1 / 25

Alignment with emerging Web Service Standards

Alignment with emerging Web Service Standards. Web Service Standards Stack. …. Presentation (WSRP). Various specs. Industry-specific. Grid (OGSI). Process Flow (BPEL, WS-Coordination). Transactions (WS-Transaction). Discovery (UDDI, ebXML). QoS (WS-Policy, …).

arsenio-holt
Download Presentation

Alignment with emerging Web Service Standards

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Alignment with emerging Web Service Standards

  2. Web Service Standards Stack … Presentation (WSRP) Various specs Industry-specific Grid (OGSI) Process Flow (BPEL, WS-Coordination) Transactions (WS-Transaction) Discovery (UDDI, ebXML) QoS (WS-Policy, …) Security (WS-Security, SSL, SAML, …) Description (WSDL) Messaging (SOAP, XMLP) Transport (HTTP, HTTPR, SMTP) Network (TCP/IP)

  3. Web Service Standards Stack … … Presentation (WSRP) Presentation (WSRP) Various specs Various specs Industry-specific Grid (OGSI) Grid (OGSI) Industry-specific Process Flow (BPEL, WS-Coordination) Process Flow (BPEL, WS-Coordination) Transactions (WS-Transaction) Discovery (UDDI, ebXML) Discovery (UDDI, ebXML) Transactions (WS-Transaction) QoS (WS-Policy, …) Security (WS-Security, SSL, SAML, …) Security (WS-Security, SSL, SAML, …) QoS (WS-Policy, …) Description (WSDL) Description (WSDL) Messaging (SOAP, XMLP) Messaging (SOAP, XMLP) Transport (HTTP, HTTPR, SMTP) Transport (HTTP, HTTPR, SMTP) Network (TCP/IP) Network (TCP/IP)

  4. Stateful Web Services • Port References (comments in WS-Coordination) – Ability to dynamically refer to ports for targeted invocations • Context (comments in WS-Coordination) – ability to supply stateful information for return with later invocations. • Service Instances (examples include Borland at http://www.systinet.com/doc/wasp_developer_jb/advanced/statefulWebServices.html#advancedTopics.statefulWebServices.mechanism, BPEL and OGSI efforts) – ability to return a reference to a new instance which can be resupplied on later invocations => Mechanisms for Producers exposing portlet instances at runtime should align with these.

  5. Web Service Standards Stack … … Presentation (WSRP) Presentation (WSRP) Various specs Various specs Industry-specific Grid (OGSI) Grid (OGSI) Industry-specific Process Flow (BPEL, WS-Coordination) Process Flow (BPEL, WS-Coordination) Transactions (WS-Transaction) Discovery (UDDI, ebXML) Discovery (UDDI, ebXML) Transactions (WS-Transaction) QoS (WS-Policy, …) Security (WS-Security, SSL, SAML, …) Security (WS-Security, SSL, SAML, …) QoS (WS-Policy, …) Description (WSDL) Description (WSDL) Messaging (SOAP, XMLP) Messaging (SOAP, XMLP) Transport (HTTP, HTTPR, SMTP) Transport (HTTP, HTTPR, SMTP) Network (TCP/IP) Network (TCP/IP)

  6. Web Service Security • Broad set of specifications that cover • Authentication • Authorization • Privacy • Trust • Integrity • Confidentiality • Secure communication channels • Federation • Delegation • Auditing • Framework builds upon • Soap • WSDL • XML Digital Signatures • XML Encryption • SSL/TLS • …

  7. Web Service Security Layers WS-PolicyAttachments WS-PolicyAssertions WS-SecurityPolicy WS-Federation WS- SecureConversation WS-Trust WS-Authorization WS-Security Profile for XML-based Tokens WS-Policy WS-Privacy WS-Security (Framework) SOAP/XML Foundation (SSL, Digital signatures, encryption, …)

