Security aspects of XML and Web services
|
|
- Nigel Tate
- 6 years ago
- Views:
Transcription
1 Security aspects of XML and Web services Eduardo B. Fernandez Florida Atlantic University Boca Raton, FL 9/1/01 1
2 Outline Introduction: architectures XML security: transmission XML security: documents Web services security Industry implementations Conclusions 9/1/01 2
3 Introduction XML is a metalanguage used for defining markup vocabularies SOAP is a text-based wire protocol used to transmit XML messages A Web Service is a type of component that is available in the web and can be incorporated in applications or used as a standalone service 9/1/01 3
4 Architectures Web services (eservices) are a part of the application layer Web services are built out of XML, a lowerlevel data layer A SOAP layer is used for XML message transmission Internet layers and web server layers provide support for these layers 9/1/01 4
5 Web Services Architectural Layers WS1 Web Services WS2 Registry UDDI Layer (ebxml) HEADER PAYLOAD... SOAP XML... HTTP 9/1/01 5
6 Security Protection against : Illegal (unauthorized) data disclosure (confidentiality) Illegal data modification (integrity) Illegal data destruction Denial of service (availability) Repudiation of messages 9/1/01 6
7 Policies Policies are high-level institution guidelines There are business policies, security policies, and system policies From security policies we define security models for the security systems Protection of messages in networks and of stored data 9/1/01 7
8 Message security Message confidentiality Digital signatures Message integrity Key management Certificates Authentication 9/1/01 8
9 Security of stored data Access matrix: defines who can do what to a data object. Based on authorization rules with subjects, objects, and access types Role-Based Access Control (RBAC): users are assigned roles according to their functions and given needed rights 9/1/01 9
10 XML security: transmission Based on transport security and document encryption SOAP and its lower layers provide authentication, signatures, key management, and confidentiality XML encryption provides confidentiality 9/1/01 10
11 SOAP security No security specification Security delegated to lower layers: vendordependent Authentication: Kerberos, Windows NTLM, Message confidentiality: SSL, XML encryption Authorization: web servers 9/1/01 11
12 XML Message transport xp message header S2ml payload data S2ml data... 9/1/01 12
13 SOAP message security Headers can be used for signatures Authorization and authentication information in payload XML data can be encrypted Transport data can be encrypted 9/1/01 13
14 <SOAP-ENV:Envelope xmlns:soap-env=" xmlns:xsi=" xmlns:xsd=" <SOAP-ENV:Header> </SOAP-ENV:Header> <SOAP-ENV:Body> <ns1:sayhelloto xmlns:ns1="hello" SOAP-ENV:encodingStyle=" <name xsi:type="xsd:string">john</name> </ns1:sayhelloto> 9/1/01 </SOAP-ENV:Body> 14 </SOAP-ENV:Envelope>
15 XML encryption requirements XML Encryption Working Group Granularity of encryption to the element (including start/end tags) or element content (between the start/end tags) Super-encryption possible 9/1/01 15
16 Public Key Infrastructure XML Key Management Specification (XKMS) Registration of key pairs (X-KRSS) Location of keys for later use Validation information associated with a key (X-KISS) X-KRSS and X-KISS use SOAP and XML 9/1/01 16
17 Adding cryptographic providers public void addprovider(string providerclassname) { outln("adding Provider: " + providerclassname); try { Class providerclass = Class.forName(providerClassName); Provider provider = (Provider) providerclass.newinstance(); Security.addProvider(provider); } catch (ClassNotFoundException cnf) { throw new RuntimeException ("Provider class not found: "+providerclassname); 9/1/01 17
18 XML security: Document One can (and should) use domain-based security according to document contents Languages to define authorizations on elements (access matrix) SAML (Security Assertion Markup Language) XACL (XML Access Control Language) Encryption of elements DTDs, DOMs, and links can also be used for security 9/1/01 18
19 Security Assertion Markup Language (SAML) Part of XML-based Security Services XML framework for exchanging authentication and authorization information SAML information can be added to XML messages 9/1/01 19
20 SAML Credentials Collector Policy Authentication Authority Policy Session Authority Policy Attribute Authority Policy Policy Decision Point Credentials SAML Credentials Assertion Authorization Decision Assertion Authentication Assertion Session Assertions Attribute Assertion System Entity Policy Enforcement Point 9/1/01 20
21 XACML Special technical committee of OASIS Specification of policies for information access over the Internet Combines work of IBM Tokyo and University of Milano, Italy. 9/1/01 21
