Software Requirement Specification Web Services Security

Size: px
Start display at page:

Download "Software Requirement Specification Web Services Security"

Transcription

1 Software Requirement Specification Web Services Security Federation Manager 7.5 Version 0.3 (Draft) Please send comments to: This document is subject to the following license: COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0

2

3 Contents 1 Introduction Document Status Revision History Summary Terminology Scope Context Glossary References Overview General Description Product Perspective TA (STS) Securing Web Service using generic WS-I BSP tokens Securing Web Service using Liberty tokens Securing Web Services on other third party containers WSIT Integration User Characteristics Constraints Assumptions and Dependencies Being STS, Federation Manager shall always be a trusted authority WSIT infrastructure for WS-* standards (including WS-Security) support WSIT infrastructure support in all 4 containers (Sun Application Server, IBM WebSphere, BEA WebLogic, Sun Web Server) supported by Federation Manager Future Requirements WSIT infrastructure support for Web Services security using Liberty ID-WSF and Liberty Tokens Specific Requirements Marketing Requirements TA (Security Token Service) Able to host as TA (STS) FM shall be hosted as TA (STS) to issue, renew, cancel, and validate WS-* (WS-I BSP) security tokens (SAML, UserName, X509 and Kerberos) FM shall be hosted as TA to issue, renew, cancel, and validate Liberty ID-WSF security tokens (SAML, Bearer, X509) TA (STS) shall be based on and shall be accessed by WS-Trust protocol implementations for generating WS-* (WS-I BSP) security tokens TA may be (can be) accessed by ID-WSF protocol implementations for generating Liberty ID-WSF security tokens FM should be hosted as TA (STS) to issue, renew, cancel, and validate Encrypted Copyright 2007 Sun Microsystems, Inc. All rights reserved. iii

4 Web Services Security, Version 0.3 (Draft) SSOTOken and non-encrypted SSOToken as security tokens STS service shall have its own schema and configuration based on Federation Manager configuration schema STS service shall behave as any other Web Service Provider end point, which is secured using any generic security token that requires Web Service Client accessing this service to be authenticated FM shall provide unified TA client API FM shall provide following Client API to access TA (STS) service FM shall provider unified TA SPI FM shall provide SPI to facilitate any new Security token implementation plugin to TA FM should provide SPI to validate and convert the input generic Web services security token to any other general token format FM STS shall support broker trust across multiple security domains Inter-operability with Microsoft.net Securing Web Service using generic WS-I BSP tokens WSC : WSI BSP SAML token profile WSP : WSI BSP SAML token profile WSC : WSI BSP UserName token profile WSP : WSI BSP UserName token profile WSC : WSI BSP X509 token profile WSP : WSI BSP X509 token profile WSC : WSI BSP Kerberos token profile WSP : WSI BSP kerberos token profile WSC : SSOToken token profile WSP : SSOToken token profile Securing Web Service using Liberty tokens WSC : Liberty ID-WSF SAML token profile WSP : Liberty ID-WSF SAML token profile WSC : Liberty ID-WSF Bearer token profile WSP : Liberty ID-WSF Bearer token profile WSC : Liberty ID-WSF X-509 token profile WSP : Liberty ID-WSF X-509 token profile WSC : Liberty ID-WSF Kerberos token profile WSP : Liberty ID-WSF Kerberos token profile Containers to be supported FM shall be able to secure web services using WSI BSP token profiles and Liberty ID- WSF token profiles in Sun's Application Server container FM shall be able to secure web services using WSI BSP profiles in BEA's WebLogic container FM shall be able to secure web services using WSI BSP profiles in Sun's Web Server container FM shall be able to secure web services using WSI BSP profiles in Sun's Web Server container Security Requirements WSS providers shall implement and support XML signing on Web service request and iv Copyright 2007 Sun Microsystems, Inc. All rights reserved.

5 Web Services Security, Version 0.3 (Draft) response body WSS providers shall implement and support XML encryption on Web service request and response body Administration Requirements STS service configuration (based on WS-Trust specifications) management should be available via FM Administration Console as well as via Administration CLI interfaces Administration console need to provide means to configure any new Performance Requirements Software implementation shall not add significant overhead over existing and new standard protocol message processing Scalability Requirements FM TA Shall support high availability deployment through load balancer Internationalization Requirements STS configuration viewable via Administration Console should be localized Auditing Requirements FM (TA, WSS client SDK and WSS providers) shall log all Web Services end to end transactions facilitating for reporting and auditing Help Requirements FM Shall provide online document for Administration console based configuration of the STS service FM Shall provide product document about this feature and how things work for this feature Shall provide product document about best practise on Web Services Security setup Other Requirements Deployment WSC, WSP and FM TA shall be deployed in the same domain and same web container. WSC and WSP shall share same FM TA and shall talk to FM TA using FM client SDK WSC, WSP and FM TA shall be deployed in different domains and different web containers as distributed environment. WSC and WSP shall talk to different FM TA using FM client SDK WSC and WSP shall Either need local metadata / configuration information and they need to exchange their metadata / configuration information to each other OR remotely access their metadata / configuration information from FM instance Microsoft.net WSC and WSP ( Microsoft.net API) shall be able to talk to FM TA FM WSC and WSP ( FM WSS providers) shall be able to talk to Microsoft.net TA Samples Sample to demonstrate how to use STS API to request, cancel, validate security tokens Sample to demonstrate how to write new security token generation extending STS SPI Sample (WSC and WSP) to demonstrate securing Web services using WS-Security tokens Sample (WSC and WSP) to demonstrate securing Web services using Liberty ID-WSF tokens Open Issues...20 Copyright 2007 Sun Microsystems, Inc. All rights reserved. v

6 Web Services Security, Version 0.3 (Draft) vi Copyright 2007 Sun Microsystems, Inc. All rights reserved.

7 1 Introduction 1.1 Document Status Project Name Federation Manager 7.5 Document Title Web Services Security Date of Issue 03/09/2007 Current Version 0.3 (Draft) Author Mrudul Uchil Issuing Organization Sun Microsystems, Inc. Feedback 1.2 Revision History Date Version Author Comments 03/02/ Mrudul Uchil First draft. Contributors : Aravindan Ranganathan, Rajeev Angal 03/06/ Mrudul Uchil Incorporated comments from Ping Luo. 03/09/ Mrudul Uchil Incorporated comments from Rajeev Angal, Aravindan Ranganathan and Pat Patterson. 1.3 Summary This document describes all the requirements for supporting generic Web Services Security functionally as well as for enabling Federation Manager to host and run WS-Trust based Security Token Service in addition to be hosted as Discovery Service, based on ID-WSF. The intended audience for this document includes product mangers, product marketing, developers, QA and technical document writers who would like to understand the functionality of the product and would like to evaluate its features to suit their needs. Copyright 2007 Sun Microsystems, Inc. All rights reserved. 1

