Contents. Acknowledgments

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Contents. Acknowledgments"

Transcription

1 Acknowledgments v Foreword vii Introduction xix Chapter 1 Overview of Web Services Security 1 Web Services Overview 2 Characteristics of Web Services 3 Web Services Architecture 3 Security as an Enabler for Web Services Applications 4 Information Security Goals: Enable Use, Bar Intrusion 5 Web Services Solutions Create New Security Responsibilities 5 Risk Management Holds the Key 6 Information Security: A Proven Concern 7 Securing Web Services 8 Web Services Security Requirements 9 Providing Security for Web Services 10 Unifying Web Services Security 12 EASI Requirements 13 EASI Solutions 14 EASI Framework 15 EASI Benefits 18 Example of a Secure Web Services Architecture 19 Business Scenario 19 Scenario Security Requirements 22 Summary 23 xi

2 xii Contents Chapter 2 Web Services 25 Distributed Computing 25 Distributed Processing across the Web 27 Web Services Pros and Cons 29 Extensible Markup Language 30 Supporting Concepts 32 SOAP 36 SOAP Message Processing 37 Message Format 39 SOAP Features 44 HTTP Binding 45 SOAP Usage Scenarios 45 Universal Description Discovery and Integration 46 WSDL 48 Other Activities 50 Active Organizations 51 Other Standards 51 Summary 52 Chapter 3 Getting Started with Web Services Security 53 Security Fundamentals 54 Cryptography 56 Authentication 58 Authorization 63 Walk-Through of a Simple Example 64 Example Description 65 Security Features 66 Limitations 67 Summary 70 Chapter 4 XML Security and WS-Security 73 Public Key Algorithms 73 Encryption 74 Digital Signatures 78 Public Key Certificates 80 Certificate Format 82 Public Key Infrastructure 83 XML Security 85 XML Encryption 85 XML Signature 88 WS-Security 95 Functionality 96 Security Element 97 Structure 97 Example 97 Summary 98

3 xiii Chapter 5 Security Assertion Markup Language 99 OASIS 100 What Is SAML? 100 How SAML Is Used 101 The Rationale for Understanding the SAML Specification 104 Why Open Standards Like SAML Are Needed 105 Security Problems Solved by SAML 105 A First Detailed Look at SAML 107 SAML Assertions 109 Common Portion of an Assertion 109 Statements 112 SAML Protocols 116 SAML Request/Response 117 SAML Request 117 SAML Response 121 Bindings 122 Profiles 122 Shibboleth 127 Privacy 128 Federation 129 Single Sign-on 129 The Trust Relationship 130 Related Standards 130 XACML 130 WS-Security 130 Summary 131 Chapter 6 Principles of Securing Web Services 133 Web Services Example 133 Authentication 135 Authentication Requirements 135 Options for Authentication in Web Services 137 System Characteristics 141 Authentication for eportal and ebusiness 143 Data Protection 145 Data Protection Requirements 145 Options for Data Protection in Web Services 146 System Characteristics 147 ebusiness Data Protection 150 Authorization 150 Authorization Requirements 150 Options for Authorization in Web Services 153 System Characteristics 154 ebusiness Authorization 155 Summary 156

4 xiv Contents Chapter 7 Security of Infrastructures for Web Services 157 Distributed Security Fundamentals 158 Security and the Client/Server Paradigm 158 Security and the Object Paradigm 160 What All Middleware Security Is About 161 Roles and Responsibilities of CSS, TSS, and Secure Channel 163 How Middleware Systems Implement Security 164 Distributed Security Administration 174 Enforcing Fine-Grained Security 175 CORBA 176 How CORBA Works 177 Roles and Responsibilities of CSS, TSS, and Secure Channel 179 Implementation of Security Functions 182 Administration 186 Enforcing Fine-Grained Security 187 COM+ 188 How COM+ Works 188 Roles and Responsibilities of CSS, TSS, and Secure Channel 192 Implementation of Security Functions 193 Administration 195 Enforcing Fine-Grained Security 196.NET Framework 197 How.NET Works 199.NET Security 203 J2EE 207 How EJB Works 208 Roles and Responsibilities of CSS, TSS, and Secure Channel 210 Implementation of Security functions 212 Administration 213 Enforcing Fine-Grained Security 216 Summary 217 Chapter 8 Securing.NET Web Services 219 IIS Security Mechanisms 219 Authentication 220 Protecting Data in Transit 221 Access Control 222 Logging 222 Fault Isolation 224 Creating Web Services with Microsoft Technologies 224 Creating Web Services out of COM+ Components 225 Creating Web Services out of COM Components Using SOAP Toolkit 226 Creating Web Services with.net Remoting 228 Creating Web Services Using ASP.NET 229 Implementing Access to ebusiness with ASP.NET Web Services 233