22 XML Access Control Language XACL is being developed at IBM s Tokyo Research Lab Defines access matrix authorization rules to control access to documents or portions of a document Rule has subject, right, object, and condition 9/1/01 22
23 Access matrix authorization rules Basic rule ( s, a, o ), where s is a subject (active entity), a is an access type, and o is an object Extended rule ( s, a, o, p ), where p is a predicate (access condition or guard ) 9/1/01 23
24 Example Documents have contents and policy Alice has read and write privileges on the contents element Bob has only read privilege on the contents element No other users can access this document (closed system policy) 9/1/01 24
25 <document> <contents id="contents"> <userinfo id="section1"> <date>oct. 8, 1999</date> <name>kudo</date> </userinfo> <bidinfo id="section2"> <price currency="usd">150</price> <brand name="visa"/> </bidinfo> </contents> 9/1/01 25
26 <policy> <xacl> <object href="id(contents)"/> <rule id="rule1"> <acl> <subject><uid>alice</uid></subject> <privilege type="read" sign="+"/> <privilege type="write" sign="+"/> </acl> </rule> <rule id="rule2"> <acl> <subject><uid>bob</uid></subject> <privilege type="read" sign="+"/> </acl> </rule> 9/1/01 26
27 <rule id="rule3"> <acl> <subject></subject> <privilege type="read" sign="-"/> <privilege type="write" sign="-"/> </acl> </rule> </xacl> </policy> </document> 9/1/01 27
28 Other security issues Different representations for the same document and the same representation for different documents Security of links Trust in intermediate steps Security across institutions need for abstract models 9/1/01 28
29 Privacy preferences User control over personal information P3P (Platform for Privacy Preferences), developed by the W3C A standardized set of multiple-choice questions about privacy policies 9/1/01 29
30 Security enforcement XML and Web services security is platform-independent but must be enforced by specific platforms Web Server and Web Application Integrator define execution environment Effect of JSP, ASP, J2EE,.NET components, DBMS, Effect of OS and hardware 9/1/01 30
31 Java-based architecture security * Web Client Request to EJB Result of request Web Server Credential Authorization JSP/Servlet Object remote call EJB container EJB EJB Protection Domain 9/1/01 31
32 Microsoft architecture * Web Client Request to service Result of request Web Server (IIS) Authorization ASP Objects COM objects remote call Remote server Authorization COM COM 9/1/01 32
33 Web services security Transmission security is the same as SOAP security UDDI registries must be secure WSDL should have security statements Registries can also be protected according to ebxml security 9/1/01 33
34 UDDI The Universal Description, Discovery, and Integration specs define a way to publish and discover information about Web services. The UDDI business registration is an XML file that describes a business entity and its Web services Entities are discovered via marketplaces and portals 9/1/01 34
35 UDDI security Not specified in detail, only general policies Only authorized individuals can publish or change information in the registry Changes or deletions can only be made by the originator of the information Each instance of a registry can define its own user authentication mechanism 9/1/01 35
36 Security in ebxml Proposal for registry security (May 2001) Requirements for authentication, integrity, and confidentiality Each request must be authenticated Policy: any known entity can publish and anyone can view UML model for registry security 9/1/01 36
37 ebxml Registry Security model <<Interface>> AccessControlPolicy 0..n Permission 0.n 1 1..n Privilege 1..n 1 0..n <<Interface>> RegistryObject 0..n <<Interface>> PrivilegeAttribute getguid() : String setguid(guid : String) : void geturl() : URL seturl(url : URL) : void getname() : String setname(name : String) : void depricate() : void delete() : void <<Interface>> SecurityClearance 0..n <<Interface>> Group 0..n <<Interface>> Role 0..n 1 <<Interface>> Identity Principal identity: Identity groups: collection 9/1/01 roles: collection 37 securityclearances: collection
38 Security at each layer Web Services UDDI Security WS1 WS2 Registry UDDI Layer (ebxml) ebxml Sec HEADER PAYLOAD... SOAP Dig. Signatures Authentication Key Management Encryption SAML XML XACL... HTTP 9/1/01 38
39 Some industry products * Microsoft s HailStorm IBM Web services Sun ONE Oblix Netegrity Securant Distributed systems Glue 9/1/01 39
40 HailStorm A set of web services from Microsoft that provide a centralized way to store and access user data Services include calendar, wallet, notification, and others. Users must log in through MS Passport authentication service Services and data in MS servers 9/1/01 40
41 HailStorm security Passport uses Kerberos for authentication Doesn t use SOAP s security Users are owners of their data and can see who has had access to their data Microsoft web servers (IIS) have rather poor security.net has RBAC security 9/1/01 41