8 Web Services Security, Version 0.3 (Draft) Introduction 1.4 Terminology The words SHALL and MUST identify the mandatory (essential) requirements in this document. The words SHOULD and MAY identify optional (conditional) requirements. One is required for releasing the product - the other is desired, but not necessary. The words METHOD and MEANS identify some kind of technique by which the feature will be supported. They do not specifically imply either an API (programming language method or procedure) or a command. 1.5 Scope The scope of this document is to cover complete story and support for Web Services ( Security, Identity Authority, etc.) in Federation Manager Context Web service is an application that exposes some type of business or infrastructure functionality though a language-neutral and platform-independent callable interface. In particular, the service exposes its functionality using web services framework (WSF). It defines its interface using Web Service Description Language (WSDL), and it communicates using Simple Object Access Protocol (SOAP) and Extensible Markup Language (XML) messages. Although web services enable open, flexible, and adaptive interfaces, its openness creates security risks. Without proper security protections, a web service can expose vulnerabilities that may cause dire consequences to any enterprise. Hence ensuring the integrity, confidentiality and security of Web Services through the application of a comprehensive security model is critical, for both enterprises and their consumers. Responding to these security concerns a number of initiatives have been started within the standards organizations. The Web Services Interoperability Organization (WS-I) has produced an analysis of security threats associated with web services and standards organizations such as OASIS and Liberty have created a security model that addresses these security concerns. Web Service Security Requirements Web Services Framework (WSF)must support the following security requirements Entity identification and authentication Authorization Data origin identification and authentication Data integrity Data confidentiality Auditing Management and administration Trust management Federation administration 2 Copyright 2007 Sun Microsystems, Inc. All rights reserved.

9 Introduction Web Services Security, Version 0.3 (Draft) 1.7 Glossary AM FM WSIT SSO WSC WSP API SPI STS TA AuthN AuthZ ID-WSF JAX-WS WSDL SOAP XML WSS SOA WSS Provider Sun Java System Access Manager Sun Java System Federation Manager Web Services Interoperability Technologies Single Sign On Web Services Client Web Services Provider Application Programming Interface Service Provider Interface Security Token Service Trusted Authority Authentication Authorization Identity Web Services Framework Java API for XML Web Services Web Service Definition Language Simple Object Access Protocol Extensible Markup Language Web Service Security Service Oriented Architecture Plug-ins whose implementation is based on container's AuthN and AuthZ SPI, and which act as container plug-ins whose invocation is dome by container itself based on container's web services calls and its security framework. These providers abstract the Web Services Security functionality from WSC or WSP, leaving them to only worry about actual business logic of the Web Service. Copyright 2007 Sun Microsystems, Inc. All rights reserved. 3

10 Web Services Security, Version 0.3 (Draft) Introduction 1.8 References [1] Aravindan Ranganathan, Web Services Architecture [2] Rajeev Angal, Web Services Security Support in AM / FM [3] WS-Trust Specifications [4] Ping Luo, Federation Manager 7.5 Software Requirement Specification 4 Copyright 2007 Sun Microsystems, Inc. All rights reserved.

11 Overview Web Services Security, Version 0.3 (Draft) 2 Overview The term web service is used to describe application components whose functionality and interfaces are exposed to other applications through the emerging web technology standards including XML, SOAP, WSDL and HTTP. In order to distinguish the server and client components of a web service interaction, this document uses the term Web Service Provider (WSP) to denote the applications that exposes the web service functionality, and Web Service Client (WSC) to denote the applications that consume these interfaces. When a WSC makes a call to the WSP, it first connects with the TA to determine the security mechanism and optionally obtain the security tokens expected by the WSP. On the other hand WSP would register its acceptable security mechanisms with TA, and optionally before validating the incoming SOAP request would check with TA to determine its security mechanisms. The following diagram illustrates the interactions between WSC and WSP with TA (STS or Discovery service). Copyright 2007 Sun Microsystems, Inc. All rights reserved. 5

12 Web Services Security, Version 0.3 (Draft) Overview 6 Copyright 2007 Sun Microsystems, Inc. All rights reserved.

13 3 General Description 3.1 Product Perspective In Web Services security world, Identity Services delivery platform and SOA most recently, the Security Tokens plays a big role during services orchestration for trust, security, authentication and authorization purpose. Hence there is a need to have centralized Security Token Service which truly acts as Identity Authority (TA). The Web Services Security is widely available via two major specifications - WS- Security and Liberty ID-WSF Security. WS-Security specification is developed by the OASIS Security Committee and it is developed along with other WS-* specifications such as WS-Trust, WS-Policy. Web Services Trust Language (WS-Trust) uses the secure messaging mechanisms of WS-Security to define additional primitives and extensions for security token exchange to enable the issuance and dissemination of credentials within different trust domains. The interoperability basic security profiles(bsp) for the WS-Security are developed by the WS-I organization. The Liberty Web Services Security is tightly integrated with the Identity Web Services Framework and interoperability is ensured by the Project Liberty Committee. Web Services Security is enforced at Web / JavaEE container level via container provided security AuthN and AuthZ plugins. JSR 196 specification is one of the well known AuthN and AuthZ security SPI, currently supported by the Sun Application Server TA (STS) This centralized TA (Security Token Service) should -- be able to issue, renew, cancel, and validate Security Tokens -- be able to allow customers to write their own Security Token providers (i.e. plug-in / SPI based framework to allow STS extension) -- provide standards (WS Trust protocol) based APIs for clients and applications to access the STS -- provide more security tokens such as Kerberos, RACF etc Securing Web Service using generic WS-I BSP tokens FM needs to provide Web services security providers which act as container plugins based on container's web services security framework / related SPI and which can secure and handle Web services using WS-Security (WS-I BSP) tokens, transparently to applications. These Web Services security providers, would need to register and configure these WSPs at Trusted Authority (STS or Discovery service), which would be FM. Copyright 2007 Sun Microsystems, Inc. All rights reserved. 7

14 Web Services Security, Version 0.3 (Draft) General Description Securing Web Service using Liberty tokens FM needs to provide Web services security providers which act as container plugins based on container's web services security framework / related SPI and which can secure and handle Web services using Liberty ID-WSF 1.1, 2.0 tokens, transparently to applications. These Web Services security providers, would need to register and configure these providers at Trusted Authority (STS or Discovery service), which would be FM Securing Web Services on other third party containers The Web Services security providers, should be portable / executable in other third party containers such as WebSphere and WebLogic, in order to complete Web Services security functionality story across all FM 7.5 supported containers WSIT Integration Project Tango develops and evolves the codebase for Web Services Interoperability Technologies (WSIT) that enable interoperability between the Java platform and Windows Communication Foundation (WCF) (aka Indigo). Project Tango uses JAX-WS and JAXB as a foundation upon which to build plugins to provide web services features such as bootstrapping communication, optimizing communication, reliable messaging, atomic transactions, security and trust. FM needs to integrate / co-exist with WSIT for WS-* (including WS-Trust / WS-Policy) in JAX-WS. a) FM Web Services security providers need to co-exist with WSIT security providers (as their piped architecture implementing WS-Policy / WS-Trust) in JAX-WS. b) FM Web Services security providers need to integrate into WSIT as plugins into WSIT's piped architecture as means for Web services security. c) FM needs to be hosted as STS (TA) based on WSIT's WS-Trust implementation. 3.2 User Characteristics FM's Web Services Security functionality along with being as STS (with current support of ID- WSF Discovery service), will be used in a variety of platforms and containers for varied purposes. These range from providing the SSO and Federation support for web applications, to completely secure the web applications using container's AuthN / AuthZ SPI based providers (for e.g. JSR 196 based security providers) for specialized application server platforms such as Sun Java Systems Application Server as well as other third party containers. The focus and targeted user here is from JavaEE web developer to Production customer. 3.3 Constraints TBD. 8 Copyright 2007 Sun Microsystems, Inc. All rights reserved.

