Technik und Informatik. SOAP Security. Prof. Dr. Eric Dubuis Berner Fachhochschule Biel. Version April 11, 2012

Size: px
Start display at page:

Download "Technik und Informatik. SOAP Security. Prof. Dr. Eric Dubuis Berner Fachhochschule Biel. Version April 11, 2012"

Transcription

1 SOAP Security Prof. Dr. Eric Dubuis Berner Fachhochschule Biel Version April 11, 2012

2 Overview Motivation Transport security versus SOAP Security WS-Security stack overview Structure of secured SOAP messages Security tokens Encrypting SOAP messages Signing SOAP messages Timestamps SOAP Security 2

3 Motivation SOAP messages are text documents As such, they contain valuable data in clear-text Such data may be confidential Such data may be subject to tampering Starting point for SOAP security is: SOAP Message Security 1.1 (WS-Security 2004) SOAP Security 3

4 Position of SOAP Security Application level XML Documents XML Signature XML Encryption Message level SOAP Message WS-Security Transport level TCP SSL / TLS XML Signature: XML Encryption: WS-Security, SOAP Message Security: SSL, Secure Socket Layer: TLS, Transport Layer Security: SOAP Security 4

5 Transport Security versus Message Security Client Server Client Program Server Program Message SSL/TLS SSL/TLS Message client: messages in the clear in the pipe: messages encrypted back and forth server: messages in the clear SSL, Secure Socket Layer: TLS, Transport Layer Security: SOAP Security 5

6 Transport Security versus Message Security Transport security Pros: mature big support well understood relatively simple Cons: point to point only all-or-nothing security Message security Pros: security attached to the message itself selective flexible Cons: complex many standards SOAP Security 6

7 WS-Security Stack Source: SOAP Security 7

8 WS-Security Namespaces For These Slides Prefix Short for Namespace ds XML signature http ://www.w3.org/2000/09/xmldsig# wsse wsu xenc WS-Security extension Web services utility XML encryption http ://www.docs.oasis-open.org/ wss/2004/01/oasis wsswssecurity-secext-1.0.xsd http ://www.docs.oasis-open.org/ wss/2004/01/oasis wsswssecurity-utility-1.0.xsd http ://www.w3.org/2001/04/xmlenc# Unless otherwise noted, SOAP Message Security 1.1 is addressed in these notes, see WS-Security: SOAP Security 8

9 Extending SOAP with Security: Structure (I) <S:Envelope> <S:Header> <wsse:security> <!-- see next slide --> </wsse:security> </S:Header> Content of the XML S:Body element is encrypted. <S:Body Id= body > <xenc:encrypteddata Id="bodyID" Type="http://www.w3.org/2001/04/xmlenc#Content">... </xenc:encrypteddata> </S:Body> </S:Envelope> SOAP 1.1: SOAP 1.2: SOAP Security 9

10 Extending SOAP with Security: Structure (II) The optional encrypted key list carries the encrypted keys used for encryption. The signatures are performed prior to encryption! <wsse:security>... <!-- XML encrypted key --> <xenc:encryptedkey>...</xenc:encryptedkey> <!-- XML encryption reference list --> <xenc:referencelist> <xenc:datareference URI="#tokenID"/> <xenc:datareference URI="#bodyID"/> </xenc:referencelist> <!-- Security Token --> The optional reference list is a manifest of encrypted portions of the SOAP message. <xenc:encrypteddata Id="tokenID"...></xenc:EncryptedData> <!-- XML Signature --> <ds:signature>... <ds:reference URI="#timestamp">...</ds:Reference> <ds:reference URI="#body">...</ds:Reference> </ds:signature> </wsse:security> SOAP Security 10

11 Extending SOAP with Security: Summary of Structural Elements The following elements can be embedded within the <wsse:security> element: Encrypted Keys zero, one, or more of embedded keys Reference List zero, one, or more of references to encrypted parts Security Tokens zero, one, or more (but usually not more than one) security tokens may be encrypted Signatures zero, one, or more XML signatures. If an XML signature is included, at minimum it signs all or part of the SOAP body SOAP Security 11

12 Encrypted Key Element <xenc:encryptedkey Id="_5002"..."> <xenc:encryptionmethod..."/> <ds:keyinfo..."> <wsse:securitytokenreference> <ds:x509data> <ds:x509issuerserial> <ds:x509issuername>cn=...</ds:x509issuername> <ds:x509serialnumber>2</ds:x509serialnumber> </ds:x509issuerserial> </ds:x509data> </wsse:securitytokenreference> </ds:keyinfo> <xenc:cipherdata> <xenc:ciphervalue>oo...yc=</xenc:ciphervalue> </xenc:cipherdata> </xenc:encryptedkey> SOAP Security 12