42 IBM Web services New version of WebSphere Application Server WS Business Integrator will allow MQSeries to deliver SOAP messages DB2 Version 7.2 has a new XML Extender, where Web Services can access DBMS and can store SOAP and UDDI data SOAP security extensions 9/1/01 42
43 WebSphere Security WebSphere has several levels of security and provides a good environment for security Uses RBAC authorization Developed by Tivoli 9/1/01 43
44 SUN ONE * A web service can use a policy engine to dynamically adapt processing and/or results according to rules based on user identity, authorization levels, and other contextual information User and policy information from LDAP PKI and Kerberos for authentication and message protection SAML for exchanging security information 9/1/01 44
45 Sun s iplanet * Role-based authorization Role hierarchies Administrative privileges Domains for segmentation of roles One administrator per domain Superuser administrator over all domains Authentication options 9/1/01 45
46 Oblix * Security product: includes facilities for user profiles (Identity service), authorization (Access), and administration (Presentation) New product NetPoint 5.0 includes AccessXML, IdentityXML, and PresentationXML AccessXML uses SAML 9/1/01 46
47 Netegrity * TransactionMinder product for management and security of web services Uses SAML and XKMS Supports Sun ONE, MS.NET, Oracle 9i, BEA Had already a product for security of web sites: SiteMinder 9/1/01 47
48 Netegrity features * The facilities in Delegated Management Services (DMS) of Netegrity follow closely the proposals we made in 1979 [Woo79]. Can assign users to roles; create, modify, and delete users; create, modify, and delete organizations and their administrators [net]. 9/1/01 48
49 Securant * Access control Users, groups, and realms (domains) Can apply security constraints dynamically Transaction authorization Delegated administration Single Sign-on (SSO) Policy evaluation Auditing and reporting 9/1/01 49
50 Distributed systems CORBA services may be used as web services [Hou99] Simplifies their use in applications and browsers Can apply CORBA security Glue: Java/XML mapping for Web services, uses SOAP with HTTPS 9/1/01 50
51 Web services brokers Example: Wsbang A proxy server to manage Web services consumed by a given company Performs activities such as monitoring behavior, metering,caching, Can be used forn authentication: storing passwords, certificates, authorization 9/1/01 51
52 Conclusions I Rather confusing state: not clear how everything fits together and much change A good security model is basic to produce a consistent and complete security specification Access matrix and Role-Based Access Control appear as obvious choices for authorization models 9/1/01 52
53 Conclusions II There is already a lot of work on cryptography, only hooks and protocols are needed UML models and patterns are very useful to get the complete picture and add precision Institution policies are important Security is an all-levels problem 9/1/01 53
EbXML Registry Security Proposal
1 2 3 4 5 EbXML Registry Security Proposal 6 7 Technical Architecture Security Team 8 9 10 May 10, 2001 Status of this Document 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 There are three categories of
More informationRegistry Security Proposal
Registry Security Proposal Technical Architecture Security Team May 10, 2001 (This document is the non-normative version formatted for printing, July 2001) This document and translations of it MAY be copied
More informationEnterprise SOA Experience Workshop. Module 8: Operating an enterprise SOA Landscape
Enterprise SOA Experience Workshop Module 8: Operating an enterprise SOA Landscape Agenda 1. Authentication and Authorization 2. Web Services and Security 3. Web Services and Change Management 4. Summary
More informationSecurity Assertions Markup Language (SAML)
Security Assertions Markup Language (SAML) The standard XML framework for secure information exchange Netegrity White Paper PUBLISHED: MAY 20, 2001 Copyright 2001 Netegrity, Inc. All Rights Reserved. Netegrity
More informationIdentität und Autorisierung als Grundlage für sichere Web-Services. Dr. Hannes P. Lubich IT Security Strategist
Identität und Autorisierung als Grundlage für sichere Web-Services Dr. Hannes P. Lubich IT Security Strategist The Web Services Temptation For every $1 spent on software $3 to $5 is spent on integration
More informationWarm Up to Identity Protocol Soup
Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital
More informationCA SiteMinder Web Services Security
CA SiteMinder Web Services Security Policy Configuration Guide 12.52 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationHow to Overcome Web Services Security Obstacles
How to Overcome Web Services Security Obstacles Dick Mackey SystemExperts Corporation Agenda Introduction to Web Services Web Services threats Web Services security standards What s here today What you
