Web Services, ebxml and XML Security
|
|
- Godwin Cannon
- 6 years ago
- Views:
Transcription
1 Web Services, ebxml and XML Security Dr David Cheung Director Center for E-Commerce E Infrastructure Development
2 Electronic Commerce Models Business to Customer (B2C) Convenient access to services Business to Business (B2B) Automation of business process execution and information exchange across two companies Other models Government to Government (G2G) Government to Citizen (G2C), Government to Business (G2B), B2B2C, G2G2B Most modern e-commerce e services use Internet as delivery medium and XML as data format Internet + XML Web Services
3 What is ebxml? Electronic Business using extensible Markup Language B2B e-commerce standard Enables enterprises of any size, in any global region, to conduct business using the Internet Lower barriers of e-commerce adoption, esp for SMEs Jointly developed by: UN/CEFACT United Nations Center For Trade Facilitation And Electronic Business OASIS Organization for the Advancement of Structured Information Standards Version 1 finalized in May 2001
4 ebxml Business Process Model Registry Profile of Company A Profile of Company B Profile of Company B Company A Collaboration Protocol Agreement (CPA) & Business Process Specification (BPS) Company B ebxml Message Service (ebms)
5 The Need for Security We have traditional business practices working well Putting business online means putting the practices online, including security Authentication Authorization Signature - legally accepted Information integrity Confidentiality Privacy Digital Rights Management
6 Web Services & ebxml Security Both are XML-based protocols relying on Simple Object Access Protocol (SOAP) They are open e-business e standards Need open security standards Everybody knows how the security algorithm works The only secret bit: the private key PKI is naturally fit Web Services & ebxml Security leverage on XML Security, which is based on PKI technologies Never re-invent the wheel
7 Why XML-specific Security Specs? Traditional security technologies focus on binary formats Require mutually agreed, specialized software for interpretation and use Not support common XML technical approaches for managing content (e.g. URIs, XPath,, etc.) Require tight integration of security-specific specific software and applications
8 Characteristics of XML Document Consider this: <?xml version="1.0"?> <rooms> <room type="single" currency="usd" charge="50"/> <room type="double" currency="usd" charge="70"/> <room type="suite" currency="usd" charge="100"/> </rooms>
9 Characteristics of XML Document And this: <?xml version="1.0"?> <rooms> <room type="single" charge="50" currency="usd"/> <room type="double" charge="70" currency="usd"/> <room type="suite" charge="100" currency="usd"/> </rooms>
10 Characteristics of XML Document And also this: <?xml version="1.0"?> <rooms><room type="single" charge="50" currency="usd"/><room type="double" charge="70" currency="usd"/><room type="suite" charge="100" currency="usd"/> </rooms>
11 XML Canonicalization There are all the same! They have same document structure (i.e. same XML Schema) They convey the same information The canonical XML specification (W3C) has defined an algorithm to author the canonical form of XML documents Facilitate checking the message integrity Facilitate applying message security technologies
12 XML Security Defines XML vocabulary for representing security information Supports end-to to-end security Applies to whole document, to individual XML elements, and to arbitrary binary documents Consists of the following specs: XML Digital Signature (XML DigSig) XML Encryption (XML Enc) XML Key Management (XKMS) Authentication and Authorization (SAML) Authorization Rule (XACML)
13 XML Digital Signature W3C Recommendation Provides authentication and non-repudiation Applies to entire doc or individual elements, or multiple docs Allows XML variations by utilizing XML Canonicalization, e.g. whitespaces Supports counter-signatures (signs on other signatures) Signature values can be placed inline to the document
