UTD CS 6V81 - Security for Web Services and Service Oriented Architectures (56 pages)

Previewing pages 1, 2, 3, 4, 26, 27, 28, 53, 54, 55, 56 of 56 page document View the full content.
View Full Document

Security for Web Services and Service Oriented Architectures



Previewing pages 1, 2, 3, 4, 26, 27, 28, 53, 54, 55, 56 of actual document.

View the full content.
View Full Document
View Full Document

Security for Web Services and Service Oriented Architectures

104 views


Pages:
56
School:
The University of Texas at Dallas
Course:
Cs 6v81 - Independent Study In Computer Science Real Time Data Process In Andr
Independent Study In Computer Science Real Time Data Process In Andr Documents
Unformatted text preview:

Security for Web Services and Service Oriented Architectures Bhavani Thuraisingham The University of Texas at Dallas November 5 2010 Acknowledgement Professors Elisa Bertino and Lorenzo Martino Purdue University for much of the information and charts on web services security standards and digital identity management bertino cs purdue edu lmartino purdue edu Others Dr Frederica Pacci University of Milan for ideas obtianed when serving on her thesis committee on reserach in web services security Prof I Ling Yen and Wei She University of Texas at Dallas for collaboration on web services security and the delegation model Book by Thomas Erl on Service Oriented Architectures Prentice Hall 2005 2 Objective and Scope The objective of this course is to provide an overview of the significant developments in SOA and Web Services Security Standards as well as directions for future developments Current work on SOA security is focusing mainly on access control as well as confidentiality and integrity Solutions proposed for systems to address intrusion detection denial of service and infrastructure attacks insider threat analysis including data mining techniques for security applications are beyond the scope of this course 3 Outline SOA and Web services Overview SOA and Web services security Overview WS Security and WS Security 4 Service Oriented Architecture SOA http en wikipedia org wiki Service oriented architecture Service Oriented Architecture SOA is an architectural style that guides all aspects of creating and using business processes packaged as services throughout their lifecycle as well as defining and provisioning the IT infrastructure that allows different applications to exchange data and participate in business processes loosely coupled from the operating systems and programming languages underlying those applications SOA represents a model in which functionality is decomposed into distinct units services which can be distributed over a network and can be combined together and reused to create business applications These services communicate with each other by passing data from one service to another or by coordinating an activity between two or more services SOA concepts makes software development flexible and extensible Service oriented analysis is becoming key to modeling and analyzing software The concepts of Service Oriented Architecture are often seen as built upon and the evolution of the older concepts of distributed computing and modular programming While object orientation views the world as a collection of objects service orientation views the world as a collection of services SOA is technology independent however it is commonly realized using web services 5 Web service definition A Web Service is a software system designed to support interoperable machine to machine interaction over a network It has an interface described in a machine processable format specifically WSDL Other systems interact with the Web service in a manner prescribed by its description using SOAP messages typically conveyed using HTTP with an XML serialization in conjunction with other Web related standards Source http www w3 org TR ws arch 6 SOA Publish Services Query UDDI Answer Request Service requestor Response Service providers 7 Web Services WS Framework An abstract vendor neutral existence defined by standards organizations and implemented by proprietary technology platforms Core building blocks that include web sercices service descriptions and messages A communication agreement centered around service descriptions and WSDL A messaging framework comprised of SOAP technology concepts A service description registration and discovery architecture sometimes realized through UDDI A well defined architecture that supports messaging patterns and compositions A second generation of web services extensions also known as WS specifications continually broadening its underlying feature set Concepts in WS include Message Exchange Patterns MEP Service Activity Coordination Atomic Transaction Business Activities Orchestration WS BPEL Choreography WS CDL Reference Service Oriented Architecture Thomas Erl Prentice Hall 2005 8 Standardization bodies related to Web Services 9 SOA Security Our approach is to implement SOA through web services therefore SOA security essentially is about web services security Three core specifications WS Security XML Signature XML Encryption WS Security is the second generation of technologies for SOA security Single sign on SSO is a form of centralized security mechanism that complements the WS Security extensions Related specifications for SOA security WS Security WS SecurityPolicy WS Trust WS SecureConversation WS Federation XACML Extensibe Rights Markup Language XML Key Management XML Signature SAML NET Passport Secure Socket Layer WS I Basic Security Profile 10 Basic Components of SOA Security Identification For service requestor to acces a secure service provider it must first provide information that expresses its origin or owner This is referred to as making a claim Authentiaction A message being delivered to a receipient must prove that the message is in fact from the sender that it claims Authorization Once authenticated the receipient of a message may need to determine what the requestor is alowed to do Singe sign on It is supported by SAML NET Passport and XACML Confidentiality and Integrity Confidentiality is concerned with protecting the privacy of the message content Integrity ensures that the message has not been altered Transport level and Message level security Transport level securiy is provided by SSL securing HTTP message level confidentiality and integrity are provied by XML Encryption and XML Signature 11 Web Services Security Requirements and Standards Securing Web services mainly requires to provide facilities for securing the integrity and confidentiality of the messages and ensure that the service acts only on requests in messages that express the claims required by policies Role of Standards Providing a Web Services Security Framework that is an integral part of the Web Services Architecture The framework is a layered and composable set of standard specifications 12 WS security Standards framework 13 WS security standards implementations Microsoft NET Framework 2 0 WSE3 0 WS Security OASIS 2004 standard WS Policy WSSecurityPolicy WS Trust WS SecureConversation and WS Addressing SUN Web Services Interoperability Technology WSIT IBM WebSphere Open


View Full Document

Access the best Study Guides, Lecture Notes and Practice Exams

Loading Unlocking...
Login

Join to view Security for Web Services and Service Oriented Architectures and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Security for Web Services and Service Oriented Architectures and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?