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationDatapower is both a security appliance & can provide a firewall mechanism to get into Systems of Record
1 2 3 Datapower is both a security appliance & can provide a firewall mechanism to get into Systems of Record 5 White boxes show the access points for different kinds of security. That s what we will
More informationDEPLOYING MULTI-TIER APPLICATIONS ACROSS MULTIPLE SECURITY DOMAINS
DEPLOYING MULTI-TIER APPLICATIONS ACROSS MULTIPLE SECURITY DOMAINS Igor Balabine, Arne Koschel IONA Technologies, PLC 2350 Mission College Blvd #1200 Santa Clara, CA 95054 USA {igor.balabine, arne.koschel}
More informationWeb Services Introduction WS-Security XKMS
Web Service Security Wolfgang Werner HP Decus Bonn 2003 2003 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Agenda Web Services Introduction
More informationChapter 17 Web Services Additional Topics
Prof. Dr.-Ing. Stefan Deßloch AG Heterogene Informationssysteme Geb. 36, Raum 329 Tel. 0631/205 3275 dessloch@informatik.uni-kl.de Chapter 17 Web Services Additional Topics Prof. Dr.-Ing. Stefan Deßloch
More informationEntrust Identification Server 7.0. Entrust Entitlements Server 7.0. Administration Guide. Document issue: 1.0. Date: June 2003
Identification Server 7.0 Entitlements Server 7.0 Administration Guide Document issue: 1.0 Date: June 2003 2003. All rights reserved. is a trademark or a registered trademark of, Inc. in certain countries.
More informationNetwork Security Essentials
Network Security Essentials Fifth Edition by William Stallings Chapter 4 Key Distribution and User Authentication No Singhalese, whether man or woman, would venture out of the house without a bunch of
More informationNational Identity Exchange Federation. Web Services System- to- System Profile. Version 1.1
National Identity Exchange Federation Web Services System- to- System Profile Version 1.1 July 24, 2015 Table of Contents TABLE OF CONTENTS I 1. TARGET AUDIENCE AND PURPOSE 1 2. NIEF IDENTITY TRUST FRAMEWORK
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationJohn Heimann Director, Security Product Management Oracle Corporation
John Heimann Director, Security Product Management Oracle Corporation Oracle9i Application Server v2 Security What s an Application Server? Development and deployment environment Web(HTML,XML,SOAP) J2EE
More informationzentrale Sicherheitsplattform für WS Web Services Manager in Action: Leitender Systemberater Kersten Mebus
Web Services Manager in Action: zentrale Sicherheitsplattform für WS Kersten Mebus Leitender Systemberater Agenda Web Services Security Oracle Web Service Manager Samples OWSM vs
More informationNational Identity Exchange Federation. Terminology Reference. Version 1.0
National Identity Exchange Federation Terminology Reference Version 1.0 August 18, 2014 Table of Contents 1. INTRODUCTION AND PURPOSE... 2 2. REFERENCES... 2 3. BASIC NIEF TERMS AND DEFINITIONS... 5 4.
More informationImplementing a Ground Service- Oriented Architecture (SOA) March 28, 2006
Implementing a Ground Service- Oriented Architecture (SOA) March 28, 2006 John Hohwald Slide 1 Definitions and Terminology What is SOA? SOA is an architectural style whose goal is to achieve loose coupling
More informationWeb services. In plain words, they provide a good mechanism to connect heterogeneous systems with WSDL, XML, SOAP etc.
Web Services Web Services A Web service is a software system designed to support interoperable machine-to-machine interaction over a network. It has an interface described in a machine-processable format
More informationWEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices
WEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices Chris Steel, Ramesh Nagappan, Ray Lai www.coresecuritypatterns.com February 16, 2005 15:25 16:35
More informationC exam. IBM C IBM WebSphere Application Server Developer Tools V8.5 with Liberty Profile. Version: 1.
C9510-319.exam Number: C9510-319 Passing Score: 800 Time Limit: 120 min File Version: 1.0 IBM C9510-319 IBM WebSphere Application Server Developer Tools V8.5 with Liberty Profile Version: 1.0 Exam A QUESTION
More informationWeb Services, ebxml and XML Security
Web Services, ebxml and XML Security Dr David Cheung Director Center for E-Commerce E Infrastructure Development Electronic Commerce Models Business to Customer (B2C) Convenient access to services Business
More information(9A05803) WEB SERVICES (ELECTIVE - III)
1 UNIT III (9A05803) WEB SERVICES (ELECTIVE - III) Web services Architecture: web services architecture and its characteristics, core building blocks of web services, standards and technologies available
More informationIntroduction to Web Services & SOA
References: Web Services, A Technical Introduction, Deitel & Deitel Building Scalable and High Performance Java Web Applications, Barish Web Service Definition The term "Web Services" can be confusing.
