1 / 14

Application of XML Schema in Web Services Security

Application of XML Schema in Web Services Security. Sridhar Guthula W3C XML Schema 1.0 User Experiences 06-21-2005. About me. 10 years in enterprise software business XML focus since 1998 Projects

gen
Download Presentation

Application of XML Schema in Web Services Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Application of XML Schema in Web Services Security Sridhar Guthula W3C XML Schema 1.0 User Experiences 06-21-2005

  2. About me • 10 years in enterprise software business • XML focus since 1998 • Projects • XML Schema 1.0 validation engine, SOAP security framework,  XSLT 1.0 compiler, hardware based XML Parser. • Large XML based language for a declarative constraint engine • Storing XML documents in a RDBMS • XML Schemas for Catalog Services, XML based RPCs and Workflows Systems QuickTree Inc.

  3. QuickTree SOAP Security Module (SSM) • Designed from the ground up with OEM integration in mind, the SSM hides the complexities of XML processing and allows network equipment like Firewalls, SSL VPN devices and Load Balancers to inspect and secure Web Services traffic QuickTree Inc.

  4. SOAP Security in the Network QuickTree Inc.

  5. Features • XML Denial of Service Prevention  - Checking for XML well-formedness, nested element depth, element length, message size, external entities, attribute length, etc • WSDL Based Access Control  - Limit a user or group's access to particular services or operations defined in the WSDL file • SOAP Structural and Parameter Validation - Prevent mal-structured SOAP messages and apply parameter validation using type checking with full support for regex based schema types • SQL and Command Injection Protection  - Detect and block command injection attacks, commonly hidden as valid parameters • Streaming mode interface - XML messages can be forwarded to the QuickTree module as they come in without blocking QuickTree Inc.

  6. QuickTree SOAP Security Module (SSM) QuickTree Inc.

  7. User Experience QuickTree Inc.

  8. WSDL Based validation • XML Schema 1.0 validation engine (‘C’ based) • Generate schema by combining WSDL, XML Schema and SOAP • Streaming and Hardwarized • Structural Validation vs Data-type validation • ACLs • Issues • Schema Specification • XML Schemas with multiple target namespaces • xsi:type and encoding style • Mapping WSDL/SOAP types to XML Schema types (Ex: soapenc:arrayType) • Versioning QuickTree Inc.

  9. Compliance Levels • Support compliance/conformance levels (like internationalization standards) • Structural validation and/or Data-type validation • Data-centric or Content-centric • Lack of different compliance levels causes vendors to claims full XML Schema compliance. • Reduced user confusion and reduced cost in investigating vendor compliance. QuickTree Inc.

  10. XML Denial of Service Prevention • Checking for XML well-formedness, nested element depth, element length, message size, external entities, attribute length, etc • Most of the XML Schema designers do not consider security • Policies – QuickTree provides global and User-specific • Implementation through inheritance, facets QuickTree Inc.

  11. Validating Canonical XML • Support for validating canonical XML • Canonical form of a valid xml instance should be valid QuickTree Inc.

  12. Views or Aspects • Given XML Schemas viewed in a different light by different users (network admin, application engineer, customer) • Support for different aspects on the same XML Schema • Example: Security aspect • Conformance/Compliance Levels: only do structural validation • Ignore Order/Canonicalization: canonical form of a valid xml instance should be valid • DoS configuration values • Xsi:type support QuickTree Inc.

  13. Contact Info Sridhar Guthula 855 Embedded Way San José, CA 95138-1018 USA 408-979-4800 sguthula@quicktree.com QuickTree Inc.

  14. Q & A QuickTree Inc.

More Related