15 General Description Web Services Security, Version 0.3 (Draft) 3.4 Assumptions and Dependencies Being STS, Federation Manager shall always be a trusted authority WSIT infrastructure for WS-* standards (including WS-Security) support WSIT infrastructure support in all 4 containers (Sun Application Server, IBM WebSphere, BEA WebLogic, Sun Web Server) supported by Federation Manager Future Requirements WSIT infrastructure support for Web Services security using Liberty ID- WSF and Liberty Tokens. Copyright 2007 Sun Microsystems, Inc. All rights reserved. 9

16 Web Services Security, Version 0.3 (Draft) Specific Requirements 4 Specific Requirements 4.1 Marketing Requirements TA (Security Token Service) 10 Copyright 2007 Sun Microsystems, Inc. All rights reserved.

17 Specific Requirements Web Services Security, Version 0.3 (Draft) Able to host as TA (STS) WS-Trust specification defines extensions to WS-Security for issuing and exchanging security tokens and ways to establish and access the presence of trust relationships FM shall be hosted as TA (STS) to issue, renew, cancel, and validate WS- * (WS-I BSP) security tokens (SAML, UserName, X509 and Kerberos). FM STS shall leverage WSIT infrastructure for WS-Trust implementation in order to implement and host FM STS. One of the recommended way to do this is by extending base WSIT STS FM shall be hosted as TA to issue, renew, cancel, and validate Liberty ID- WSF security tokens (SAML, Bearer, X509). Existing Liberty ID-WSF Discovery Service can be leveraged here TA (STS) shall be based on and shall be accessed by WS-Trust protocol implementations for generating WS-* (WS-I BSP) security tokens. Existing Discovery service consumers can continue to use Discovery end point for their web services security Liberty tokens / mechanisms utilities as well as for retrieving resource offerings and WSP end points over Liberty ID-WSF protocol. There could be configuration at client side which can choose to use either WS-Trust protocol or standard Liberty ID-WSF protocol for Web services security tokens management. When the chosen configuration is WS- Trust, Discovery service client API can route the client calls via this STS client API for generic Web services security tokens management. For new consumers, STS client API shall be made public and recommended to use as one single way for all and generic Web services security tokens management. When the chosen configuration is Liberty ID-WSF, STS client API can route the client calls via Discovery service client API for Liberty security tokens management. Copyright 2007 Sun Microsystems, Inc. All rights reserved. 11

18 Web Services Security, Version 0.3 (Draft) Specific Requirements TA may be (can be) accessed by ID-WSF protocol implementations for generating Liberty ID-WSF security tokens FM should be hosted as TA (STS) to issue, renew, cancel, and validate Encrypted SSOTOken and non-encrypted SSOToken as security tokens STS service shall have its own schema and configuration based on Federation Manager configuration schema STS service shall behave as any other Web Service Provider end point, which is secured using any generic security token that requires Web Service Client accessing this service to be authenticated FM shall provide unified TA client API FM shall provide following Client API to access TA (STS) service. getsecuritytoken(); gettokentype(); getrequesttype(); gettokenlifetime(); renewsecuritytoken(); cancelsecuritytoken(); validatesecuritytoken(); issecuritytokenforwardable(); issecuritytokendelegatable(); Note : These APIs are based on WS-Trust protocol and might change based on implementation route to leverage WSIT infrastructure for WS-Trust implementation / to host FM STS and Open issues [1] FM shall provider unified TA SPI FM shall provide SPI to facilitate any new Security token implementation plugin to TA. SecurityTokenSpec - A transparent specification of the security token that constitutes a SecurityToken. Each security token specification must implement this interface. SecurityToken - Interface representing generic security token that can be inserted into web services security header. TokenProvider - The interface representing a security token provider for generating the security tokens. public void init(securitytokenspec tokenspec); public SecurityToken getsecuritytoken(); 12 Copyright 2007 Sun Microsystems, Inc. All rights reserved.

19 Specific Requirements Web Services Security, Version 0.3 (Draft) FM should provide SPI to validate and convert the input generic Web services security token to any other general token format. The default implementation could be to convert Web services token to AM/FM SSOToken. This SPI and its implementation will be used by TA in order to validate the Web services token against AM/FM Policy or any Identity Authorization service. Note : These SPIs might change based on implementation route to leverage WSIT infrastructure for WS-Trust implementation / to host FM STS and Open issues [1] FM STS shall support broker trust across multiple security domains There could be two different security domains as domain (A) and domain (B) and web services client in domain A want to invoke web service at web service provider in domain B. WSC(A) invokes Web service(wsdl) at WSP(B) - WSDL indicates that a token is needed from STS(B) WSC(A) invokes Web service(wsdl) for STS(B) - WSDL indicates that you can present a token from STS(A) WSC(A) does WS-Trust token request with STS(A) - submits X.509 signed request, gets token SAML(A) WSC(A) does WS-Trust token request with STS(B) - submits SAML(A), gets SAML(B) WSC(A) invokes Web services at WSP(B) with SAML(B) In this scenario there is implicit trust relationship between STS(A) and STS(B). Also any WSP in domain B can trust any WSC in domain A. WSC and WSP gets security token services using remote and WS-Trust based STS API. Here for better performance, if required, over the wire calls can be eliminated by including token generation, conversion and validation SPI, itself into remote SDK Inter-operability with Microsoft.net TA (STS) shall be able to accept and serve request from Microsoft.net API talking WS-Trust protocol. Also TA (STS) client API shall be able to interact with Microsoft server implementing WS-Trust protocol Securing Web Service using generic WS-I BSP tokens FM shall be able provider WSS providers, to secure Web Services using WS-I BSP (WS-*) token profiles. Copyright 2007 Sun Microsystems, Inc. All rights reserved. 13

20 Web Services Security, Version 0.3 (Draft) Specific Requirements One of the solution here is to provide Web Services security providers based on JSR196 AuthN and AuthZ SPI, which act as container plugins based on container's web services security framework. Another recommended solution is to integrate with and leverage WSIT infrastructure / web service security providers for securing and handling Web services using WS-Security (WS-*) tokens WSC : WSI BSP SAML token profile FM shall provide WSI BSP compliant WS-Security SAML token profile in WSS provider for Web Service Clients WSP : WSI BSP SAML token profile FM shall provide WSI BSP compliant WS-Security SAML token profile in WSS provider for Web Service Providers WSC : WSI BSP UserName token profile FM shall provide WSI BSP compliant WS-Security UserName token profile in WSS provider for Web Service Clients WSP : WSI BSP UserName token profile FM shall provide WSI BSP compliant WS-Security UserName token profile in WSS provider for Web Service Providers WSC : WSI BSP X509 token profile FM shall provide WSI BSP compliant WS-Security X509 token profile in WSS provider for Web Service Clients WSP : WSI BSP X509 token profile FM shall provide WSI BSP compliant WS-Security X509 token profile in WSS provider for Web Service Providers WSC : WSI BSP Kerberos token profile FM shall provide WSI BSP compliant WS-Security Kerberos token profile in WSS provider for Web Service Clients WSP : WSI BSP kerberos token profile FM shall provide WSI BSP compliant WS-Security Kerberos token profile in WSS provider for Web Service Providers. 14 Copyright 2007 Sun Microsystems, Inc. All rights reserved.