More informationArcGIS Server and Portal for ArcGIS An Introduction to Security
ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context
More informationIdentity-Enabled Web Services
Identity-Enabled s Standards-based identity for 2.0 today Overview s are emerging as the preeminent method for program-toprogram communication across corporate networks as well as the Internet. Securing
More informationLesson 13 Securing Web Services (WS-Security, SAML)
Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element
More informationOpen Source in the Corporate World. Open Source. Single Sign On. Erin Mulder
Open Source in the Corporate World Open Source Single Sign On Erin Mulder Agenda Introduction Single Sign On for Multiple s Shared directory (e.g. OpenLDAP) Proxy systems (e.g. Yale CAS) X.509 certificates
More informationUsing the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway
Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway Applying Application Delivery Technology to Web Services Overview The Cisco ACE XML Gateway is the newest
More informationArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith
ArcGIS Enterprise Security: An Introduction Gregory Ponto & Jeff Smith Agenda ArcGIS Enterprise Security Model Portal for ArcGIS Authentication Authorization Building the Enterprise Encryption Collaboration
More informationIntroduction to Web Services & SOA
References: Web Services, A Technical Introduction, Deitel & Deitel Building Scalable and High Performance Java Web Applications, Barish Service-Oriented Programming (SOP) SOP A programming paradigm that
More informationWeb Services Security
Web Services Security scs2wl@comp.leeds.ac.uk MSc Information Systems 2002/03 School of Computing University of Leeds Leeds, LS2 9JT, UK Supervisor: Mr. Bill Whyte Table of Contents Summary... I Acknowledgments...II
More informationSecuring your Standards Based Services. Rüdiger Gartmann (con terra GmbH) Satish Sankaran (Esri)
Securing your Standards Based Services Rüdiger Gartmann (con terra GmbH) Satish Sankaran (Esri) Agenda What are your security goals? Access control Standards and interoperability User management and authentication
More informationXML Key Information System for Secure e-trading
XML Key Information System for Secure e-trading Nam-Je Park, Ki-Young Moon, Sung-Won Sohn Informatoion Security Research Division Electronics Telecommunications Research Institute(ETRI) 161 Gajeong-dong,
More informationINTEGRATED SECURITY SYSTEM FOR E-GOVERNMENT BASED ON SAML STANDARD
INTEGRATED SECURITY SYSTEM FOR E-GOVERNMENT BASED ON SAML STANDARD Jeffy Mwakalinga, Prof Louise Yngström Department of Computer and System Sciences Royal Institute of Technology / Stockholm University
More informationTIBCO ActiveMatrix Policy Director Administration
TIBCO ActiveMatrix Policy Director Administration Software Release 2.0.0 November 2014 Document Updated: January 2015 Two-Second Advantage 2 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES
More informationOracle Access Manager 10g - Oracle Enterprise Gateway Integration Guide
An Oracle White Paper June 2011 Oracle Access Manager 10g - Oracle Enterprise Gateway Integration Guide 1/26 Disclaimer The following is intended to outline our general product direction. It is intended
More informationHyperion System 9 BI+ Analytic Services
Hyperion System 9 BI+ Analytic The Hyperion System 9 BI+ Analytic release 9.3 Support Matrix includes support information for the following areas: Operating Systems o Server o Client Web / Application
More informationJ2EE APIs and Emerging Web Services Standards
J2EE APIs and Emerging Web Services Standards Session #4 Speaker Title Corporation 1 Agenda J2EE APIs for Web Services J2EE JAX-RPC APIs for Web Services JAX-RPC Emerging Web Services Standards Introduction
More informationAccess Control Service Oriented Architecture
http://www.cse.wustl.edu/~jain/cse571-09/ftp/soa/index.html 1 of 13 Access Control Service Oriented Architecture Security Yoon Jae Kim, yj1dreamer AT gmail.com (A project report written under the guidance
More information1. Federation Participant Information DRAFT
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES [NOTE: This document should be considered a as MIT is still in the process of spinning up its participation in InCommon.] Participation in InCommon
More informationExisting Healthcare Standards
Existing Healthcare Standards Category Context (Information Model) Information Interchange Standard & Specific Elements ASN.1 Abstract Syntax Notation.1 ASTM E2369-05 Standard Specification for Continuity