5 xv ASP.NET Web Services Security 234 Authentication 235 Data Protection 243 Access Control 244 Audit 251 Securing Access to ebusiness 256 Summary 257 Chapter 9 Securing Java Web Services 259 Using Java with Web Services 260 Traditional Java Security Contrasted with Web Services Security 261 Authenticating Clients in Java 262 Data Protection 262 Controlling Access 263 How SAML Is Used with Java 263 Assessing an Application Server for Web Service Compatibility 265 JSR Compliance 265 Authentication 266 Authorization 267 Java Tools Available for Web Services 267 Sun FORTE and JWSDP 268 IBM WebSphere and Web Services Toolkit 269 Systinet WASP 270 The Java Web Services Examples 271 Example Using WASP 271 Example Using JWSDP 280 Summary 284 Chapter 10 Interoperability of Web Services Security Technologies 287 The Security Interoperability Problem 288 Between Security Tiers 289 Layered Security 290 Perimeter Security 291 Mid-Tier 294 Back-Office Tier 297 Interoperable Security Technologies 297 Authentication 297 Security Attributes 298 Authorization 300 Maintaining the Security Context 301 Handling Delegation in Web Services 302 Using a Security Framework 305 Client Use of EASI 305 Target Use of EASI 307

6 xvi Contents Securing the Example 307 Framework Authentication 308 Framework Attribute Handling 310 Framework Authorization 310 Example Using JWSDP 311 What Problems Should an EASI Framework Solve? 317 Web Services Support for EASI 318 Making Third-Party Security Products Work Together 318 Federation 319 Liberty Alliance 320 The Internet versus Intranets and Extranets 322 Summary 322 Chapter 11 Administrative Considerations for Web Services Security 325 Introducing Security Administration 325 The Security Administration Problem 326 What about Web Services? 327 Administering Access Control and Related Policies 327 Using Attributes Wisely 328 Taking Advantage of Role-Based Access Control 329 Delegation 341 Audit Administration 343 Authentication Administration 343 How Rich Does Security Policy Need to Be? 344 Administering Data Protection 345 Making Web Services Development and Security Administration Play Well Together 346 Summary 347 Chapter 12 Planning and Building a Secure Web Services Architecture 349 Web Services Security: The Challenges 350 Security Must Be In Place 350 What s So Tough About Security for Web Services? 351 What Is Security? 351 Building Trustworthy Systems 352 Security Evolution Losing Control 354 Dealing with the ilities 355 EASI Principles for Web Services 355 Security Architecture Principles 356 Security Policy Principles 357 Determining Requirements 358 Functional Requirements 360 eportal Security Requirements 360 ebusiness Security Requirements 362 Nonfunctional Requirements 364 Overview of eportal and ebusiness Security Architectures 366

7 xvii Applying EASI 369 eportal EASI Framework 370 Addressing eportal Requirements 372 ebusiness EASI Framework 375 Addressing ebusiness Requirements 378 Deploying Security 381 Perimeter Security 382 Mid-Tier Security 384 Back-Office Security 385 Using a Security Policy Server 386 Self-Administration 386 Large-Scale Administration 387 Storing Security Policy Data 388 Securing UDDI and WSDL 391 Security Gotchas at the System Architecture Level 391 Scaling 392 Performance 392 Summary 393 Glossary 395 References 415 Index 423

JOHN KNEILING APRIL 3-5, 2006 APRIL 6-7, 2006 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)

JOHN KNEILING APRIL 3-5, 2006 APRIL 6-7, 2006 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) TECHNOLOGY TRANSFER PRESENTS JOHN KNEILING CREATING XML AND WEB SERVICES SOLUTIONS SECURING THE WEB SERVICES ENVIRONMENT APRIL 3-5, 2006 APRIL 6-7, 2006 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME

More information

Biometric Single Sign-on using SAML

Biometric Single Sign-on using SAML Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan CISSP Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand the importance of Single Sign-On

More information

Biometric Single Sign-on using SAML Architecture & Design Strategies

Biometric Single Sign-on using SAML Architecture & Design Strategies Biometric Single Sign-on using SAML Architecture & Design Strategies Ramesh Nagappan Java Technology Architect Sun Microsystems Ramesh.Nagappan@sun.com 1 Setting Expectations What you can take away! Understand

More information

SECURING WEB SERVICES

SECURING WEB SERVICES SECURING WEB SERVICES Ahmad Tasnim Siddiqui & Arun Kumar Singh Research Scholar, Singhania University, Pacheri bari, Jhunjhunu Rajasthan, India ABSTRACT HTTP, Web Server and Web Services share very complicated

More information

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform White Paper Delivering Web Services Security: September 2003 Copyright 2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.

More information

Service Oriented Architecture (SOA) Implementation Framework for Satellite Mission Control System Software Design

Service Oriented Architecture (SOA) Implementation Framework for Satellite Mission Control System Software Design Service Oriented Architecture (SOA) Implementation Framework for Satellite Mission Control System Software Design GSAW2006 28 th March 2006 Soon Hie Tan K I Thimothy Nanyang Technological University Singapore

More information

An Overview of Distributed Security Architectures and Integration

An Overview of Distributed Security Architectures and Integration An Overview of Distributed Security Architectures and Integration Don Flinn & Ted Burghart Hitachi Computer Products (America), Inc. DOCSec March 19 th, 2002 What s This Tutorial About?!First Section "

More information

Identity opens the participation age. Dr. Rainer Eschrich. Program Manager Identity Management Sun Microsystems GmbH

