Ws secureconversation
This presentation is the property of its rightful owner.
Sponsored Links
1 / 10

WS-SecureConversation PowerPoint PPT Presentation


  • 44 Views
  • Uploaded on
  • Presentation posted in: General

WS-SecureConversation. Vidya Iyer 3/11/06. Web services. SecureConversation. End-to-end security Leverages SSL, and Kerberos Leverages XMLENC and XMLDSIG Establishes contexts for convenient multi-message communication Initial overhead to establish context, then faster communication.

Download Presentation

WS-SecureConversation

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Ws secureconversation

WS-SecureConversation

Vidya Iyer

3/11/06


Web services

Web services


Secureconversation

SecureConversation

  • End-to-end security

  • Leverages SSL, and Kerberos

  • Leverages XMLENC and XMLDSIG

  • Establishes contexts for convenient multi-message communication

  • Initial overhead to establish context, then faster communication


Terms

Terms

  • Security Token – security related information (ie. X.509 cert, Kerberos ticket, username)

  • Security Context – established authenticated state, and related keys

  • Security Context Token – URI representation of Security Context


Creating secure contexts

Creating Secure Contexts


Changing contexts

Changing contexts

  • Amending, Renewing, Cancel contexts

  • Requester sends Amend URI http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Amend

  • And proof of possession of key

  • Recipients authenticate request and update their context

  • Same for Renew, Cancel


Deriving keys

Deriving keys

  • Common to use SecureContexts to agree on pseudorandom generators to derive keys

  • Uses DeriveKeyToken syntax

  • Syntax is agnostic to key derivation scheme

  • No need to send key material


Benefits over ssl

Benefits over SSL

  • End-to-end security

  • XML aware

  • Selective encryption

  • Easier to nullify existing contexts


Questions

Questions?


  • Login