More informationWS-* Standards. Szolgáltatásorientált rendszerintegráció Service-Oriented System Integration. Dr. Balázs Simon BME, IIT
WS-* Standards Szolgáltatásorientált rendszerintegráció Service-Oriented System Integration Dr. Balázs Simon BME, IIT Outline Integration requirements WS-* standards 2 Integration requirements 3 Integration
More informationOracle Developer Day
Oracle Developer Day Sponsored by: Track # 1: Session #2 Web Services Speaker 1 Agenda Developing Web services Architecture, development and interoperability Quality of service Security, reliability, management
More informationFederated Identity Manager Business Gateway Version Configuration Guide GC
Tivoli Federated Identity Manager Business Gateway Version 6.2.1 Configuration Guide GC23-8614-00 Tivoli Federated Identity Manager Business Gateway Version 6.2.1 Configuration Guide GC23-8614-00 Note
More informationAn Overview of Secure and Authenticated Remote Access to Central Sites
Workshop on Data Access to Micro-Data (WDA) Nuernberg, August 20-21 An Overview of Secure and Authenticated Remote Access to Central Sites Dr Milan Marković Banca Intesa ad Beograd, Serbia milan.markovic@bancaintesabeograd.com
More informationBEA WebLogic Server Integration Guide
IBM Tivoli Access Manager for e-business BEA WebLogic Server Integration Guide Version 5.1 SC32-1366-00 IBM Tivoli Access Manager for e-business BEA WebLogic Server Integration Guide Version 5.1 SC32-1366-00
More informationMajor SAML 2.0 Changes. Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007
Major SAML 2.0 Changes Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007 Tokens, Protocols, Bindings, and Profiles Tokens are requests and assertions Protocols bindings are communication
More informationFederated Web Services with Mobile Devices
Federated Web Services with Mobile Devices Rajeev Angal Architect Sun Microsystems Pat Patterson Architect Sun Microsystems Session TS-6673 Copyright 2006, Sun Microsystems, Inc., All rights reserved.
More informationUsing IBM DataPower as the ESB appliance, this provides the following benefits:
GSB OVERVIEW IBM WebSphere Data Power SOA Appliances are purpose-built, easy-to-deploy network devices that simplify, secure, and accelerate your XML and Web services deployments while extending your SOA
More informationResearch Report. IBM Research. Trends in Access Control. RZ 3529 (# 99473) 01/19/04 Computer Science 4 pages. Thomas Groß
RZ 3529 (# 99473) 01/19/04 Computer Science 4 pages Research Report Trends in Access Control Thomas Groß IBM Research GmbH Zurich Research Laboratory 8803 Rüschlikon Switzerland tgr@zurich.ibm.com Anthony
More informationPortals, uportal and JA-SIG. Jim Farmer China Education and Research Conference 2002 Beijing, China March 28, 2002
Portals, uportal and JA-SIG Jim Farmer China Education and Research Conference 2002 Beijing, China March 28, 2002 Portals A student s Web World Research Administrative Library Instruction Portal defined
More informationNovell Access Manager 3.1
Technical White Paper IDENTITY AND SECURITY www.novell.com Novell Access Manager 3.1 Access Control, Policy Management and Compliance Assurance Novell Access Manager 3.1 Table of Contents: 2..... Complete
More informationThe Business of Identity: Business Drivers and Use Cases of Identity Web Services
The Business of Identity: Business Drivers and Use Cases of Identity Web Services Roger Sullivan, Vice President, Liberty Alliance Vice President, Oracle Corporation Liberty s Architecture Liberty Identity
More informationCanadian Access Federation: Trust Assertion Document (TAD)
1. Canadian Access Federation Participant Information 1.1.1. Organization name: DOUGLAS COLLEGE 1.1.2. Information below is accurate as of this date: November 16, 2017 1.2 Identity Management and/or Privacy
More informationSingle Sign-On. Introduction
Introduction DeliverySlip seamlessly integrates into your enterprise SSO to give your users total email security and an extra set of robust communications tools. Single sign-on (SSO) systems create a single
More informationHyperion System 9 Financial Management release
Hyperion System 9 Financial Management release 9.2.0.3 The Hyperion System 9 Financial Management release 9.2.0.3 Matrix includes support information for the following areas: Operating Systems o Server
More informationEPiServer Portals. Abstract
EPiServer Portals Abstract This white paper outlines EPiServer's portal functionality. The document includes a high-level description of Web Services for Remote Portlets (WSRP) technology. Product version:
More informationNew open source CA development as Grid research platform.
