Slide 1IntroductionSlide 3Slide 4Slide 5Challenges and RequirementsSlide 7Current MechanismsIntegrated Security ArchitectureSlide 10The integrated security architecture is based on the following key elements:Slide 12Slide 13Basic Security StagesIntegrated Security Architecture and Web Services SecuritySlide 16ConclusionSlide 18Presented by:Sonali PagadeNibha Dhagathttp://www.cs.unb.ca/baseweb/baseweb03/papers/abbie-barbir-BaseWeb2003-paper1.pdfIntroductionWeb Services are emerging as an important technology for various forms of Information Services.A key Enabler is to develop an effective security model for Web Services.No broadly-adopted specifications yet.This paper describes a multi-layered security architecture to be used by Enterprise for securing Web Services.IntroductionSome aspects of Web Services are standardized in OASIS.Our goal is to develop Semantic Web Enabled Web Services.The use of semantic web technologies such as ontologies will help in transforming the web into a distributed device that can handle machine processable and machine interpretable content.IntroductionThis paper talks about an integrated security architecture that can be used at multiple layers in a network to ensure network and web service security.Challenges and RequirementsRequirements for providing end-to-end WS-security are:Authentication MechanismAuthorization to access resourcesData integrity and confidentialityIntegrity of transactions and communicationsNon-repudiationEnd-to-end integrity and confidentiality of messagesSecurity and Audit trialsDistributed security policy enforcementCurrent MechanismsSome of the important existing security standards are:XKMSSAMLXACMLXML Signature and XML EncryptionWS-SecurityIntegrated Security ArchitectureOrganizations that are considering implementing Web Services need to make security an integral part of their efforts. The Integrated Security Architecture promotes a process, rather than an endpoint. Effective security is not achieved through a one-time initiative.The integrated security architecture is based on the following key elements:Multi-layer security that defines security protection functions at application, network assisted, and network security levels.Variable-depth security across the enterprise and not just at the edge of the Internet. Closed-loop policy managementUniform access managementSecure network operationsSecure multimedia communicationsIntegrated Security ArchitectureBasic Security StagesIntegrated Security Architecture and Web Services SecurityDistributed Identities The users of Web Services may belong to various security domains and may need to communicate with each other using different identity verification schemes. Distributed Policies Policy principles behind the Integrated Security Architecture enable organizations to support distributed policies as they relate to Web Services.Secure Discovery The principles in the Integrated Security Architecture enable the development of secure discovery mechanisms, whereby, the policies that specify who can discover a service can be enforced. Message Security Message security can ensure privacy, confidentiality and interaction integrity.ConclusionA key enabler of the development and future deployment of Semantic Web Services is the creation and adoption of an effective security model for the current generation of Web
View Full Document