACE... 7 1.1. Purpose of the Document... 7 1.2. Document Organization...
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationAccess to RTE s Information System by software certificates under Microsoft Windows 7
by software certificates under Microsoft Windows 7 PKI User guide Version 4, 01/01/2017 Programmes & SI (PSI) TOUR MARCHAND 41 RUE BERTHELOT - 92411 COURBEVOIE CEDEX TEL : 01.78.66.50.00 - FAX : 01.78.66.50.64
More informationITdumpsFree. Get free valid exam dumps and pass your exam test with confidence
ITdumpsFree http://www.itdumpsfree.com Get free valid exam dumps and pass your exam test with confidence Exam : 000-609 Title : IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP Vendors : IBM
More informationDigital Certificates. PKI and other TTPs. 3.3
Digital Certificates. PKI and other TTPs. 3.3 1 Certification-service providers Spanish Law 59/03 Art. 2.2 or Directive 1999/93/EC Art. 2.11: Certification-service providers means an entity or a legal
More informationNational Identity Exchange Federation. Web Services System- to- System Profile. Version 1.1
National Identity Exchange Federation Web Services System- to- System Profile Version 1.1 July 24, 2015 Table of Contents TABLE OF CONTENTS I 1. TARGET AUDIENCE AND PURPOSE 1 2. NIEF IDENTITY TRUST FRAMEWORK
More informationOracle Fusion Middleware
Oracle Fusion Middleware Understanding Oracle Web Services Manager 12c (12.1.2) E28242-01 June 2013 Documentation for developers and administrators that introduces features of the Oracle Web Services Manager
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationOracle Fusion Middleware
Oracle Fusion Middleware Securing WebLogic Web Services for Oracle WebLogic Server 11g Release 1 (10.3.1) E13713-01 May 2009 This document explains how to secure WebLogic Web services for Oracle WebLogic
More informationCredential Management in the Grid Security Infrastructure. GlobusWorld Security Workshop January 16, 2003
Credential Management in the Grid Security Infrastructure GlobusWorld Security Workshop January 16, 2003 Jim Basney jbasney@ncsa.uiuc.edu http://www.ncsa.uiuc.edu/~jbasney/ Credential Management Enrollment:
More information