Identity opens the participation age. Dr. Rainer Eschrich. Program Manager Identity Management Sun Microsystems GmbH Identity opens the participation age Open Web Single Sign- On und föderierte SSO Dr. Rainer Eschrich Program Manager Identity Management Sun Microsystems GmbH Agenda The Identity is the Network Driving

More information

SPML (Service Provisioning Markup Language) and the Importance of it within the Security Infrastructure Framework for ebusiness

SPML (Service Provisioning Markup Language) and the Importance of it within the Security Infrastructure Framework for ebusiness Interoperability Summit 2002 SPML (Service Provisioning Markup Language) and the Importance of it within the Security Infrastructure Framework for ebusiness Gavenraj Sodhi Senior Technology Analyst Provisioning

More information

Contents at a Glance. 1 Introduction 17. 2 Basic Principles of IT Security 23. 3 Authentication and Authorization in

Contents at a Glance. 1 Introduction 17. 2 Basic Principles of IT Security 23. 3 Authentication and Authorization in at a Glance 1 Introduction 17 2 Basic Principles of IT Security 23 3 Authentication and Authorization in SAP NetWeaver Application Server Java 53 4 Single Sign-On 151 5 Identity Provisioning 289 6 Secure

More information

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion. Web Services Security: OpenSSO and Access Management for SOA Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.com 1 Agenda Need for Identity-based Web services security Single Sign-On

More information

WebLogic Server 7.0 Single Sign-On: An Overview

WebLogic Server 7.0 Single Sign-On: An Overview WebLogic Server 7.0 Single Sign-On: An Overview Today, a growing number of applications are being made available over the Web. These applications are typically comprised of different components, each of

More information

NIST s Guide to Secure Web Services

NIST s Guide to Secure Web Services NIST s Guide to Secure Web Services Presented by Gaspar Modelo-Howard and Ratsameetip Wita Secure and Dependable Web Services National Institute of Standards and Technology. Special Publication 800-95:

More information

JavaPolis 2004 Middleware and Web Services Security

JavaPolis 2004 Middleware and Web Services Security JavaPolis 2004 Middleware and Web Services Security Dr. Konstantin Beznosov Assistant Professor University of British Columbia Do you know what these mean? SOAP WSDL IIOP CSI v2 Overall Presentation Goal

More information

Web Services Security with SOAP Security Proxies

Web Services Security with SOAP Security Proxies Web Services Security with Security Proxies Gerald Brose, PhD Technical Product Manager Xtradyne Technologies AG OMG Web Services Workshop USA 22 April 2003, Philadelphia Web Services Security Risks! Exposure

More information

A Service Oriented Security Reference Architecture

A Service Oriented Security Reference Architecture International Journal of Advanced Computer Science and Information Technology (IJACSIT) Vol. 1, No.1, October 2012, Page: 25-31, ISSN: 2296-1739 Helvetic Editions LTD, Switzerland www.elvedit.com A Service

More information

Digital Signature Web Service Interface

Digital Signature Web Service Interface 1 2 Digital Signature Web Service Interface 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 1 Introduction This document describes an RPC interface for a centralized

More information

Siena Web Services. A Solution To Personal Computing With Established Desktop Programs Exploiting Web Technologies

Siena Web Services. A Solution To Personal Computing With Established Desktop Programs Exploiting Web Technologies A Solution To Personal Computing With Established Desktop Programs Exploiting Web Technologies (c) 2002 Siena Technology Ltd. UK, info@siena-tech.com : Overview Reference Potential for YOU? Requirements

More information

Research and Implementation of Single Sign-On Mechanism for ASP Pattern *

Research and Implementation of Single Sign-On Mechanism for ASP Pattern * Research and Implementation of Single Sign-On Mechanism for ASP Pattern * Bo Li, Sheng Ge, Tian-yu Wo, and Dian-fu Ma Computer Institute, BeiHang University, PO Box 9-32 Beijing 100083 Abstract Software

More information

Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards)

Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards) Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards) Michael P. Papazoglou (INFOLAB/CRISM, Tilburg University, The Netherlands)

More information

Interoperable Provisioning in a Distributed World

Interoperable Provisioning in a Distributed World Interoperable Provisioning in a Distributed World Mark Diodati, Burton Group Ramesh Nagappan, Sun Microsystems Sampo Kellomaki, SymLabs 02/08/07 IAM 302 Contacts Mark Diodati (mdiodati@burtongroup.com)

More information

Chapter 12 GRID SECURITY ARCHITECTURE: Requirements,fundamentals, standards, and models

Chapter 12 GRID SECURITY ARCHITECTURE: Requirements,fundamentals, standards, and models Author manuscript, published in Security in Distributed, Grid, Mobile, and Pervasive Computing, Auerbach Publications, pp. 255-288, April, 2007 https://www.nics.uma.es Security in Distributed, Grid, and

More information

Securing Web Services with WS-Security

Securing Web Services with WS-Security Securing Web Services with WS-Security Demystifying WS-Security, WS-Policy, SAML, XML Signature and XML Encryption jothy Rosenberg David L. Remy SAMS Sams Publishing, 800 East 96th Street, Indianapolis,