  8. SOAP/XML Foundations • SSL/TLS – Current means to exchange messages at various levels of security • XML Digital Signatures – Sign portions of an document … relative to authentication and non-repudiation • XML Encryption – Using ciphers to make portions of a document unavailable to 3rd parties

  9. SOAP/XML Foundations • SAML – Markup language for exchanging security related assertions about a document, its source and recipients. • XACML – Exchanging access control information using SAML. • XCBF - Defining secure XML encodings for the Common Biometric Exchange File Formats (NISTIR 6529). • XrML – Rights markup language • …(see http://www.oasis-open.org/committees/security-jc/)

  10. WS Security Model Terminology • Web Service - Application components whose functionality and interfaces are exposed through XML, SOAP and WSDL • (Signed) Security Token - A security token that is asserted (and cryptographically endorsed) by a specific authority • Claim - A statement a client makes (e.g. name, identity, key, group, privilege, capability, etc). • Claim Requirements - Requirements for the claims a client makes with an invocation to the Web Service. • Subject - A principal (e.g. a person) about which the claims expressed in the security token apply

  11. WS Security Model Terminology • Subject - A principal (e.g. a person) about which the claims expressed in the security token apply • Proof-of-Possession - Used to demonstrate the sender's knowledge of information that SHOULD only be known to the sender of a security token. • Intermediaries - Parties that perform actions such as routing a SOAP message or even modifying the message. For example, an intermediary may add headers, encrypt or decrypt pieces of the message, or add additional security tokens. • Actor - An intermediary or SOAP endpoint which is identified by a URI and which processes a SOAP message.

  12. WS Security Model • Todays technologies offer network and transport layer security • IPsec, SSL, TLS • SOAP message model operates on logical endpoints, often via multi-hop with intermediaries • Need for SOAP message-level end-to-end security Security Context Requestor Intermediary Web Service

  13. WS Security Token Service Model • Web Service requires a set of claims • If message arrives without needed claims -> reject or ignore message • Requestor send proof of claims by associating security tokens with message • Security tokens may be obtained from security token services (Web Services) Security Token Claims Claims Security Token Service Policy Policy Policy Requestor Web Service Security Token Security Token Claims Claims Claims Claims

  14. WS-Security • Describes SOAP header enhancements to provide message integrity and confidentiality • By leveraging XML Signature and XML Encryption • Provides general purpose mechanism to attach security tokens to messages • No specific type of security token mandated • Support for multiple security token formats • Support for specifying binary security tokens like X.509 certificates or kerberos tickets • Specifies encoding for binary security tokens, especially X.509 certificates and Kerberos tickets • Working Draft 8 - 12/12/2002 • See http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwssecur/html/securitywhitepaper.asp

  15. WS-Policy • Framework for web services to specify their requirements and capabilities • Defines: • Header element for carrying domain-specific policy declarations • Operators for combining policies • Connecting policies to their targets • See ftp://www6.software.ibm.com/software/developer/library/ws-policy.pdf • Public draft – 12/18/02 PolicyAttachments PolicyAssertions SecurityPolicy Federation SecureConversation Trust Authorization XML Token Profile Policy Privacy WS-Security SOAP/XML Foundation

  16. WS-PolicyAssertions • Defines basic assertions needed to enable Web services applications • TextEncoding – what character sets are supported • Language – what locales are supported (xml:lang) • SpecVersion • MessagePredicate – preconditions for an invocation • … • See http://www.verisign.com/wss/WS-PolicyAssertions.pdf • Public draft - 12/18/02 PolicyAttachments PolicyAssertions SecurityPolicy Federation SecureConversation Trust Authorization XML Token Profile Policy Privacy WS-Security SOAP/XML Foundation

  17. WS-SecurityPolicy • Defines extensions to WS-Policy for describing the security properties of a Web Service • Policy Assertions • Security Token requirements • Encoding formats • Supported algorithms • See http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnglobspec/html/ws-securitypolicy.asp • Public draft - 12/18/02 PolicyAttachments PolicyAssertions SecurityPolicy Federation SecureConversation Trust Authorization XML Token Profile Policy Privacy WS-Security SOAP/XML Foundation