21 Specific Requirements Web Services Security, Version 0.3 (Draft) WSC : SSOToken token profile FM may provide Encrypted SSOTOken and/or non-encrypted SSOToken token profile in WSS provider for Web Service Clients WSP : SSOToken token profile FM may provide Encrypted SSOTOken and/or non-encrypted SSOToken token profile in WSS provider for Web Service Providers Securing Web Service using Liberty tokens FM shall be able provider WSS providers, to secure Web Services using Liberty ID-WSF token profiles. One of the solution here is to provide Web Services security providers based on JSR196 AuthN and AuthZ SPI, which act as container plugins based on container's web services security framework WSC : Liberty ID-WSF SAML token profile FM shall provide Liberty ID-WSF SAML profile in WSS provider for Web Service Clients WSP : Liberty ID-WSF SAML token profile FM shall provide Liberty ID-WSF SAML profile in WSS provider for Web Service Providers WSC : Liberty ID-WSF Bearer token profile FM shall provide Liberty ID-WSF Bearer profile in WSS provider for Web Service Clients WSP : Liberty ID-WSF Bearer token profile FM shall provide Liberty ID-WSF Bearer profile in WSS provider for Web Service Providers WSC : Liberty ID-WSF X-509 token profile FM shall provide Liberty ID-WSF X-509 profile in WSS provider for Web Service Clients WSP : Liberty ID-WSF X-509 token profile FM shall provide Liberty ID-WSF X-509 profile in WSS provider for Web Service Providers WSC : Liberty ID-WSF Kerberos token profile FM may provide Liberty ID-WSF Kerberos profile in WSS provider for Web Service Clients. Copyright 2007 Sun Microsystems, Inc. All rights reserved. 15

22 Web Services Security, Version 0.3 (Draft) Specific Requirements WSP : Liberty ID-WSF Kerberos token profile FM may provide Liberty ID-WSF Kerberos profile in WSS provider for Web Service Providers Containers to be supported FM WSS providers, based on JSR 196 AuthN and AuthZ SPI, as standalone and / or FM web services providers integrated into WSIT for WS-* standards, work on Sun Application Server container FM shall be able to secure web services using WSI BSP token profiles and Liberty ID-WSF token profiles in Sun's Application Server container FM shall be able to secure web services using WSI BSP profiles in BEA's WebLogic container FM shall be able to secure web services using WSI BSP profiles in Sun's Web Server container FM shall be able to secure web services using WSI BSP profiles in Sun's Web Server container. 4.2 Security Requirements WSS providers shall implement and support XML signing on Web service request and response body WSS providers shall implement and support XML encryption on Web service request and response body. 16 Copyright 2007 Sun Microsystems, Inc. All rights reserved.

23 Specific Requirements Web Services Security, Version 0.3 (Draft) 4.3 Administration Requirements STS service configuration (based on WS-Trust specifications) management should be available via FM Administration Console as well as via Administration CLI interfaces Administration console need to provide means to configure any new WSP registration to STS service. 4.4 Performance Requirements Software implementation shall not add significant overhead over existing and new standard protocol message processing. 4.5 Scalability Requirements FM TA Shall support high availability deployment through load balancer. 4.6 Internationalization Requirements STS configuration viewable via Administration Console should be localized. 4.7 Auditing Requirements FM (TA, WSS client SDK and WSS providers) shall log all Web Services end to end transactions facilitating for reporting and auditing. Copyright 2007 Sun Microsystems, Inc. All rights reserved. 17

24 Web Services Security, Version 0.3 (Draft) Specific Requirements 4.8 Help Requirements FM Shall provide online document for Administration console based configuration of the STS service FM Shall provide product document about this feature and how things work for this feature Shall provide product document about best practise on Web Services Security setup. 4.9 Other Requirements Deployment WSC, WSP and FM TA shall be deployed in the same domain and same web container. WSC and WSP shall share same FM TA and shall talk to FM TA using FM client SDK WSC, WSP and FM TA shall be deployed in different domains and different web containers as distributed environment. WSC and WSP shall talk to different FM TA using FM client SDK WSC and WSP shall Either need local metadata / configuration information and they need to exchange their metadata / configuration information to each other OR remotely access their metadata / configuration information from FM instance Microsoft.net WSC and WSP ( Microsoft.net API) shall be able to talk to FM TA FM WSC and WSP ( FM WSS providers) shall be able to talk to Microsoft.net TA Samples FM shall provide following Samples to demonstrate Web Services Security functionality. 18 Copyright 2007 Sun Microsystems, Inc. All rights reserved.

25 Specific Requirements Web Services Security, Version 0.3 (Draft) Sample to demonstrate how to use STS API to request, cancel, validate security tokens Sample to demonstrate how to write new security token generation extending STS SPI Sample (WSC and WSP) to demonstrate securing Web services using WS- Security tokens Sample (WSC and WSP) to demonstrate securing Web services using Liberty ID-WSF tokens. Copyright 2007 Sun Microsystems, Inc. All rights reserved. 19

26 Web Services Security, Version 0.3 (Draft) Open Issues 5 Open Issues 1. Exact details on how to integrate with and leverage WSIT infrastructure / web service security providers for securing and handling Web services using WS-Security (WS-*) tokens. 2. Need to spell out details regarding relationship with ID-WSF Need to spell out details regarding relationship with Identity Web Services (Is it same?) 20 Copyright 2007 Sun Microsystems, Inc. All rights reserved.

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion. Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1 Agenda Need for Identity-based Web services security Single Sign-On

More information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 OTM and SOA Mark Hagan Principal Software Engineer Oracle Product Development Content What is SOA? What is Web Services Security? Web Services Security in OTM Futures 3 PARADIGM 4 Content What is SOA?

More information

Software Design Document Securing Web Service with Proxy

Software Design Document Securing Web Service with Proxy Software Design Document Securing Web Service with Proxy Federated Access Manager 8.0 Version 0.3 Please send comments to: dev@opensso.dev.java.net This document is subject to the following license: COMMON

More information

OIO SAML Profile for Identity Tokens

OIO SAML Profile for Identity Tokens > OIO SAML Profile for Identity Tokens Version 1.0 IT- & Telestyrelsen October 2009 Content > Document History 3 Introduction 4 Related profiles 4 Profile Requirements 6 Requirements 6

More information

Securing Web Services From Encryption to a Web Service Security Infrastructure

Securing Web Services From Encryption to a Web Service Security Infrastructure Securing Web Services From Encryption to a Web Service Security Infrastructure Kerberos WS-Security X.509 TLS Gateway OWSM WS-Policy Peter Lorenzen WS-Addressing Agent SAML Policy Manager Technology Manager

More information

CICS Web Service Security. Anthony Papageorgiou IBM CICS Development March 13, 2012 Session: 10282

CICS Web Service Security. Anthony Papageorgiou IBM CICS Development March 13, 2012 Session: 10282 Web Service Security Anthony Papageorgiou IBM Development March 13, 2012 Session: 10282 Agenda Web Service Support Overview Security Basics and Terminology Pipeline Security Overview Identity Encryption