More information

Building an ecommerce Solution Architecture

Building an ecommerce Solution Architecture New England Electronic Commerce Users' Group Building an ecommerce Solution Architecture Vin D AmicoD President vin@damicon damicon.com January 2002 Goals Introduce Damicon, LLC Define Architecture Show

More information

Software Requirement Specification Web Services Security

Software Requirement Specification Web Services Security Software Requirement Specification Web Services Security Federation Manager 7.5 Version 0.3 (Draft) Please send comments to: dev@opensso.dev.java.net This document is subject to the following license:

More information

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact Robert C. Broeckelmann Jr., Enterprise Middleware Architect Ryan Triplett, Middleware Security Architect Requirements

More information

HexaCorp. White Paper. SOA with.net. Ser vice O rient ed Ar c hit ecture

HexaCorp. White Paper. SOA with.net. Ser vice O rient ed Ar c hit ecture White Paper SOA with.net Ser vice O rient ed Ar c hit ecture Introduction SOA, a rich technology foundation designed for building distributed service-oriented applications for the enterprise and the web

More information

Lesson 4. An survey of the impact on and use of Web Services in the industry today. Industry 4.1. Industry. 2004 SkillBuilders, Inc. V1.

Lesson 4. An survey of the impact on and use of Web Services in the industry today. Industry 4.1. Industry. 2004 SkillBuilders, Inc. V1. Industry 4.1 Lesson 4 Industry An survey of the impact on and use of Web Services in the industry today. SKILLBUILDERS Industry 4.2 4.2 Lesson Objectives What companies are using it? Popular SOAP Implementations.NET

More information

Introduction into Web Services (WS)

Introduction into Web Services (WS) (WS) Adomas Svirskas Agenda Background and the need for WS SOAP the first Internet-ready RPC Basic Web Services Advanced Web Services Case Studies The ebxml framework How do I use/develop Web Services?

More information

MONDESIR Eunice WEILL-TESSIER Pierre FEDERATED IDENTITY. ASR 2006/2007 Final Project. Supervisers: Maryline Maknavicius-Laurent, Guy Bernard

MONDESIR Eunice WEILL-TESSIER Pierre FEDERATED IDENTITY. ASR 2006/2007 Final Project. Supervisers: Maryline Maknavicius-Laurent, Guy Bernard MONDESIR Eunice WEILL-TESSIER Pierre FEDERATED IDENTITY ASR 2006/2007 Final Project Supervisers: Maryline Maknavicius-Laurent, Guy Bernard Federated Identity Project topic Superviser: Maryline Maknavicius

More information

DISTRIBUTED SYSTEMS SECURITY

DISTRIBUTED SYSTEMS SECURITY DISTRIBUTED SYSTEMS SECURITY Issues, Processes and Solutions Abhijit Belapurkar, Yahoo! Software Development India Pvt. Ltd., India Anirban Chakrabarti, Infosys Technologies Ltd., India Harigopal Ponnapalli,

More information

Run-time Service Oriented Architecture (SOA) V 0.1

Run-time Service Oriented Architecture (SOA) V 0.1 Run-time Service Oriented Architecture (SOA) V 0.1 July 2005 Table of Contents 1.0 INTRODUCTION... 1 2.0 PRINCIPLES... 1 3.0 FERA REFERENCE ARCHITECTURE... 2 4.0 SOA RUN-TIME ARCHITECTURE...4 4.1 FEDERATES...

More information

SCUR203 Why Do We Need Security Standards?

SCUR203 Why Do We Need Security Standards? SCUR203 Why Do We Need Security Standards? Cristina Buchholz Product Security, SAP Learning Objectives As a result of this workshop, you will be able to: Recognize the need for standardization Understand

More information

<Insert Picture Here> Oracle Web Services Manager (WSM)

<Insert Picture Here> Oracle Web Services Manager (WSM) Oracle Web Services Manager (WSM) Marc Chanliau Director, Product Management Outline Introduction Product Overview Typical Use-Case Scenarios Roadmap Q & A Introduction

More information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 OTM and SOA Mark Hagan Principal Software Engineer Oracle Product Development Content What is SOA? What is Web Services Security? Web Services Security in OTM Futures 3 PARADIGM 4 Content What is SOA?

More information

Service Virtualization: Managing Change in a Service-Oriented Architecture

Service Virtualization: Managing Change in a Service-Oriented Architecture Service Virtualization: Managing Change in a Service-Oriented Architecture Abstract Load balancers, name servers (for example, Domain Name System [DNS]), and stock brokerage services are examples of virtual

More information

TECHNOLOGY GUIDE THREE. Emerging Types of Enterprise Computing

TECHNOLOGY GUIDE THREE. Emerging Types of Enterprise Computing TECHNOLOGY GUIDE THREE Emerging Types of Enterprise Computing TECHNOLOGY GU IDE OUTLINE TG3.1 Introduction TG3.2 Server Farms TG3.3 Virtualization TG3.4 Grid Computing TG3.5 Utility Computing TG3.6 Cloud