13 Reference List Shows encrypted parts of the SOAP message Optional <xenc:referencelist..."> <xenc:datareference URI="#_5009"/> <xenc:datareference URI="#_5010"/> </xenc:referencelist> SOAP Security 13

14 Security Tokens: Overview Examples of Security Tokens: User name with password token X.509 certificate token } Kerberos ticket binary Encrypted data token SAML assertion Types of Security Tokens: User name tokens (two variants) binary tokens (many) XML tokens (many) tokens Most often encrypted. Security token that is encrypted. The recipient knows how to decrypt it to obtain the effective token. SOAP Security 14

15 Security Tokens: User Name Token Basic <UsernameToken> with clear-text password <S:Envelope> <S:Header>... <wsse:security> <wsse:usernametoken> <wsse:username>alice</wsse:username> <wsse:password>ilovedogs</wsse:password> </wsse:usernametoken> </wsse:security>... </S:Header>... </S:Envelope> Username Token Profile 1.1: SOAP Security 15

16 Security Tokens: User Name with Password Digest Basic Idea: Provides an alternative to the clear-text password approach Sender hashes some random information with the password Receiver performs the same process Receiver compares the computed value with the one received Further Elements: Nonce: A random value to prevent reply attack. That is, the receiver caches the values obtained so far, and discards any request having the same value. Time stamp: Allows to clear the server's cache from old, obsolete entries. Password Digest = Base64 ( SHA-1 ( nonce + created + password ) ) SOAP Security 16

17 Security Tokens: Example of User Name with Password Digest <wsse:security> <wsse:usernametoken xmlns:wsse="...wss-wssecurity-secext-1.0.xsd" xmlns:wsu="...wss-wssecurity-utility-1.0.xsd"> <wsse:username>alice</wsse:username> <wsse:password Type="wsse:PasswordDigest"> D2A12DFE8D9F0C6BB82C89B091DF5C8A872F94DC </wsse:password> <wsse:nonce>efd89f06ccb28c89</wsse:nonce> <wsu:created> t09:00:00z</wsu:created> </wsse:usernametoken> </wsse:security> You don't see the real password here... SOAP Security 17

18 Binary Security Tokens: Overview Template for binary tokens: <wsse:binarysecuritytoken wsu:id=... EncodingType=... ValueType=...>...Binary Data... <wsse:binarysecuritytoken/> Encoding type: how is the binary data encoded. Most often: wsse:base64binary Value type: type of token. Can be an X.509 V3 certificate or one of the Kerberos tickets. SOAP Security 18

19 X.509 V3 Certificate as Binary Token An example of a X.509 V3 certificate as a binary token looks like: <wsse:binarysecuritytoken Id="myX509Token" ValueType="wsse:X509v3" EncodingType="wsse:Base64Binary">NIFEPzQ......CrAwIBAgIQEm FExErTECA</wsse:BinarySecurityToken> With a certificate, you authenticate yourself with the receiver by signing an element with your private key, such that the receiver can validate the signed element with the help of the certificate's public key, provided the receiver trusts the certificate authority. X.509 Certificate Token Profile 1.1: SOAP Security 19

20 Relating an XML Signature with a X.509 V3 Certificate You learned: XML signature (optionally) has a KeyInfo element: <ds:keyinfo> <ds:keyvalue>...</ds:keyvalue> <ds:x509data>...</ds:x509data> </ds:keyinfo> WS-Security recommends however: <ds:keyinfo> <wsse:securitytokenreference> <wsse:reference URI="#myX509Token"/> </wsse:securitytokenreference> </ds:keyinfo> You don't include the certifcate here but you reference it... SOAP Security 20

21 Kerberos Tokens Two types of tokens: Ticket Granting Ticket (TGT) Service Ticket (ST) You specify the type of Kerberos token with the attribute ValueType. An example of a TGT Kerberos token looks like: <wsse:binarysecuritytoken wsu:id="mykerberostoken" ValueType="wsse:Kerberosv5TGT" EncodingType="wsse:Base64Binary">ABCDEFG...CrAwIBAgIQEm... QwErTY</wsse:BinarySecurityToken> Kerberos Token Profile 1.1: SOAP Security 21