New open source CA development as Grid research platform. National Research Grid Initiative in Japan Takuto Okuno. 1 About NAREGI PKI Group (WP5) 2 NAREGI Authentication Service Perspective To develop
More informationExcerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt
Excerpts of Web Application Security focusing on Data Validation adapted for F.I.S.T. 2004, Frankfurt by fs Purpose of this course: 1. Relate to WA s and get a basic understanding of them 2. Understand
More informationProgramming Web Services in Java
Programming Web Services in Java Description Audience This course teaches students how to program Web Services in Java, including using SOAP, WSDL and UDDI. Developers and other people interested in learning
More informationKEY DISTRIBUTION AND USER AUTHENTICATION
KEY DISTRIBUTION AND USER AUTHENTICATION Key Management and Distribution No Singhalese, whether man or woman, would venture out of the house without a bunch of keys in his hand, for without such a talisman
More informationIdentity management. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014
Identity management Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 Outline 1. Single sign-on 2. SAML and Shibboleth 3. OpenId 4. OAuth 5. (Corporate IAM) 6. Strong identity 2
More informationTivoli Federated Identity Manager. Sven-Erik Vestergaard Certified IT Specialist Security architect SWG Nordic
Tivoli Federated Identity Manager Sven-Erik Vestergaard Certified IT Specialist Security architect SWG Nordic svest@dk.ibm.com IBM Software Day Vilnius 2009 Agenda IBM strategy on IAA What is a federation
More informationMQ Jumping... Or, move to the front of the queue, pass go and collect 200
MQ Jumping.... Or, move to the front of the queue, pass go and collect 200 Martyn Ruks DEFCON 15 2007-08-03 One Year Ago Last year I talked about IBM Networking attacks and said I was going to continue
More informationIBM Tivoli Identity Manager V5.1 Fundamentals
IBM Tivoli Identity Manager V5.1 Fundamentals Number: 000-038 Passing Score: 600 Time Limit: 120 min File Version: 1.0 http://www.gratisexam.com/ IBM 000-038 IBM Tivoli Identity Manager V5.1 Fundamentals
More informationIdentity Provider for SAP Single Sign-On and SAP Identity Management
Implementation Guide Document Version: 1.0 2017-05-15 PUBLIC Identity Provider for SAP Single Sign-On and SAP Identity Management Content 1....4 1.1 What is SAML 2.0.... 5 SSO with SAML 2.0.... 6 SLO with
More information1Z Java EE 6 Web Services Developer Certified Expert Exam Summary Syllabus Questions
1Z0-897 Java EE 6 Web Services Developer Certified Expert Exam Summary Syllabus Questions Table of Contents Introduction to 1Z0-897 Exam on Java EE 6 Web Services Developer Certified Expert... 2 Oracle
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationCloud Access Manager Overview
Cloud Access Manager 8.1.3 Overview Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished
More informationInternational Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 6, Nov-Dec 2015
RESEARCH ARTICLE OPEN ACCESS Middleware Interoperability using SOA for Enterprise Business Application T Sathis Kumar Assistant Professor Department of Computer Science and Engineering Saranathan College
More informationWeb Services Security. Dr. Ingo Melzer, Prof. Mario Jeckle
Web Services Security Dr. Ingo Melzer, Prof. Mario Jeckle What is a Web Service? Infrastructure Web Service I. Melzer -- Web Services Security 2 What is a Web Service? Directory Description UDDI/WSIL WSDL
More informationISA 767, Secure Electronic Commerce Xinwen Zhang, George Mason University
Identity Management and Federated ID (Liberty Alliance) ISA 767, Secure Electronic Commerce Xinwen Zhang, xzhang6@gmu.edu George Mason University Identity Identity is the fundamental concept of uniquely
More informationASC Chairman. Best Practice In Data Security In The Cloud. Speaker Name Dr. Eng. Bahaa Hasan
Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Best Practice In Data Security
More informationWeb Services in Cincom VisualWorks. WHITE PAPER Cincom In-depth Analysis and Review
Web Services in Cincom VisualWorks WHITE PAPER Cincom In-depth Analysis and Review Web Services in Cincom VisualWorks Table of Contents Web Services in VisualWorks....................... 1 Web Services
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Concordia University of Edmonton Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that
More informationServices and Identity Management Contents. A Basic Web Service. Web applications. Applications and Services
Contents Services and Identity Management 1.12.2008 Prof. Sasu Tarkoma Introduction and motivation Contemporary applications and services Web services architecture overview Protocol stack WSDL, SOAP, UDDI
More informationCirius Secure Messaging Single Sign-On
Cirius Secure Messaging seamlessly integrates into your enterprise SSO to give your users total email security and an extra set of robust communications tools. Single sign-on (SSO) systems create a single
More informationMarkLogic Server. Security Guide. MarkLogic 9 May, Copyright 2017 MarkLogic Corporation. All rights reserved.