14 ebxml Headers
15 Signature Headers
16 Canonicalization
17 Sign Algorithm
18 Sign which part?
19 Sign only a portion
20 Generate digest
21 Digest output
22 Sign output
23 public key information
24 ebxml message structure
25 XML Digital Signature in Action Step 1: Canonicalize Reduce variations (e.g. double quotes vs single quotes) Step 2: Make Digest Signature is only valid if content not changed The content to be signed is represented using a short, fixed-length digest Step 3: Sign Signature is applied on the digest All algorithms used are referenced in the <Signature> element using a URI Encoding and decoding algorithms should be exactly the same
26 XML Encryption W3C Recommendation Different from SSL/TLS/VPN, XML Encryption provides confidentiality even when the document is stored at a server Applies to entire doc or individual elements, or multiple docs Can be used in conjunction with XML Digital Signatures Supports a variety of encryption algorithms and techniques
27 XML Encryption in Action Encrypt the content using a symmetric key The encrypted content is replaced by an <EncryptedData> > element Encrypt the symmetric key using the recipient s public key Package and send the encrypted content, encrypted key and necessary algorithm information together
28 XML Key Management Specification W3C Candidate Recommendation Handles public key management Defines XML message formats to support requests and responses for public key management Registration of public key Revocation Updates Can be used in conjunction with other XML Security protocols
29 Security Assertion Markup Language Defines XML vocabulary for expressing authentication and authorization assertions A request-response response protocol for conveying SAML assertions Supports single sign-on Useful for passing authentication information between applications
30 XML Access Control Markup Language Defines XML vocabulary to express authorization rules Often used in conjunction with SAML SAML defines who XACML defines who can do what A means for creating policy statements, a collection of rules applicable to a subject
31 Application: Web Services and ebxml OASIS Web Services Security (WSS) makes use of: XML Digital Signature XML Encryption SAML XACML ebxml Messaging Service makes use of: XML Digital Signature XML Encryption
32 Conclusion Open e-business e standards need open security standards XML Security standards define XML languages and processing rules for meeting common security requirements They are based on a foundation of accepted practices and technologies They work together
33 References xml-security.html#soap core/ open.org/committees/tc_home.php?wg_abbrev=security open.org/committees/tc_home.php?wg_abbrev=xacml
Chapter 17 Web Services Additional Topics
Prof. Dr.-Ing. Stefan Deßloch AG Heterogene Informationssysteme Geb. 36, Raum 329 Tel. 0631/205 3275 dessloch@informatik.uni-kl.de Chapter 17 Web Services Additional Topics Prof. Dr.-Ing. Stefan Deßloch
More informationLesson 13 Securing Web Services (WS-Security, SAML)
Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element
More informationPAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1
PAA PKI Mutual Recognition Framework Copyright PAA, 2009. All Rights Reserved 1 Agenda Overview of the Framework Components of the Framework How It Works Other Considerations Questions and Answers Copyright
More informationINTEGRATED SECURITY SYSTEM FOR E-GOVERNMENT BASED ON SAML STANDARD
INTEGRATED SECURITY SYSTEM FOR E-GOVERNMENT BASED ON SAML STANDARD Jeffy Mwakalinga, Prof Louise Yngström Department of Computer and System Sciences Royal Institute of Technology / Stockholm University
More informationThese patterns include: The use of proprietary software
Strategic Planning, F. Kenney, J. Thompson Research Note 7 August 2003 B2B Security Patterns: Finding the Perfect Combination Achieving business-to-business security is a combination of examining internal
More informationDatapower is both a security appliance & can provide a firewall mechanism to get into Systems of Record
1 2 3 Datapower is both a security appliance & can provide a firewall mechanism to get into Systems of Record 5 White boxes show the access points for different kinds of security. That s what we will
More informationThe Identity Web An Overview of XNS and the OASIS XRI TC
The Identity Web An Overview of XNS and the OASIS XRI TC XML WG December 17, 2002 Marc LeMaitre VP Technology Strategy OneName Corporation Goals of this presentation Introduce the idea of the Identity
More informationNetwork Security Essentials
Network Security Essentials Fifth Edition by William Stallings Chapter 4 Key Distribution and User Authentication No Singhalese, whether man or woman, would venture out of the house without a bunch of
More informationWEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices
WEB-202: Building End-to-end Security for XML Web Services Applied Techniques, Patterns and Best Practices Chris Steel, Ramesh Nagappan, Ray Lai www.coresecuritypatterns.com February 16, 2005 15:25 16:35
More informationXML based Business Frameworks. - II- Description grid for XML frameworks
1 / 14 XML based Business Frameworks - II- Description grid for XML frameworks 2 / 14 Document administration Reference Version State Exploitation Sender 20030905.D2.2.XML-BBF.1 2.1 A.Rizk Written by Checked
More informationIdentity-Enabled Web Services
Identity-Enabled s Standards-based identity for 2.0 today Overview s are emerging as the preeminent method for program-toprogram communication across corporate networks as well as the Internet. Securing
More informationFederated Web Services with Mobile Devices
Federated Web Services with Mobile Devices Rajeev Angal Architect Sun Microsystems Pat Patterson Architect Sun Microsystems Session TS-6673 Copyright 2006, Sun Microsystems, Inc., All rights reserved.