More information

GRID COMPUTING Techniques and Applications BARRY WILKINSON

GRID COMPUTING Techniques and Applications BARRY WILKINSON GRID COMPUTING Techniques and Applications BARRY WILKINSON Contents Preface About the Author CHAPTER 1 INTRODUCTION TO GRID COMPUTING 1 1.1 Grid Computing Concept 1 1.2 History of Distributed Computing

More information

STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN

STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN 1 Venkadesh.M M.tech, Dr.A.Chandra Sekar M.E., Ph.d MISTE 2 1 ResearchScholar, Bharath University, Chennai 73, India. venkadeshkumaresan@yahoo.co.in 2 Professor-CSC

More information

Java Security Web Services Security (Overview) Lecture 9

Java Security Web Services Security (Overview) Lecture 9 Java Security Web Services Security (Overview) Lecture 9 Java 2 Cryptography Java provides API + SPI for crypto functions Java Cryptography Architecture Security related core classes Access control and

More information

Title: A Client Middleware for Token-Based Unified Single Sign On to edugain

Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Title: A Client Middleware for Token-Based Unified Single Sign On to edugain Sascha Neinert Computing Centre University of Stuttgart, Allmandring 30a, 70550 Stuttgart, Germany e-mail: sascha.neinert@rus.uni-stuttgart.de

More information

Federated Identity Management Solutions

Federated Identity Management Solutions Federated Identity Management Solutions Jyri Kallela Helsinki University of Technology jkallela@cc.hut.fi Abstract Federated identity management allows users to access multiple services based on a single

More information

Federated Identity and Trust Management

Federated Identity and Trust Management Redpaper Axel Buecker Paul Ashley Neil Readshaw Federated Identity and Trust Management Introduction The cost of managing the life cycle of user identities is very high. Most organizations have to manage

More information

Research on the Model of Enterprise Application Integration with Web Services

Research on the Model of Enterprise Application Integration with Web Services Research on the Model of Enterprise Integration with Web Services XIN JIN School of Information, Central University of Finance& Economics, Beijing, 100081 China Abstract: - In order to improve business

More information

Christoph Bussler. B2B Integration. Concepts and Architecture. With 165 Figures and 4 Tables. IIIBibliothek. Springer

Christoph Bussler. B2B Integration. Concepts and Architecture. With 165 Figures and 4 Tables. IIIBibliothek. Springer Christoph Bussler B2B Integration Concepts and Architecture With 165 Figures and 4 Tables IIIBibliothek Springer Contents Part I Introduction to Business-to-Business Integration.... 1 1 History 3 1.1 Why

More information

Contents. Client-server and multi-tier architectures. The Java 2 Enterprise Edition (J2EE) platform

Contents. Client-server and multi-tier architectures. The Java 2 Enterprise Edition (J2EE) platform Part III: Component Architectures Natividad Martínez Madrid y Simon Pickin Departamento de Ingeniería Telemática Universidad Carlos III de Madrid {nati, spickin}@it.uc3m.es Introduction Contents Client-server

More information

What Is the Java TM 2 Platform, Enterprise Edition?

What Is the Java TM 2 Platform, Enterprise Edition? Page 1 de 9 What Is the Java TM 2 Platform, Enterprise Edition? This document provides an introduction to the features and benefits of the Java 2 platform, Enterprise Edition. Overview Enterprises today

More information

Security solutions Executive brief. Understand the varieties and business value of single sign-on.

Security solutions Executive brief. Understand the varieties and business value of single sign-on. Security solutions Executive brief Understand the varieties and business value of single sign-on. August 2005 2 Contents 2 Executive overview 2 SSO delivers multiple business benefits 3 IBM helps companies

More information

The OMA Perspective On SOA in Telecoms

The OMA Perspective On SOA in Telecoms The OMA Perspective On SOA in Telecoms Adopting SOA for Telecom Workshop, Open Standards Forum 2008 Ditton Manor, 30 September 3 October 2008 Musa Unmehopa» Chairman OMA Architecture Working Group» Distinguished

More information

A standards-based approach to application integration

A standards-based approach to application integration A standards-based approach to application integration An introduction to IBM s WebSphere ESB product Jim MacNair Senior Consulting IT Specialist Macnair@us.ibm.com Copyright IBM Corporation 2005. All rights

More information

Interoperable, Federated Identity Management Frameworks Across Enterprise Architectures. We can do this.

Interoperable, Federated Identity Management Frameworks Across Enterprise Architectures. We can do this. Interoperable, Federated Identity Management Frameworks Across Enterprise Architectures. We can do this. Scott McGrath COO Organization for the Advancement of Structured Information Standards A diverse

More information

SAML Federated Identity at OASIS

SAML Federated Identity at OASIS International Telecommunication Union SAML Federated Identity at OASIS Hal Lockhart BEA Systems Geneva, 5 December 2006 SAML and the OASIS SSTC o SAML: Security Assertion Markup Language A framework for

More information

Distributed Systems and Recent Innovations: Challenges and Benefits

Distributed Systems and Recent Innovations: Challenges and Benefits Distributed Systems and Recent Innovations: Challenges and Benefits 1. Introduction Krishna Nadiminti, Marcos Dias de Assunção, and Rajkumar Buyya Grid Computing and Distributed Systems Laboratory Department