More information

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact Robert C. Broeckelmann Jr., Enterprise Middleware Architect Ryan Triplett, Middleware Security Architect Requirements

More information

An Oracle White Paper Dec 2013. Oracle Access Management Security Token Service

An Oracle White Paper Dec 2013. Oracle Access Management Security Token Service An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,

More information

Federated Identity Management Solutions

Federated Identity Management Solutions Federated Identity Management Solutions Jyri Kallela Helsinki University of Technology jkallela@cc.hut.fi Abstract Federated identity management allows users to access multiple services based on a single

More information

NIST s Guide to Secure Web Services

NIST s Guide to Secure Web Services NIST s Guide to Secure Web Services Presented by Gaspar Modelo-Howard and Ratsameetip Wita Secure and Dependable Web Services National Institute of Standards and Technology. Special Publication 800-95:

More information

Software Requirement Specification Command Line Interface

Software Requirement Specification Command Line Interface Software Requirement Specification Command Line Interface Federation Manager 7.5 Version 0.1 (Draft) Please send comments to: dev@opensso.dev.java.net This document is subject to the following license:

More information

Software Design Document SAMLv2 IDP Proxying

Software Design Document SAMLv2 IDP Proxying Software Design Document SAMLv2 IDP Proxying Federation Manager 7.5 Version 0.2 Please send comments to: dev@opensso.dev.java.net This document is subject to the following license: COMMON DEVELOPMENT AND

More information

Choose an IBM WebSphere Application Server configuration to suit your business needs

Choose an IBM WebSphere Application Server configuration to suit your business needs IBM is the industry s market leading foundation for building, deploying, reusing, integrating and managing applications and services Choose an IBM configuration to suit your business needs Highlights Unparalleled

More information

Securely Managing and Exposing Web Services & Applications

Securely Managing and Exposing Web Services & Applications Securely Managing and Exposing Web Services & Applications Philip M Walston VP Product Management Layer 7 Technologies Layer 7 SecureSpan Products Suite of security and networking products to address the

More information

A standards-based approach to application integration

A standards-based approach to application integration A standards-based approach to application integration An introduction to IBM s WebSphere ESB product Jim MacNair Senior Consulting IT Specialist Macnair@us.ibm.com Copyright IBM Corporation 2005. All rights

More information

Szolgáltatásorientált rendszerintegráció. WS-* standards

Szolgáltatásorientált rendszerintegráció. WS-* standards Szolgáltatásorientált rendszerintegráció WS-* standards Outline Requirements WS-* standards XML digital signature XML encryption 2 Integration requirements 3 Integration within a company SAP.NET? JEE SQL

More information

Federated Identity in the Enterprise

Federated Identity in the Enterprise www.css-security.com 425.216.0720 WHITE PAPER The proliferation of user accounts can lead to a lowering of the enterprise security posture as users record their account information in order to remember

More information

Secure the Web: OpenSSO

Secure the Web: OpenSSO Secure the Web: OpenSSO Sang Shin, Technology Architect Sun Microsystems, Inc. javapassion.com Pat Patterson, Principal Engineer Sun Microsystems, Inc. blogs.sun.com/superpat 1 Agenda Need for identity-based

More information

1 What Are Web Services?

1 What Are Web Services? Oracle Fusion Middleware Introducing Web Services 11g Release 1 (11.1.1) E14294-04 January 2011 This document provides an overview of Web services in Oracle Fusion Middleware 11g. Sections include: What

More information

SOA REFERENCE ARCHITECTURE

SOA REFERENCE ARCHITECTURE SOA REFERENCE ARCHITECTURE August 15, 2007 Prepared by Robert Woolley, Chief Technologist and Strategic Planner INTRODUCTION This document is a derivative work of current documentation and presentations

More information

Federated Identity and Trust Management

Federated Identity and Trust Management Redpaper Axel Buecker Paul Ashley Neil Readshaw Federated Identity and Trust Management Introduction The cost of managing the life cycle of user identities is very high. Most organizations have to manage

More information

1 What Are Web Services?

1 What Are Web Services? Oracle Fusion Middleware Introducing Web Services 11g Release 1 (11.1.1.6) E14294-06 November 2011 This document provides an overview of Web services in Oracle Fusion Middleware 11g. Sections include:

More information

Service Virtualization: Managing Change in a Service-Oriented Architecture

Service Virtualization: Managing Change in a Service-Oriented Architecture Service Virtualization: Managing Change in a Service-Oriented Architecture Abstract Load balancers, name servers (for example, Domain Name System [DNS]), and stock brokerage services are examples of virtual

More information

IBM Tivoli Federated Identity Manager

IBM Tivoli Federated Identity Manager IBM Tivoli Federated Identity Manager Employ user-centric federated access management to enable secure online business collaboration Highlights Enhance business-to-business and business-to-consumer collaborations

More information

Siena Web Services. A Solution To Personal Computing With Established Desktop Programs Exploiting Web Technologies

Siena Web Services. A Solution To Personal Computing With Established Desktop Programs Exploiting Web Technologies A Solution To Personal Computing With Established Desktop Programs Exploiting Web Technologies (c) 2002 Siena Technology Ltd. UK, info@siena-tech.com : Overview Reference Potential for YOU? Requirements

More information

24 BETTER SOFTWARE MARCH 2008 www.stickyminds.com

24 BETTER SOFTWARE MARCH 2008 www.stickyminds.com veer images 24 BETTER SOFTWARE MARCH 2008 www.stickyminds.com Web services the foundation of today s service-oriented architecture (SOA) are self-contained, modular applications that can be described,

More information

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere.

OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere. OpenAM All-In-One solution to securely manage access to digital enterprise and customer services, anytime and anywhere. OpenAM, the only all-in-one open source access management solution, provides the

More information

Run-time Service Oriented Architecture (SOA) V 0.1

Run-time Service Oriented Architecture (SOA) V 0.1 Run-time Service Oriented Architecture (SOA) V 0.1 July 2005 Table of Contents 1.0 INTRODUCTION... 1 2.0 PRINCIPLES... 1 3.0 FERA REFERENCE ARCHITECTURE... 2 4.0 SOA RUN-TIME ARCHITECTURE...4 4.1 FEDERATES...

More information

000-371. Web Services Development for IBM WebSphere Application Server V7.0. Version: Demo. Page <<1/10>>

000-371. Web Services Development for IBM WebSphere Application Server V7.0. Version: Demo. Page <<1/10>> 000-371 Web Services Development for IBM WebSphere Application Server V7.0 Version: Demo Page 1. Which of the following business scenarios is the LEAST appropriate for Web services? A. Expanding

More information

Presented By: Muhammad Afzal 08May, 2009

Presented By: Muhammad Afzal 08May, 2009 Secure Web ServiceTransportation for HL7 V3.0 Messages Authors: Somia Razzaq, Maqbool Hussain, Muhammad Afzal, Hafiz Farooq Ahmad Presented By: Muhammad Afzal 08May, 2009 NUST School of Electrical Engineering

More information

Digital Identity and Identity Management Technologies.