More informationASEAN e-authentication Workshop Balwinder Sahota
ASEAN e-authentication Workshop Balwinder Sahota Agenda ASEAN Single Window (ASW) What is ATIGA Form D The information flow of ATIGA Form D and related documents Security Requirements Challenges in Implementation
More informationIdentität und Autorisierung als Grundlage für sichere Web-Services. Dr. Hannes P. Lubich IT Security Strategist
Identität und Autorisierung als Grundlage für sichere Web-Services Dr. Hannes P. Lubich IT Security Strategist The Web Services Temptation For every $1 spent on software $3 to $5 is spent on integration
More informationInternational Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 6, Nov-Dec 2015
RESEARCH ARTICLE OPEN ACCESS Middleware Interoperability using SOA for Enterprise Business Application T Sathis Kumar Assistant Professor Department of Computer Science and Engineering Saranathan College
More informationWeb Services Security
Web Services Security Submitted to Dr. Stefan Robila As Part of CMPT-585, Final Project By Nagalakshmi Kohareswaran Shilpa Venugopal Department of Computer Science Montclair State University Montclair,
More informationRealMe. SAML v2.0 Messaging Introduction. Richard Bergquist Datacom Systems (Wellington) Ltd. Date: 15 November 2012
RealMe Version: Author: 1.0 APPROVED Richard Bergquist Datacom Systems (Wellington) Ltd Date: 15 November 2012 CROWN COPYRIGHT This work is licensed under the Creative Commons Attribution 3.0 New Zealand
More informationSéminaire sur la Certification Electronique
Séminaire sur la Certification Electronique Algiers Algeria, 8-9 December, 2009 International Telecommunication Arab Regional Office Assisting Governments in Developing e-commerce Ecosystems: A Synthesis
More informationThis is a preview - click here to buy the full publication TECHNICAL REPORT. Part 101: General guidelines
TECHNICAL REPORT IEC TR 62325-101 First edition 2005-02 Framework for energy market communications Part 101: General guidelines IEC 2005 Copyright - all rights reserved No part of this publication may
More informationConceptual Modeling and Specification Generation for B2B Business Processes based on ebxml
Conceptual Modeling and Specification Generation for B2B Business Processes based on ebxml HyoungDo Kim Professional Graduate School of Information and Communication, Ajou University 526, 5Ga, NamDaeMoonRo,
More informationWeb Services Security. Dr. Ingo Melzer, Prof. Mario Jeckle
Web Services Security Dr. Ingo Melzer, Prof. Mario Jeckle What is a Web Service? Infrastructure Web Service I. Melzer -- Web Services Security 2 What is a Web Service? Directory Description UDDI/WSIL WSDL
More informationB2B STRATEGIES FOR COMPETITIVE ADVANTAGE. ebxml TRP.
B2B STRATEGIES FOR COMPETITIVE ADVANTAGE ebxml TRP Goal The ebxml goal: To accomplish cross-industry XML-based business process integration. Business events are building blocks that must be understood.
More informationImplementing a Ground Service- Oriented Architecture (SOA) March 28, 2006
Implementing a Ground Service- Oriented Architecture (SOA) March 28, 2006 John Hohwald Slide 1 Definitions and Terminology What is SOA? SOA is an architectural style whose goal is to achieve loose coupling
More informationWeb Services Introduction WS-Security XKMS
Web Service Security Wolfgang Werner HP Decus Bonn 2003 2003 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Agenda Web Services Introduction
More informationNational Identity Exchange Federation. Terminology Reference. Version 1.0
National Identity Exchange Federation Terminology Reference Version 1.0 August 18, 2014 Table of Contents 1. INTRODUCTION AND PURPOSE... 2 2. REFERENCES... 2 3. BASIC NIEF TERMS AND DEFINITIONS... 5 4.