More information

Oracle WebSeminar Business Process Management gebaseerd op de BPEL standaard

Oracle WebSeminar Business Process Management gebaseerd op de BPEL standaard Oracle WebSeminar Business Process Management gebaseerd op de BPEL standaard Sandor Nieuwenhuijs sandor.nieuwenhuijs@oracle.com Oracle Corporation Agenda Introduction and SOA Service Orchestration BPEL

More information

Service Oriented Architecture (SOA) Architecture, Governance, Standards and Technologies

Service Oriented Architecture (SOA) Architecture, Governance, Standards and Technologies Service Oriented Architecture (SOA) Architecture, Governance, Standards and Technologies 3-day seminar Give Your Business the Competitive Edge SOA has rapidly seized the momentum and center stage because

More information

Management. Oracle Fusion Middleware. 11 g Architecture and. Oracle Press ORACLE. Stephen Lee Gangadhar Konduri. Mc Grauu Hill.

Management. Oracle Fusion Middleware. 11 g Architecture and. Oracle Press ORACLE. Stephen Lee Gangadhar Konduri. Mc Grauu Hill. ORACLE Oracle Press Oracle Fusion Middleware 11 g Architecture and Management Reza Shafii Stephen Lee Gangadhar Konduri Mc Grauu Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan

More information

On A-Select and Federated Identity Management Systems

On A-Select and Federated Identity Management Systems On A-Select and Federated Identity Management Systems Joost Reede August 4, 2007 Master s Thesis Information Systems Chair Computer Science Department University of Twente ii This thesis is supervised

More information

SAML basics A technical introduction to the Security Assertion Markup Language

SAML basics A technical introduction to the Security Assertion Markup Language SAML basics A technical introduction to the Security Assertion Markup Language WWW2002 Eve Maler, XML Standards Architect XML Technology Center Sun Microsystems, Inc. Agenda The problem space SAML concepts

More information

Authentication and Authorization Systems in Cloud Environments

Authentication and Authorization Systems in Cloud Environments Authentication and Authorization Systems in Cloud Environments DAVIT HAKOBYAN Master of Science Thesis Stockholm, Sweden 2012 TRITA-ICT-EX-2012:203 Abstract The emergence of cloud computing paradigm offers

More information

Developing. and Securing. the Cloud. Bhavani Thuraisingham CRC. Press. Taylor & Francis Group. Taylor & Francis Croup, an Informs business

Developing. and Securing. the Cloud. Bhavani Thuraisingham CRC. Press. Taylor & Francis Group. Taylor & Francis Croup, an Informs business Developing and Securing the Cloud Bhavani Thuraisingham @ CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an Informs business AN AUERBACH

More information

XML Signatures in an Enterprise Service Bus Environment

XML Signatures in an Enterprise Service Bus Environment XML Signatures in an Enterprise Bus Environment Eckehard Hermann Research & Development XML Integration Uhlandstraße 12 64297 Darmstadt, Germany Eckehard.Hermann@softwareag.com Dieter Kessler Research

More information

Sun Infrastructure Solution for Network Identity Seamlessly extend secure access to your enterprise fast, with reduced deployment time and cost

Sun Infrastructure Solution for Network Identity Seamlessly extend secure access to your enterprise fast, with reduced deployment time and cost Sun Infrastructure Solution for Network Identity Seamlessly extend secure access to your enterprise fast, with reduced deployment time and cost Timothy Siu SE Manager, JES Nov/10/2003 sun.com/solutions/

More information

Simplifying Processes Interoperability with a Service Oriented Architecture

Simplifying Processes Interoperability with a Service Oriented Architecture Why SOA? Simplifying Processes Interoperability with a Service Oriented Architecture Zak Merzouki, Software Architecture and Technology Director BDPA 11/20/2008 Perspective "Things should be made as simple

More information

Oracle Fusion Middleware

Oracle Fusion Middleware Oracle Fusion Middleware Administrator s Guide for Oracle Directory Integration Platform 11g Release 1 (11.1.1) E10031-03 April 2010 Oracle Fusion Middleware Administrator's Guide for Oracle Directory

More information

ERIE COMMUNITY COLLEGE COURSE OUTLINE A. COURSE NUMBER CS 216 - ADVANCED WEB DEVELOPMENT & PROGRAMMING II

ERIE COMMUNITY COLLEGE COURSE OUTLINE A. COURSE NUMBER CS 216 - ADVANCED WEB DEVELOPMENT & PROGRAMMING II ERIE COMMUNITY COLLEGE COURSE OUTLINE A. COURSE NUMBER AND TITLE: CS 216 - ADVANCED WEB DEVELOPMENT & PROGRAMMING II B. CURRICULUM: Mathematics / Computer Science Unit Offering PROGRAM: Web-Network Technology

More information

Tool Support for Developing Scalable J2EE Web Service Architectures. Guus Ramackers Application Development Tools Oracle Corporation

Tool Support for Developing Scalable J2EE Web Service Architectures. Guus Ramackers Application Development Tools Oracle Corporation Tool Support for Developing Scalable J2EE Web Service Architectures Guus Ramackers Application Development Tools Oracle Corporation guus.ramackers@oracle.com www.oracle.com Using All This in Real Life