Digital Identity and Identity Management Technologies. I. Agudo, Digital Identity and Identity Management Technologies, UPGRADE - The European Journal of the Informatics Professional, vol. 2010, pp. 6-12, 2010. NICS Lab. Publications: https://www.nics.uma.es/publications

More information

A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems

A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems Volume 1, Number 2, December 2014 JOURNAL OF COMPUTER SCIENCE AND SOFTWARE APPLICATION A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems Satish Kumar*,

More information

T-Check in Technologies for Interoperability: Web Services and Security Single Sign-On

T-Check in Technologies for Interoperability: Web Services and Security Single Sign-On T-Check in Technologies for Interoperability: Web Services and Security Single Sign-On Lutz Wrage Soumya Simanta Grace A. Lewis Saul Jaspan December 2007 TECHNICAL NOTE CMU/SEI-2008-TN-026 Integration

More information

Oracle Application Server 10g Web Services Frequently Asked Questions Oct, 2006

Oracle Application Server 10g Web Services Frequently Asked Questions Oct, 2006 Oracle Application Server 10g Web Services Frequently Asked Questions Oct, 2006 This FAQ addresses frequently asked questions relating to Oracle Application Server 10g Release 3 (10.1.3.1) Web Services

More information

Interoperable Provisioning in a Distributed World

Interoperable Provisioning in a Distributed World Interoperable Provisioning in a Distributed World Mark Diodati, Burton Group Ramesh Nagappan, Sun Microsystems Sampo Kellomaki, SymLabs 02/08/07 IAM 302 Contacts Mark Diodati (mdiodati@burtongroup.com)

More information

HMA AWG Meeting Proposal for a Security Token Service - 29. September 2009 Marko Reiprecht con terra GmbH, Germany

HMA AWG Meeting Proposal for a Security Token Service - 29. September 2009 Marko Reiprecht con terra GmbH, Germany HMA AWG Meeting Proposal for a Security Token Service - 29. September 2009 Marko Reiprecht con terra GmbH, Germany Goal Show the differences of two alternative federated user management specifications

More information

A pattern for the WS-Trust standard for web services

A pattern for the WS-Trust standard for web services A pattern for the WS-Trust standard for web services Ola Ajaj and Eduardo B. Fernandez Department of Computer and Electrical Engineering and Computer Science Florida Atlantic University 777 Glades Road,

More information

JAVA API FOR XML WEB SERVICES INTRODUCTION TO JAX-WS, THE JAVA API FOR XML BASED WEB SERVICES (SOAP, WSDL)

JAVA API FOR XML WEB SERVICES INTRODUCTION TO JAX-WS, THE JAVA API FOR XML BASED WEB SERVICES (SOAP, WSDL) JAX-WS JAX-WS - Java API for XML Web Services JAVA API FOR XML WEB SERVICES INTRODUCTION TO JAX-WS, THE JAVA API FOR XML BASED WEB SERVICES (SOAP, WSDL) Peter R. Egli INDIGOO.COM 1/20 Contents 1. What

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM Training. @aidy_idm facebook/allidm Discovering IAM Solutions Leading the IAM Training @aidy_idm facebook/allidm SSO Introduction Disclaimer and Acknowledgments The contents here are created as a own personal endeavor and thus does not reflect

More information

Reducing SOA Identity Fatigue through Automated Identity Testing

Reducing SOA Identity Fatigue through Automated Identity Testing TM Reducing SOA Identity Fatigue through Automated Identity Testing By Crosscheck Networks I. Introduction Identity Management plays a pivotal role in securing Web Services-based

More information

AquaLogic Service Bus

AquaLogic Service Bus AquaLogic Bus Wolfgang Weigend Principal Systems Engineer BEA Systems 1 What to consider when looking at ESB? Number of planned business access points Reuse across organization Reduced cost of ownership

More information

IBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide

IBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide IBM SPSS Collaboration and Deployment Services Version 6 Release 0 Single Sign-On Services Developer's Guide Note Before using this information and the product it supports, read the information in Notices

More information

WEB SERVICES SECURITY

WEB SERVICES SECURITY WEB SERVICES SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

IBM Rational Rapid Developer Components & Web Services

IBM Rational Rapid Developer Components & Web Services A Technical How-to Guide for Creating Components and Web Services in Rational Rapid Developer June, 2003 Rev. 1.00 IBM Rational Rapid Developer Glenn A. Webster Staff Technical Writer Executive Summary

More information

Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards)

Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards) Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards) Michael P. Papazoglou (INFOLAB/CRISM, Tilburg University, The Netherlands)

More information

Acknowledgments. p. 55

Acknowledgments. p. 55 Preface Acknowledgments About the Author Introduction p. 1 IBM SOA Foundation p. 2 Service Design and Service Creation p. 2 Service Integration p. 3 Service Connectivity p. 5 Service Security and Management

More information

WEB SERVICES. Revised 9/29/2015

WEB SERVICES. Revised 9/29/2015 WEB SERVICES Revised 9/29/2015 This Page Intentionally Left Blank Table of Contents Web Services using WebLogic... 1 Developing Web Services on WebSphere... 2 Developing RESTful Services in Java v1.1...

More information

Introduction to WebSphere Process Server and WebSphere Enterprise Service Bus

Introduction to WebSphere Process Server and WebSphere Enterprise Service Bus Introduction to WebSphere Process Server and WebSphere Enterprise Service Bus Course materials may not be reproduced in whole or in part without the prior written permission of IBM. 4.0.3 Unit objectives

More information

Web Services Security with SOAP Security Proxies

Web Services Security with SOAP Security Proxies Web Services Security with Security Proxies Gerald Brose, PhD Technical Product Manager Xtradyne Technologies AG OMG Web Services Workshop USA 22 April 2003, Philadelphia Web Services Security Risks! Exposure

More information

COPYRIGHTED MATERIAL. Chapter 1: Introduction

COPYRIGHTED MATERIAL. Chapter 1: Introduction Chapter 1: Introduction 1 Chapter 1: Introduction A major industry trend is evident in the deployment of Web services technology to enhance existing services and to create new and innovative services.

More information

White paper December 2008. Addressing single sign-on inside, outside, and between organizations

White paper December 2008. Addressing single sign-on inside, outside, and between organizations White paper December 2008 Addressing single sign-on inside, outside, and between organizations Page 2 Contents 2 Overview 4 IBM Tivoli Unified Single Sign-On: Comprehensively addressing SSO 5 IBM Tivoli

More information

Leveraging Service Oriented Architecture (SOA) to integrate Oracle Applications with SalesForce.com

Leveraging Service Oriented Architecture (SOA) to integrate Oracle Applications with SalesForce.com Leveraging Service Oriented Architecture (SOA) to integrate Oracle Applications with SalesForce.com Presented by: Shashi Mamidibathula, CPIM, PMP Principal Pramaan Systems shashi.mamidi@pramaan.com www.pramaan.com

More information

000-371. Web Services Development for IBM WebSphere App Server V7.0 Exam. http://www.examskey.com/000-371.html

000-371. Web Services Development for IBM WebSphere App Server V7.0 Exam. http://www.examskey.com/000-371.html IBM 000-371 Web Services Development for IBM WebSphere App Server V7.0 Exam TYPE: DEMO http://www.examskey.com/000-371.html Examskey IBM 000-371 exam demo product is here for you to test the quality of

More information

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation

New Single Sign-on Options for IBM Lotus Notes & Domino. 2012 IBM Corporation New Single Sign-on Options for IBM Lotus Notes & Domino 2012 IBM Corporation IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole

More information

Identity opens the participation age. Dr. Rainer Eschrich. Program Manager Identity Management Sun Microsystems GmbH

Identity opens the participation age. Dr. Rainer Eschrich. Program Manager Identity Management Sun Microsystems GmbH Identity opens the participation age Open Web Single Sign- On und föderierte SSO Dr. Rainer Eschrich Program Manager Identity Management Sun Microsystems GmbH Agenda The Identity is the Network Driving

More information

Introduction to Oracle WebLogic. Presented by: Fatna Belqasmi, PhD, Researcher at Ericsson

Introduction to Oracle WebLogic. Presented by: Fatna Belqasmi, PhD, Researcher at Ericsson Introduction to Oracle WebLogic Presented by: Fatna Belqasmi, PhD, Researcher at Ericsson Agenda Overview Download and installation A concrete scenario using the real product Hints for the project Overview

More information

REST and SOAP Services with Apache CXF

REST and SOAP Services with Apache CXF REST and SOAP Services with Apache CXF Andrei Shakirin, Talend ashakirin@talend.com ashakirin.blogspot.com/ Agenda Introduction in Apache CXF New CXF features Project using Apache CXF How CXF community

More information

Increasing IT flexibility with IBM WebSphere ESB software.

Increasing IT flexibility with IBM WebSphere ESB software. ESB solutions White paper Increasing IT flexibility with IBM WebSphere ESB software. By Beth Hutchison, Katie Johnson and Marc-Thomas Schmidt, IBM Software Group December 2005 Page 2 Contents 2 Introduction

More information

Oracle Service Bus. Situation. Oracle Service Bus Primer. Product History and Evolution. Positioning. Usage Scenario

Oracle Service Bus. Situation. Oracle Service Bus Primer. Product History and Evolution. Positioning. Usage Scenario Oracle Service Bus Situation A service oriented architecture must be flexible for changing interfaces, transport protocols and server locations - service clients have to be decoupled from their implementation.

More information

Oracle Web Services Manager (WSM)

<Insert Picture Here> Oracle Web Services Manager (WSM) Oracle Web Services Manager (WSM) Marc Chanliau Director, Product Management Outline Introduction Product Overview Typical Use-Case Scenarios Roadmap Q & A Introduction

More information

2 Transport-level and Message-level Security

2 Transport-level and Message-level Security Globus Toolkit Version 4 Grid Security Infrastructure: A Standards Perspective The Globus Security Team 1 Version 4 updated September 12, 2005 Abstract This document provides an overview of the Grid Security

More information

Security solutions Executive brief. Understand the varieties and business value of single sign-on.

Security solutions Executive brief. Understand the varieties and business value of single sign-on. Security solutions Executive brief Understand the varieties and business value of single sign-on. August 2005 2 Contents 2 Executive overview 2 SSO delivers multiple business benefits 3 IBM helps companies

More information

OPENIAM ACCESS MANAGER. Web Access Management made Easy

OPENIAM ACCESS MANAGER. Web Access Management made Easy OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access

More information

Biometric Single Sign-on using SAML Architecture & Design Strategies

Biometric Single Sign-on using SAML Architecture & Design Strategies Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan Java Technology Architect Sun Microsystems Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand

More information

Trusting XBRL: Using the Liberty Web Services Framework to Secure and Authenticate XBRL Documents

Trusting XBRL: Using the Liberty Web Services Framework to Secure and Authenticate XBRL Documents Trusting XBRL: Using the Liberty Web Services Framework to Secure and Authenticate XBRL Documents Farrukh Najmi and Eve Maler farrukh.najmi@sun.com, eve.maler@sun.com Sun Microsystems, Inc. Goals for today's

More information

SOA Best Practices (from monolithic to service-oriented)

SOA Best Practices (from monolithic to service-oriented) SOA Best Practices (from monolithic to service-oriented) Clemens Utschig - Utschig Consulting Product Manager, Oracle SOA Suite & Integration clemens.utschig@oracle.com The following

More information

An Oracle White Paper November 2009. Oracle Primavera P6 EPPM Integrations with Web Services and Events

An Oracle White Paper November 2009. Oracle Primavera P6 EPPM Integrations with Web Services and Events An Oracle White Paper November 2009 Oracle Primavera P6 EPPM Integrations with Web Services and Events 1 INTRODUCTION Primavera Web Services is an integration technology that extends P6 functionality and

More information

Biometric Single Sign-on using SAML

Biometric Single Sign-on using SAML Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan CISSP Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand the importance of Single Sign-On

More information

Contents. 1010 Huntcliff, Suite 1350, Atlanta, Georgia, 30350, USA http://www.nevatech.com

Contents. 1010 Huntcliff, Suite 1350, Atlanta, Georgia, 30350, USA http://www.nevatech.com Sentinet Overview Contents Overview... 3 Architecture... 3 Technology Stack... 4 Features Summary... 6 Repository... 6 Runtime Management... 6 Services Virtualization and Mediation... 9 Communication and

More information

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines Ameritas Single Sign-On (SSO) and Enterprise SAML Standard Architectural Implementation, Patterns and Usage Guidelines 1 Background and Overview... 3 Scope... 3 Glossary of Terms... 4 Architecture Components...

More information

Federated Identity Architectures

Federated Identity Architectures Federated Identity Architectures Uciel Fragoso-Rodriguez Instituto Tecnológico Autónomo de México, México {uciel@itam.mx} Maryline Laurent-Maknavicius CNRS Samovar UMR 5157, GET Institut National des Télécommunications,

More information

IBM WebSphere Enterprise Service Bus, Version 6.0.1

IBM WebSphere Enterprise Service Bus, Version 6.0.1 Powering your service oriented architecture IBM WebSphere Enterprise Service Bus, Version 6.0.1 Highlights Supports a variety of messaging Requires minimal standards including JMS, Version 1.1 programming

More information

Towards an Open Identity Infrastructure with OpenSSO. RMLL Nantes July 10 2009. Fulup Ar Foll Master Architect fulup@sun.com

Towards an Open Identity Infrastructure with OpenSSO. RMLL Nantes July 10 2009. Fulup Ar Foll Master Architect fulup@sun.com Towards an Open Identity Infrastructure with OpenSSO RMLL Nantes July 10 2009 Fulup Ar Foll Master Architect fulup@sun.com 1 Towards an Open Identity Infrastructure with OpenSSO OpenSSO Overview > Integration

More information

Improving performance for security enabled web services. - Dr. Colm Ó héigeartaigh

Improving performance for security enabled web services. - Dr. Colm Ó héigeartaigh Improving performance for security enabled web services - Dr. Colm Ó héigeartaigh Agenda Introduction to Apache CXF WS-Security in CXF 3.0.0 Securing Attachments in CXF 3.0.0 RS-Security in CXF 3.0.0 Some

More information

SCUR203 Why Do We Need Security Standards?

SCUR203 Why Do We Need Security Standards? SCUR203 Why Do We Need Security Standards? Cristina Buchholz Product Security, SAP Learning Objectives As a result of this workshop, you will be able to: Recognize the need for standardization Understand

More information

vcommander will use SSL and session-based authentication to secure REST web services.

vcommander will use SSL and session-based authentication to secure REST web services. vcommander REST API Draft Proposal v1.1 1. Client Authentication vcommander will use SSL and session-based authentication to secure REST web services. 1. All REST API calls must take place over HTTPS 2.