More informationXML Applications. Introduction Jaana Holvikivi 1
XML Applications Introduction 1.4.2009 Jaana Holvikivi 1 Outline XML standards Application areas 1.4.2009 Jaana Holvikivi 2 Basic XML standards XML a meta language for the creation of languages to define
More informationISA 767, Secure Electronic Commerce Xinwen Zhang, George Mason University
Identity Management and Federated ID (Liberty Alliance) ISA 767, Secure Electronic Commerce Xinwen Zhang, xzhang6@gmu.edu George Mason University Identity Identity is the fundamental concept of uniquely
More informationSOA-Tag Koblenz 28. September Dr.-Ing. Christian Geuer-Pollmann European Microsoft Innovation Center Aachen, Germany
SOA-Tag Koblenz 28. September 2007 Dr.-Ing. Christian Geuer-Pollmann European Microsoft Innovation Center Aachen, Germany WS-FooBar Buchstabensuppe WS-BusinessActivity MTOM XPath InfoSet XML WS-Management
More informationA Signing Proxy for Web Services Security
A Signing Proxy for Web Services Security Dr. Ingo Melzer Prof. Mario Jeckle What is a Web Service? Web Service Directory Description UDDI/WSIL WSDL Transport Content Infrastructure SOAP XML Web Service
More informationSecurity Assertions Markup Language (SAML)
Security Assertions Markup Language (SAML) The standard XML framework for secure information exchange Netegrity White Paper PUBLISHED: MAY 20, 2001 Copyright 2001 Netegrity, Inc. All Rights Reserved. Netegrity
More informationDynamic Collaboration of Businesses Using Web Services
Dynamic Collaboration of Businesses Using Web Services By Satoru FUJITA* This paper describes the trends of Web service technologies that support Dynamic Collaboration. ABSTRACT For the realization of
More informationebxml Transport Routing and Packaging Overview and Requirements
ebxml Transport Routing and Packaging Overview and Requirements This paper provides an overview of the Transport Routing and Packaging It describes: an overview and description of the scope of the group's
More informationRID IETF Draft Update
RID IETF Draft Update Kathleen M. Moriarty INCH Working Group 5 August 2004 This work was sponsored by the Air Force under Air Force Contract Number F19628-00-C-0002. "Opinions, interpretations, conclusions,
More informationSEMIC 2013 Semantic interoperability of Civil Status Registers by the International Commission on Civil Status (ICCS-CIEC)
SEMIC 2013 Semantic interoperability of Civil Status Registers by the International Commission on Civil Status (ICCS-CIEC) Dr Panagiotis A. Gouvas R&D Director of UBITECH pgouvas@ubitech.eu The Ubiquitous
More informationSecurity aspects of XML and Web services
Security aspects of XML and Web services Eduardo B. Fernandez Florida Atlantic University Boca Raton, FL www.cse.fau.edu/~ed 9/1/01 1 Outline Introduction: architectures XML security: transmission XML
More informationSecurity Challenges on the Road Ahead. Tim Mather, CISO
Security Challenges on the Road Ahead Tim Mather, CISO How Information Security Should Not Be Perceived 2 How Information Security Should Not Be Engaged 3 Rain on the FIRST Parade No 4 FIRST Best Practice
More informationBerner Fachhochschule. Technik und Informatik. Web Services. An Introduction. Prof. Dr. Eric Dubuis Berner Fachhochschule Biel
Berner Fachhochschule Technik und Informatik Web Services An Introduction Prof. Dr. Eric Dubuis Berner Fachhochschule Biel Overview Web Service versus Web Application A Definition for the Term Web Service
More informationSecuring your Standards Based Services. Rüdiger Gartmann (con terra GmbH) Satish Sankaran (Esri)
Securing your Standards Based Services Rüdiger Gartmann (con terra GmbH) Satish Sankaran (Esri) Agenda What are your security goals? Access control Standards and interoperability User management and authentication
More informationThe ebxml Technical Architecture
The ebxml Technical Architecture Presented by: Duane Nickull CTO, XML Global Technologies May 2 Before we begin Caveats ebxml is a work in progress and the work you see today could be subject to change.