  18. WS-PolicyAttachments • Defines how policies are attached to existing XML Web service technologies. • To specific documents – elements may use an attribute to point at policy statements • To WSDL definitions – defines how these policy attributes are interpreted for WSDL definitions • To UDDI entities – tModel defined for declaring service uses policy declarations • See ftp://www6.software.ibm.com/software/developer/library/ws-policyattachment.pdf • Public draft - 12/18/02 PolicyAttachments PolicyAssertions SecurityPolicy Federation SecureConversation Trust Authorization XML Token Profile Policy Privacy WS-Security SOAP/XML Foundation

  19. WS-Trust • Describes model on how to establish trust relationships • Direct • Brokered • Via third parties and intermediaries • Defines Security Token Service (Web Service) • Request/obtain security tokens • Validate security tokens • Trust Management (non-normative) • Fixed trust roots • Trust hierarchies • Authentication service • See http://www.verisign.com/wss/WS-Trust.pdf • Public draft - 12/18/02 PolicyAttachments PolicyAssertions SecurityPolicy Federation SecureConversation Trust Authorization XML Token Profile Policy Privacy WS-Security SOAP/XML Foundation

  20. WS-SecureConversation • Describes how to • Authenticate requestor • Authenticate services • Establish mutually authenticated security context • Establish session keys • Derived keys • Per-message keys • See http://www.rsasecurity.com/solutions/web-services/specifications/WS-SecureConversation.pdf • Public draft - 12/18/02 PolicyAttachments PolicyAssertions SecurityPolicy Federation SecureConversation Trust Authorization XML Token Profile Policy Privacy WS-Security SOAP/XML Foundation

  21. WS-Security Profile for XML-based Tokens • Defines a framework for using XML-based security tokens with WS-Security • SAML binding • XrML binding • See http://www-106.ibm.com/developerworks/library/ws-sectoken.html • Public draft - 8/28/02 PolicyAttachments PolicyAssertions SecurityPolicy Federation SecureConversation Trust Authorization XML Token Profile Policy Privacy WS-Security SOAP/XML Foundation

  22. WS-Privacy • Defines how a Web Service implements privacy • Referenced from other security documents (e.g. Security in a Web Services World: A Proposed Architecture and Roadmap) • Privacy demo in IBM’s Web Services Toolkit supports P3P rules in a WS-Policy type format. PolicyAttachments PolicyAssertions SecurityPolicy Federation SecureConversation Trust Authorization XML Token Profile Policy Privacy WS-Security SOAP/XML Foundation

  23. WS-Federation • Defines how to manage and broker trust relationships in a heterogeneous federated environment including support for federated identities. • Referenced from other security documents (e.g. Security in a Web Services World: A Proposed Architecture and Roadmap) PolicyAttachments PolicyAssertions SecurityPolicy Federation SecureConversation Trust Authorization XML Token Profile Policy Privacy WS-Security SOAP/XML Foundation

  24. WS-Authorization • Describes how the Web Service manages authorization data and policies • Referenced from other security documents (e.g. Security in a Web Services World: A Proposed Architecture and Roadmap) PolicyAttachments PolicyAssertions SecurityPolicy Federation SecureConversation Trust Authorization XML Token Profile Policy Privacy WS-Security SOAP/XML Foundation

  25. Web Service Security Layers Standard Draft Standard Proposal Expected WS-PolicyAttachments WS-PolicyAssertions WS-SecurityPolicy WS-Federation WS- SecureConversation WS-Trust WS-Authorization WS-Security Profile for XML-based Tokens WS-Policy WS-Privacy WS-Security (Framework) SOAP/XML Foundation (SSL, Digital signatures, encryption, …)

More Related