More information

White paper December 2008. Addressing single sign-on inside, outside, and between organizations

White paper December 2008. Addressing single sign-on inside, outside, and between organizations White paper December 2008 Addressing single sign-on inside, outside, and between organizations Page 2 Contents 2 Overview 4 IBM Tivoli Unified Single Sign-On: Comprehensively addressing SSO 5 IBM Tivoli

More information

Enterprise Server and Direct COBOL Web Services

Enterprise Server and Direct COBOL Web Services Enterprise Server and Direct COBOL Web Services Abstract This paper is aimed at architects and IT managers who are grappling with the complexity of diverse technologies including COBOL, Java,.NET and Web

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Angel Dichev RIG, SAP Labs

Angel Dichev RIG, SAP Labs Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine SSL

More information

Web Service Authorization Framework

Web Service Authorization Framework Web Service Authorization Framework Thomas Ziebermayr, Stefan Probst Software Competence Center Hagenberg, Hauptstrasse 99, 4232 Hagenberg, Austria thomas.ziebermayr@scch.at, stefan.probst@scch.at Abstract

More information

Introduction to Web services architecture

Introduction to Web services architecture Introduction to Web services architecture by K. Gottschalk S. Graham H. Kreger J. Snell This paper introduces the major components of, and standards associated with, the Web services architecture. The

More information

Security Assertion Markup Language (SAML)

Security Assertion Markup Language (SAML) CS 595G 02/14/06 Security Assertion Markup Language (SAML) Vika Felmetsger 1 SAML as OASIS Standard OASIS Open Standard SAML V2.0 was approved in March, 2005 Blending of two earlier efforts on portable

More information

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On A Federated Authorization and Authentication Infrastructure for Unified Single Sign On Sascha Neinert Computing Centre University of Stuttgart Allmandring 30a 70550 Stuttgart sascha.neinert@rus.uni-stuttgart.de

More information

Identity, Privacy, and Data Protection in the Cloud XACML. David Brossard Product Manager, Axiomatics

Identity, Privacy, and Data Protection in the Cloud XACML. David Brossard Product Manager, Axiomatics Identity, Privacy, and Data Protection in the Cloud XACML David Brossard Product Manager, Axiomatics 1 What you will learn The issue with authorization in the cloud Quick background on XACML 3 strategies

More information

Practical Hadoop. Security. Bhushan Lakhe

Practical Hadoop. Security. Bhushan Lakhe Practical Hadoop Security Bhushan Lakhe Contents J About the Author About the Technical Reviewer Acknowledgments Introduction xiii xv xvii xix Part I: Introducing Hadoop and Its Security 1 Chapter 1: Understanding

More information

CHAPTER - 3 WEB APPLICATION AND SECURITY

CHAPTER - 3 WEB APPLICATION AND SECURITY CHAPTER - 3 WEB APPLICATION AND SECURITY 3.1 Introduction Web application or Wepapp is the general term that is normally used to refer to all distributed web-based applications. According to the more technical

More information

Sometimes it's better to be STUCK! SAML Transportation Unit for Cryptographic Keys 28.11.2012

Sometimes it's better to be STUCK! SAML Transportation Unit for Cryptographic Keys 28.11.2012 Sometimes it's better to be STUCK! SAML Transportation Unit for Cryptographic Keys 28.11.2012 Horst Görtz Institute for IT-Security Source: http://3.bp.blogspot.com Source: http://3.bp.blogspot.com How

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

Redpaper. IBM Tivoli Security Solutions for Microsoft Software Environments. Front cover. ibm.com/redbooks

Redpaper. IBM Tivoli Security Solutions for Microsoft Software Environments. Front cover. ibm.com/redbooks Front cover IBM Tivoli Security Solutions for Microsoft Software Environments Explaining common architecture and standards Deploying on Microsoft operating systems Securing Microsoft software environments

More information

What is a Web service?

What is a Web service? What is a Web service? Many people and companies have debated the exact definition of Web services. At a minimum, however, a Web service is any piece of software that makes itself available over the Internet

More information

Web Services Security Standards Forum. Dr. Phillip M. Hallam-Baker C.Eng. FBCS VeriSign Inc.

Web Services Security Standards Forum. Dr. Phillip M. Hallam-Baker C.Eng. FBCS VeriSign Inc. Web Services Security Standards Forum Dr. Phillip M. Hallam-Baker C.Eng. FBCS VeriSign Inc. Web Services Security Standards For Um For um: Meeting to tell people that everyone agrees on an issue Walk the

More information

Extending DigiD to the Private Sector (DigiD-2)

Extending DigiD to the Private Sector (DigiD-2) TECHNISCHE UNIVERSITEIT EINDHOVEN Department of Mathematics and Computer Science MASTER S THESIS Extending DigiD to the Private Sector (DigiD-2) By Giorgi Moniava Supervisors: Eric Verheul (RU, PwC) L.A.M.