More informationSistemi ICT per il Business Networking
Corso di Laurea Specialistica Ingegneria Gestionale Sistemi ICT per il Business Networking B2B Integration Docente: Vito Morreale (vito.morreale@eng.it) 1 B2B Interactions Businesses are constantly searching
More informationEnterprise SOA Experience Workshop. Module 8: Operating an enterprise SOA Landscape
Enterprise SOA Experience Workshop Module 8: Operating an enterprise SOA Landscape Agenda 1. Authentication and Authorization 2. Web Services and Security 3. Web Services and Change Management 4. Summary
More informationRosetta Net vs. ebxml Security Solutions and Exception Handling
HELSINKI UNIVERSITY OF TECHNOLOGY 15.5.2002 T-86.161 Special Topics in Information Technology for Production II, 2002. Rosetta Net vs. ebxml Security Solutions and Exception Handling Pekka Kantola, Janne
More informationProposed Revisions to ebxml Technical. Architecture Specification v1.04
Proposed Revisions to ebxml Technical Architecture Specification v1.04 Business Process Team 11 May 2001 (This document is the non-normative version formatted for printing, July 2001) Copyright UN/CEFACT
More informationRealisation of SOA using Web Services. Adomas Svirskas Vilnius University December 2005
Realisation of SOA using Web Services Adomas Svirskas Vilnius University December 2005 Agenda SOA Realisation Web Services Web Services Core Technologies SOA and Web Services [1] SOA is a way of organising
More informationPrescription Monitoring Program Information Exchange (PMIX) Architecture. Version 1.0. April 2012
Prescription Monitoring Program Information Exchange (PMIX) Architecture Version 1.0 April 2012 Developed in conjunction with: TABLE OF CONTENTS 1 Document Purpose... 5 2 Document Scope... 5 3 Background...
More informationJ2EE APIs and Emerging Web Services Standards
J2EE APIs and Emerging Web Services Standards Session #4 Speaker Title Corporation 1 Agenda J2EE APIs for Web Services J2EE JAX-RPC APIs for Web Services JAX-RPC Emerging Web Services Standards Introduction
More informationXML Key Information System for Secure e-trading
XML Key Information System for Secure e-trading Nam-Je Park, Ki-Young Moon, Sung-Won Sohn Informatoion Security Research Division Electronics Telecommunications Research Institute(ETRI) 161 Gajeong-dong,
More informationIntroduction to XML. Asst. Prof. Dr. Kanda Runapongsa Saikaew Dept. of Computer Engineering Khon Kaen University
Introduction to XML Asst. Prof. Dr. Kanda Runapongsa Saikaew Dept. of Computer Engineering Khon Kaen University http://gear.kku.ac.th/~krunapon/xmlws 1 Topics p What is XML? p Why XML? p Where does XML
More informationeidas Interoperability Architecture Version November 2015
eidas Interoperability Architecture Version 1.00 6. November 2015 1 Introduction This document specifies the interoperability components of the eidas-network, i.e. the components necessary to achieve interoperability
More informationProgramming Web Services in Java
Programming Web Services in Java Description Audience This course teaches students how to program Web Services in Java, including using SOAP, WSDL and UDDI. Developers and other people interested in learning
More informationCS155b: E-Commerce. Lecture 6: Jan. 25, Security and Privacy, Continued
CS155b: E-Commerce Lecture 6: Jan. 25, 2001 Security and Privacy, Continued FIREWALL A barrier between an internal network & the Internet Protects the internal network from outside attacks Executes administrator-defined
More informationTrilateral On-line Filing Group. 6 th December SCIT
Trilateral On-line Filing Group 6 th December 1999 - SCIT Agenda Overview of document structure Appendix I Trilateral Standard PKI Signature Mechanisms Wrapping, Signing, Packaging Transmission Appendix
More informationLecture III : Communication Security Mechanisms
Lecture III : Communication Security Mechanisms Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 X.800 : Security
More informationImplementation Issues in the ebxml CPA formation process - the Referencing Problem
Implementation Issues in the ebxml CPA formation process - the Referencing Problem Sacha Schlegel Department of Computing Curtin University of Technology GPO Box U1987 Perth Western Australia 6845 Email:
More informationIntroduction to XML 3/14/12. Introduction to XML
Introduction to XML Asst. Prof. Dr. Kanda Runapongsa Saikaew Dept. of Computer Engineering Khon Kaen University http://gear.kku.ac.th/~krunapon/xmlws 1 Topics p What is XML? p Why XML? p Where does XML
More informationzentrale Sicherheitsplattform für WS Web Services Manager in Action: Leitender Systemberater Kersten Mebus
Web Services Manager in Action: zentrale Sicherheitsplattform für WS Kersten Mebus Leitender Systemberater Agenda Web Services Security Oracle Web Service Manager Samples OWSM vs
More informationWill open standards increase ecommerce?