Security Guide 1 MarkLogic 9 May, 2017 Last Revised: 9.0-3, September, 2017 Copyright 2017 MarkLogic Corporation. All rights reserved. Table of Contents Table of Contents Security Guide 1.0 Introduction
More informationA RESTful Approach to Identity-based Web Services
A RESTful Approach to Identity-based Web Services Marc J. Hadley Hubert A. Le Van Gong Sun Microsystems, Inc. 1 Outline > Identity-based web services intro > RESTful ID-WSF > OAuth Extensions > Permissioned
More informationBEAAquaLogic. Service Bus. Upgrade Guide
BEAAquaLogic Service Bus Upgrade Guide Version 2.5 Document Date: July 2006 Copyright Copyright 1995-2005 BEA Systems, Inc. All Rights Reserved. Restricted Rights Legend This software is protected by copyright,
More informationThe Identity Web An Overview of XNS and the OASIS XRI TC
The Identity Web An Overview of XNS and the OASIS XRI TC XML WG December 17, 2002 Marc LeMaitre VP Technology Strategy OneName Corporation Goals of this presentation Introduce the idea of the Identity
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationSecurity Architecture for Open Grid Services
GWD-I (draft-ggf-ogsa-sec-arch-01) GGF OGSA Security Workgroup http://www.ggf.org/ogsa-sec-wg Nataraj Nagaratnam, IBM Philippe Janson, IBM John Dayka, IBM Anthony Nadalin, IBM Frank Siebenlist, ANL Von
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Okanagan College Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationDell One Identity Cloud Access Manager 8.0. Overview
Dell One Identity Cloud Access Manager 8.0 2015 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under
More informationIBM IBM IBM Tivoli Federated Identity Manager V6.1. Practice Test. Version
IBM 000-891 IBM 000-891 IBM Tivoli Federated Identity Manager V6.1 Practice Test Version 1.1 QUESTION NO: 1 IBM 000-891: Practice Exam Which protocol supports only PULL Single Sign-On (SSO)? A. SAML V2.0
More informationXML Web Service? A programmable component Provides a particular function for an application Can be published, located, and invoked across the Web
Web Services. XML Web Service? A programmable component Provides a particular function for an application Can be published, located, and invoked across the Web Platform: Windows COM Component Previously
More informationForum XWall and Oracle Application Server 10g
Forum XWall and Oracle Application Server 10g technical white paper Forum Systems, Inc. BOSTON, MA 95 Sawyer Road, suite 110 Waltham, MA 02453 SALT LAKE CITY, UT 45 West 10000 South, suite 415 Sandy, UT
More informationIdentity management. Tuomas Aura T Information security technology. Aalto University, autumn 2011
Identity management Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2011 Outline 1. Single sign-on 2. OpenId 3. SAML and Shibboleth 4. Corporate IAM 5. Strong identity 2
More informationOracle Application Server 10 g Security. An Oracle White Paper December 2005
Oracle Application Server 10 g Security An Oracle White Paper December 2005 Oracle Application Server 10g Security Introduction... 3 Security Drivers In An Enterprise... 3 Oracle Application Server 10g
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Conestoga College Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationGoal: Offer practical information to help the architecture evaluation of an SOA system. Evaluating a Service-Oriented Architecture
Evaluating a Service-Oriented Architecture Paulo Merson, SEI with Phil Bianco, SEI Rick Kotermanski, Summa Technologies May 2007 Goal: Offer practical information to help the architecture evaluation of
More informationSecuring the Elastic Stack
Securing the Elastic Stack Jay Modi, Security Software Engineer Tim Vernum, Security Software Engineer Elastic March 1st, 2018 @jaymode2001 @TimVernum Authentication Who are you? 3 Built-in Users elastic
More informationSpotfire Security. Peter McKinnis July 2017
Spotfire Security Peter McKinnis July 2017 Outline Authentication in Spotfire Spotfire Server 7.9 Sites Feature and Authentication Authorization in Spotfire Data Security Spotfire Statistics Services Security
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More information