More information

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam (CAT-140) Version 1.4 - PROPRIETARY AND CONFIDENTIAL INFORMATION - These educational materials (hereinafter referred to as

More information

Jamcracker W3C Web Services Workshop Position Paper

Jamcracker W3C Web Services Workshop Position Paper Jamcracker W3C Web s Workshop Position Paper Author: David Orchard (Jamcracker) dorchard@jamcracker.com Date: April 11-12 th 2001 Executive Summary This paper details Jamcracker s position on the directions

More information

JVA-122. Secure Java Web Development

JVA-122. Secure Java Web Development JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard

More information

A Signing Proxy for Web Services Security. Dr. Ingo Melzer RIC/ED

A Signing Proxy for Web Services Security. Dr. Ingo Melzer RIC/ED A Signing Proxy for Web Services Security Dr. Ingo Melzer RIC/ED What is a Web Service? Infrastructure Web Service I. Melzer -- A Signing Proxy for Web Services Security 2 What is a Web Service? basic

More information

Enterprise Application Integration (EAI) Architectures, Technologies, and Best Practices

Enterprise Application Integration (EAI) Architectures, Technologies, and Best Practices Enterprise Application Integration (EAI) Architectures, Technologies, and Best Practices Give Your Business the Competitive Edge IT managers have been under increasing pressure to migrate a portfolio of

More information

ELM Manages Identities of 4 Million Government Program Users with. Identity Server

ELM Manages Identities of 4 Million Government Program Users with. Identity Server ELM Manages Identities of 4 Million Government Program Users with Identity Server ELM Implements Single Sign-on With WSO2 Identity Server to Streamline Administration, Improve Productivity, and Reduce

More information

Architectural Overview

Architectural Overview Architectural Overview Version 7 Part Number 817-2167-10 March 2003 A Sun ONE Application Server 7 deployment consists of a number of application server instances, an administrative server and, optionally,

More information

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET http:// GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET Manisha Dawra 1, Ramdev Singh 2 1 Al-Falah School of Engg. & Tech., Vill-Dhauj, Ballabgarh-Sohna Road, Faridabad, Haryana (INDIA)-121004

More information

A DEPLOYMENT-READY SOLUTION FOR ADDING QUALITY-OF-SERVICE FEATURES TO WEB SERVICES

A DEPLOYMENT-READY SOLUTION FOR ADDING QUALITY-OF-SERVICE FEATURES TO WEB SERVICES A DEPLOYMENT-READY SOLUTION FOR ADDING QUALITY-OF-SERVICE FEATURES TO WEB SERVICES O. Hasan Department of Computer Science, Drexel University, Philadelphia, PA 19104, USA B.W. Char Department of Computer

More information

Increasing IT flexibility with IBM WebSphere ESB software.

Increasing IT flexibility with IBM WebSphere ESB software. ESB solutions White paper Increasing IT flexibility with IBM WebSphere ESB software. By Beth Hutchison, Katie Johnson and Marc-Thomas Schmidt, IBM Software Group December 2005 Page 2 Contents 2 Introduction

More information

An Oracle White Paper Dec 2013. Oracle Access Management Security Token Service

An Oracle White Paper Dec 2013. Oracle Access Management Security Token Service An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,

More information

IBM WebSphere Application Server

IBM WebSphere Application Server IBM WebSphere Application Server SAML 2.0 web single-sign-on 2012 IBM Corporation This presentation describes support for SAML 2.0 web browser Single Sign On profile included in IBM WebSphere Application

More information

Enterprise SOA Service activity monitoring

Enterprise SOA Service activity monitoring Enterprise SOA activity monitoring Michael Herr Head of SOPSOLUTIONS CITT Expertengespräch, 19. Juni 2006 AGENDA Business oriented SOA: Agility and Flexibility Application Integration: Policy-driven ESB

More information

Redpaper Axel Buecker Craig Forster Sridhar Muppidi Borna Safabakhsh

Redpaper Axel Buecker Craig Forster Sridhar Muppidi Borna Safabakhsh Redpaper Axel Buecker Craig Forster Sridhar Muppidi Borna Safabakhsh IBM Tivoli Security Policy Manager Introduction In a growing number of enterprises, policies are the key mechanism by which the capabilities

More information

Multi-Level Secure Architecture for Distributed Integrated Web Services

Multi-Level Secure Architecture for Distributed Integrated Web Services Multi-Level Secure Architecture for Distributed Integrated Web s J.G.R.Sathiaseelan Bishop Heber College (Autonomous) Tiruchirappalli 620 017, India jgrsathiaseelan@gmail.com S.Albert Rabara St Joseph

More information

Web Services and Service Oriented Architectures. Thomas Soddemann, RZG

Web Services and Service Oriented Architectures. Thomas Soddemann, RZG Web Services and Service Oriented Architectures, RZG Delaman Workshop 2004 Overview The Garching Supercomputing Center - RZG Diving into the world of Web Services Service Oriented Architectures And beyond

More information

Nationwide and Regional Health Information Networks and Federated Identity for Authentication and HIPAA Compliance

Nationwide and Regional Health Information Networks and Federated Identity for Authentication and HIPAA Compliance Nationwide and Regional Health Information Networks and Federated Identity for Authentication and HIPAA Compliance Christina Stephan, MD Co-Chair Liberty Alliance ehealth SIG National Library of Medicine

More information