Liberty Alliance Project Open Standards for Network Identity Will open standards increase ecommerce? Bill Smith Director, Liberty Alliance Technology Sun Microsystems Permissions The author has graciously
More informationCERTIFICATE POLICY CIGNA PKI Certificates
CERTIFICATE POLICY CIGNA PKI Certificates Version: 1.1 Effective Date: August 7, 2001 a Copyright 2001 CIGNA 1. Introduction...3 1.1 Important Note for Relying Parties... 3 1.2 Policy Identification...
More informationProposed Revisions to ebxml Technical Architecture Specification v ebxml Business Process Project Team
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 Proposed Revisions to ebxml Technical Architecture Specification v1.0.4 ebxml Business Process Project Team 11
More informationMessage authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:
Message authentication and secure hashing Why message authentication To prevent against: Masquerade/impersonation Modification of message content Modification of message sequence Acceptance of replayed/delayed
More informationExisting Healthcare Standards
Existing Healthcare Standards Category Context (Information Model) Information Interchange Standard & Specific Elements ASN.1 Abstract Syntax Notation.1 ASTM E2369-05 Standard Specification for Continuity
More informationPublic Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman
Public Key Infrastructure PKI National Digital Certification Center Information Technology Authority Sultanate of Oman Agenda Objectives PKI Features etrust Components Government eservices Oman National
More informationCHAPTER 13 ELECTRONIC COMMERCE
CHAPTER 13 ELECTRONIC COMMERCE Article 13.1: Definitions For the purposes of this Chapter: computing facilities means computer servers and storage devices for processing or storing information for commercial
More informationPosition Paper on the Definition of SOA-RM
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 Position Paper on the Definition of SOA-RM Authors: C. Matthew MacKenzie (mattm@adobe.com), Duane A.
More informationeid Interoperability for PEGS WS-Federation
eid Interoperability for PEGS WS-Federation Workshop Brussels 10 May 2007 Agenda 1 Scope 2 Category 3 Approach and description 4 Relevance for eid Interoperability 5 Pro s and Con s 6 Relationship with
More informationSend and Receive Exchange Use Case Test Methods
Send and Receive Exchange Use Case Test Methods Release 1 Version 1.0 October 1, 2017 Send and Receive Exchange Test Methods Release 1 Version 1.0 Technology Sponsor [Name] [Email] [Telephone] Signature
More information1 Introduction and Scope
Summary of CEN Workshop Agreement (CWA) 16036 on Cyber-Identity: Unique Identification Systems For Organizations And Parts Thereof By Adrian Mueller (appointed expert by CEN) and Dr. Otto Mueller (WS member)
More informationNational Identity Exchange Federation. Web Services System- to- System Profile. Version 1.1
National Identity Exchange Federation Web Services System- to- System Profile Version 1.1 July 24, 2015 Table of Contents TABLE OF CONTENTS I 1. TARGET AUDIENCE AND PURPOSE 1 2. NIEF IDENTITY TRUST FRAMEWORK
More informationChapter 8 Information Technology
CRIM 2130 Introduction to Critical Infrastructure Protection Spring 2016 Chapter 8 Information Technology School of Criminology and Justice Studies University of Massachusetts Lowell Enterprise systems
More informationWeb Services Security SOAP Messages with Attachments (SwA) Profile 1.0 Interop 1 Scenarios