More information

An Open Policy Framework for Cross-vendor Integrated Governance

An Open Policy Framework for Cross-vendor Integrated Governance An Open Policy Framework for Cross-vendor Integrated Governance White Paper Intel SOA Expressway An Open Policy Framework for Cross-vendor Integrated Governance Intel SOA Expressway delivers a pluggable

More information

Living in a mixed world -Interoperability in Windows HPC Server 2008. Steven Newhouse stevenn@microsoft.com

Living in a mixed world -Interoperability in Windows HPC Server 2008. Steven Newhouse stevenn@microsoft.com Living in a mixed world -Interoperability in Windows HPC Server 2008 Steven Newhouse stevenn@microsoft.com Overview Scenarios: Mixed Environments Authentication & Authorization File Systems Application

More information

Session Service Architecture

Session Service Architecture Session Service Architecture Open Web Single Sign-On Version 1.0 Please send comments to: opensso@sun.com Author Alan Chu (alan.chu@sun.com) Session Service Architecture, Version 1.0 This document is subject

More information

Core Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems

Core Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems Core Feature Comparison between XML / SOA Gateways and Web Application Firewalls Jason Macy jmacy@forumsys.com CTO, Forum Systems XML Gateway vs Competitive XML Gateways or Complementary? and s are Complementary

More information

Internationalization and Web Services

Internationalization and Web Services Internationalization and Web Services 25 th Internationalization and Unicode Conference Presented by Addison P. Phillips Director, Globalization Architecture webmethods, Inc. 25 th Internationalization

More information

Sentinet for BizTalk Server SENTINET

Sentinet for BizTalk Server SENTINET Sentinet for BizTalk Server SENTINET Sentinet for BizTalk Server 1 Contents Introduction... 2 Sentinet Benefits... 3 SOA and APIs Repository... 4 Security... 4 Mediation and Virtualization... 5 Authentication

More information

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication

More information

Management and Web service Management

Management and Web service Management Management and Web service Management This presentation offers work to OASIS completed by IBM with contribution from CA and Talking Blocks The work details a frame of reference for Management Applications,

More information

EAI OVERVIEW OF ENTERPRISE APPLICATION INTEGRATION CONCEPTS AND ARCHITECTURES. Enterprise Application Integration. Peter R. Egli INDIGOO.

EAI OVERVIEW OF ENTERPRISE APPLICATION INTEGRATION CONCEPTS AND ARCHITECTURES. Enterprise Application Integration. Peter R. Egli INDIGOO. EAI OVERVIEW OF ENTERPRISE APPLICATION INTEGRATION CONCEPTS AND ARCHITECTURES Peter R. Egli INDIGOO.COM 1/16 Contents 1. EAI versus SOA versus ESB 2. EAI 3. SOA 4. ESB 5. N-tier enterprise architecture

More information

WebLogic Server 7.0 Single Sign-On: An Overview

WebLogic Server 7.0 Single Sign-On: An Overview WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of

More information

000-575. IBM Tivoli Federated Identity Manager V6.2.2 Implementation. Version: Demo. Page <<1/10>>

000-575. IBM Tivoli Federated Identity Manager V6.2.2 Implementation. Version: Demo. Page <<1/10>> 000-575 IBM Tivoli Federated Identity Manager V6.2.2 Implementation Version: Demo Page 1.What is the default file name of the IBM Tivoli Directory Integrator log? A. tdi.log B. ibmdi.log C. ibmdisrv.log

More information

AND SUN OPENSSO MICROSOFT GENEVA SERVER ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS. White Paper May 2009.

AND SUN OPENSSO MICROSOFT GENEVA SERVER ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS. White Paper May 2009. MICROSOFT GENEVA SERVER AND SUN OPENSSO ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS White Paper May 2009 Abstract Interoperability between applications in heterogeneous technology

More information

The Primer: Nuts and Bolts of Federated Identity Management

The Primer: Nuts and Bolts of Federated Identity Management The Primer: Nuts and Bolts of Federated Identity Management Executive Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities.

More information

Sentinet for BizTalk Server SENTINET 3.1

Sentinet for BizTalk Server SENTINET 3.1 for BizTalk Server SENTINET 3.1 for BizTalk Server 1 Contents Introduction... 2 SOA and APIs Repository... 3 Security... 3 Mediation and Virtualization... 3 Authentication and Authorization... 4 Monitoring,

More information

A Guide to Creating C++ Web Services

A Guide to Creating C++ Web Services A Guide to Creating C++ Web Services WHITE PAPER Abstract This whitepaper provides an introduction to creating C++ Web services and focuses on:» Challenges involved in integrating C++ applications with

More information

Single Sign On In A CORBA-Based

Single Sign On In A CORBA-Based Single Sign On In A CORBA-Based Based Distributed System Igor Balabine IONA Security Architect Outline A standards-based framework approach to the Enterprise application security Security framework example:

More information

WA2087 Programming Java SOAP and REST Web Services - WebSphere 8.0 / RAD 8.0. Student Labs. Web Age Solutions Inc.

WA2087 Programming Java SOAP and REST Web Services - WebSphere 8.0 / RAD 8.0. Student Labs. Web Age Solutions Inc. WA2087 Programming Java SOAP and REST Web Services - WebSphere 8.0 / RAD 8.0 Student Labs Web Age Solutions Inc. 1 Table of Contents Lab 1 - WebSphere Workspace Configuration...3 Lab 2 - Introduction To

More information

The Role of Identity Enabled Web Services in Cloud Computing

The Role of Identity Enabled Web Services in Cloud Computing The Role of Identity Enabled Web Services in Cloud Computing April 20, 2009 Patrick Harding CTO Agenda Web Services and the Cloud Identity Enabled Web Services Some Use Cases and Case Studies Questions

More information

Using SAML for Single Sign-On in the SOA Software Platform

Using SAML for Single Sign-On in the SOA Software Platform Using SAML for Single Sign-On in the SOA Software Platform SOA Software Community Manager: Using SAML on the Platform 1 Policy Manager / Community Manager Using SAML for Single Sign-On in the SOA Software

More information

ActiveVOS Server Architecture. March 2009

ActiveVOS Server Architecture. March 2009 ActiveVOS Server Architecture March 2009 Topics ActiveVOS Server Architecture Core Engine, Managers, Expression Languages BPEL4People People Activity WS HT Human Tasks Other Services JMS, REST, POJO,...

More information

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning. PingFederate We went with PingFederate because it s based on standards like SAML, which are important for a secure implementation. John Davidson Senior Product Manager, Opower PingFederate is the leading

More information

Title: A Client Middleware for Token-Based Unified Single Sign On to edugain

Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Sascha Neinert Computing Centre University of Stuttgart, Allmandring 30a, 70550 Stuttgart, Germany e-mail: sascha.neinert@rus.uni-stuttgart.de

More information

JVA-561. Developing SOAP Web Services in Java

JVA-561. Developing SOAP Web Services in Java JVA-561. Developing SOAP Web Services in Java Version 2.2 A comprehensive look at the state of the art in developing interoperable web services on the Java EE 6 platform. Students learn the key standards

More information