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Web Services Security SOAP Messages with Attachments (SwA) Profile 1.0 Interop 1 Scenarios Working Draft 04, 21 Oct 2004 Document identifier:
More informationJXTA TM Technology for XML Messaging
JXTA TM Technology for XML Messaging OASIS Symposium New Orleans, LA 27-April-2004 Richard Manning Senior Software Architect Advanced Technology & Edge Computing Center Sun Microsystems Inc. www.jxta.org
More informationKINGS COLLEGE OF ENGINEERING DEPARTMENT OF INFORMATION TECHNOLOGY. (An NBA Accredited Programme) ACADEMIC YEAR / EVEN SEMESTER
KINGS COLLEGE OF ENGINEERING DEPARTMENT OF INFORMATION TECHNOLOGY (An NBA Accredited Programme) ACADEMIC YEAR 2012-2013 / EVEN SEMESTER YEAR / SEM : IV / VIII BATCH: 2009-2013 (2008 Regulation) SUB CODE
More informationSingle Sign-On. Introduction
Introduction DeliverySlip seamlessly integrates into your enterprise SSO to give your users total email security and an extra set of robust communications tools. Single sign-on (SSO) systems create a single
More informationCertificate service General description Implementation project of a national Incomes Register
Version 1.0 Certificate service General description Implementation project of a national Incomes Register Version history Version Date Description 1.0 30.10.2017 Document published. CONTENTS 1 Foreword...
More informationAn Overview of Secure and Authenticated Remote Access to Central Sites
Workshop on Data Access to Micro-Data (WDA) Nuernberg, August 20-21 An Overview of Secure and Authenticated Remote Access to Central Sites Dr Milan Marković Banca Intesa ad Beograd, Serbia milan.markovic@bancaintesabeograd.com
More informationSOA Security. CORISECIO GmbH - Uhlandstr Darmstadt - Germany - - Copyright All Rights Reserved
SOA Security CORISECIO GmbH - Uhlandstr. 9-64927 Darmstadt - Germany - www.corisecio.de - Copyright 2009 - All Rights Reserved SOA Security 1. Adapter requirements... 1 1. securityruntime (secrt) & managementruntime...
More informationENTR/02/21-IDA/MIDDLEWARE-XML. B2B Frameworks for IDA
ENTR/02/21-IDA/MIDDLEWARE-XML B2B Frameworks for IDA Overall project objectives 2 Phase 1 - Study of B2B frameworks Web services eb-xml XML alone scenarios other frameworks Phase 2 - Analysis of present
More informationMajor SAML 2.0 Changes. Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007
Major SAML 2.0 Changes Nate Klingenstein Internet2 EuroCAMP 2007 Helsinki April 17, 2007 Tokens, Protocols, Bindings, and Profiles Tokens are requests and assertions Protocols bindings are communication
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More information[MS-PICSL]: Internet Explorer PICS Label Distribution and Syntax Standards Support Document
[MS-PICSL]: Internet Explorer PICS Label Distribution and Syntax Standards Support Document Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft
More informationW3C WORKSHOP ON CONSTRAINTS AND CAPABILITIES FOR WEB SERVICES SAP Position Paper
W3C WORKSHOP ON CONSTRAINTS AND CAPABILITIES FOR WEB SERVICES SAP Position Paper 1 September 2004 Author: Claus von Riegen, SAP AG INTRODUCTION While the core Web services standards for message exchange
More informationAUTACK. Secure authentication and acknowledgement message. Edition 2016
EANCOM 2002 S4 Secure authentication and acknowledgement message Edition 2016 1. Introduction... 2 2. Message Structure Chart... 3 3. Branching Diagram... 4 4. Segments Description... 5 5. Segments Layout...
More informationProfiling of Standards A Necessary Step toward Interoperability
ETSI B2B Workshop, July 2008, Sophia Antipolis Profiling of Standards A Necessary Step toward Interoperability Jacques Durand (Fujitsu Computer Systems) 1 FACTS about Standards: - Many optional features
More informationAgenda. Summary of Previous Session. XML for Java Developers G Session 6 - Main Theme XML Information Processing (Part II)
XML for Java Developers G22.3033-002 Session 6 - Main Theme XML Information Processing (Part II) Dr. Jean-Claude Franchitti New York University Computer Science Department Courant Institute of Mathematical
More informationWeb Services Advanced Topics
Web Services Advanced Topics Wokflows & Web Services Kapitel 4 1 Coordination and Transactions 2 Coordination - Motivation Interactions are typically more complex than simple invocations Need to coordinate
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationGlossary of Exchange Network Related Groups
Glossary of Exchange Network Related Groups CDX Central Data Exchange EPA's Central Data Exchange (CDX) is the point of entry on the National Environmental Information Exchange Network (Exchange Network)
More informationSERVICE ORIENTED ARCHITECTURE 2 MARK QUESTION WITH ANSWER
SERVICE ORIENTED ARCHITECTURE 2 MARK QUESTION WITH ANSWER UNIT-I 1. What is XML? XML is a set of rules for structuring, storing and transferring information. This language is used to describe the data
More information1 URI stands for Universal Resource Identifier.
Chapter 1. XML Security The extendible Markup Language (XML) allows organizations to agree on a common, interoperable markup for document formatting (vocabulary), and use it to exchange business documents,
More informationPublic-key Infrastructure Options and choices
Public-key Infrastructure Options and choices Tim Moses Director, Advanced Security Technology April 98 1997 Entrust Technologies Overview General-purpose and Dedicated PKIs Trust models Two-key architecture
More informationPublic Key Infrastructure
Public Key Infrastructure Ed Crowley Summer 11 1 Topics Public Key Infrastructure Defined PKI Overview PKI Architecture Trust Models Components X.509 Certificates X.500 LDAP 2 Public Key Infrastructure
More informationSingapore s National Digital Identity (NDI):
Singapore s National Digital Identity (NDI): Leaving no one behind Kwok Quek Sin Director, National Digital Identity Programme Government Technology Agency PART 1 INTRODUCTION TO NDI Better Living For
More informationAccess Control Service Oriented Architecture
http://www.cse.wustl.edu/~jain/cse571-09/ftp/soa/index.html 1 of 13 Access Control Service Oriented Architecture Security Yoon Jae Kim, yj1dreamer AT gmail.com (A project report written under the guidance
More informationtechnical memo Physical Mark-Up Language Update abstract Christian Floerkemeier & Robin Koh
technical memo Physical Mark-Up Language Update Christian Floerkemeier & Robin Koh auto-id center massachusetts institute of technology, 77 massachusetts avenue, bldg 3-449, cambridge, ma 02139-4307, usa
More informationOATH : An Initiative for Open AuTHentication
OATH : An Initiative for Open AuTHentication Who Are You Really Doing Business With? 2 Oath Proprietary Confidential The New York Magazine, July 5, 1993, Peter Steiner, The Economic Promise of e-business
More informationACORD Web Services Profile: 2.0 vs. 1.0
ACORD Web Services Profile: 2.0 vs. 1.0 Kevin Schipani, Serge Cayron ACORD ACORD 2009 Agenda Introduction ti to AWSP 2.0 Members views - Requirements and Use Cases Conclusion Background AWSP 1 for initial
More informationISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :
ISACA CISA ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : http://killexams.com/pass4sure/exam-detail/cisa QUESTION: 390 Applying a digital signature to data traveling in a
More informationA Secured Web Services Based E-Commerce Model for SMME Using Digital Identity
International Journal of Advancements in Computing Technology A Secured Web Services Based E-Commerce Model for SMME Using Digital Identity Ashwin B.K *1, Kumaran K *1, Madhu Vishwanatham *2 V, M Sumaithri
More information4ICT12 Internet Applications: Web Services
4ICT12 Internet Applications: Web Services Web Service Overview, RPC and conversational styles, WSDL, ebxml Goals and Contents Aims to convey: The motivations for and characteristics of web services The
More informationREST/SOAP Harmonization proposal for Identity-based Web-Services
1 2 3 4 5 6 7 8 9 REST/SOAP Harmonization proposal for Identity-based Web-Services Version: 0.4 Date: 2012-10-16 10 11 Editor: Contributors: Gaël Gourmelen, Orange 12 13 14 15 16 17 18 19 20 21 22 23 24
More information