22 XML Tokens Several kinds of XML tokens exist: SAML assertions XrML / REL tokens XCBF tokens We will discuss SAML assertions in a later session. SOAP Security 22

23 Encrypted Data Tokens (in <Security> Header) A token that needs to be decrypted by the recipient An <xenc:encrypteddata> element is used <xenc:encrypteddata Id="_5009"...> <xenc:encryptionmethod Algorithm="...#aes128-cbc"/> <ds:keyinfo...> <wsse:securitytokenreference wsse11:tokentype="...#encryptedkey"> <wsse:reference URI="#_5002" ValueType="...#EncryptedKey"/> </wsse:securitytokenreference> </ds:keyinfo> <xenc:cipherdata> <xenc:ciphervalue>yw...==</xenc:ciphervalue> </xenc:cipherdata> </xenc:encrypteddata> Encrypted Data Tokens: 6.5 SOAP Security 23

24 Referencing Security Tokens In XML, you'll use Id and Key as an identifier. Different types in security tokens different strategies for unique identifiers Problem: How to references security tokens in other places? Solution: WS-Security introduces Security Token References Within a Security Token Reference, there are three possibilities: direct element key identifier key name (not recommended due to uniqueness problem) Additional alternative: You can embed the security token directly in the Security Token Reference. SOAP Security 24

25 Example of a Direct Security Token Reference A direct Security Token Reference looks like: <wsse:securitytokenreference xmlns:wsse="...wss-wssecurity-secext-1.0.xsd"> <wsse:reference URI="http://www.company.com/certs/alice#X509token" ValueType="wsse:X509v3"/> </wsse:securitytokenreference> SOAP Security 25

26 Example of a Key Identified Security Token Reference A direct Key Identified Security Token Reference looks like: <wsse:securitytokenreference> <wsse:keyidentifier ValueType="wsse:X509v3"> uthyqbrcgfu4xmo14md/iygyyig= </wsse:keyidentifier> </wsse:securitytokenreference> SOAP Security 26

27 Example of an Embedded Security Token A security token can be embedded into a Security Token Reference: <wsse:securitytokenreference> <wsse:embedded> <wsse:binarysecuritytoken ValueType="wsse:X509v3" EncodingType="wsse:Base64Binary" wsu:id="x509token"> MIIEZzCCA9CgAwIBAgIQEmtJZc0rqrKh5i... </wsse:binarysecuritytoken> </wsse:embedded> </wsse:securitytokenreference> SOAP Security 27

28 Signature Used to sign different parts of the SOAP message <ds:signature...> <ds:signedinfo> <ds:canonicalizationmethod...>...</ds:canonicalizationmethod> <ds:signaturemethod Algorithm="...#hmac-sha1"/> <ds:reference URI="#_5003"> <ds:transforms>...</ds:transforms> <ds:digestmethod Algorithm=".../xmldsig#sha1"/> <ds:digestvalue>oyq...=</ds:digestvalue> </ds:reference>... </ds:signedinfo> <ds:signaturevalue>0...=</ds:signaturevalue> <ds:keyinfo> Many references to signed parts of the SOAP message... <wsse:securitytokenreference...>...</wsse:securitytokenreference> </ds:keyinfo> </ds:signature> SOAP Security 28

29 Encrypting SOAP Messages On SOAP message encryption: Based on XML encryption However, a few features needs to be discussed in the context of SOAP encryption Envelope, Header and Body tags are never encrypted Modes of Encryption: Shared key XML encryption Wrapped key XML encryption Encrypting attachments (not discussed) Examples are given on the next slides. SOAP Security 29

30 SOAP Encryption Based on Shared Key XML Encryption Assume a shared key is known to the sender and receiver An optional Reference List in the security header points to the parts of the message that have been encrypted: <S:Envelope> <S:Header> <wsse:security> <xenc:referencelist> <xenc:datareference URI="#body"/> </xenc:referencelist> </wsse:security> </S:Header> <S:Body> <xenc:encrypteddata Id="body"> <xenc:cipherdata>...</xenc:cipherdata> </xenc:encrypteddata> </S:Body> </S:Envelope> Encrypted data, shared secret key is know to the receiver. SOAP Security 30

31 SOAP Encryption Based on Wrapped Key XML Encryption (I) Generated, symmetric key is used for encrypting (parts of) the body ( shared key) Then, the shared key is encrypted using the recipient's public key <S:Envelope> <S:Header> <wsse:security> <xenc:encryptedkey> <xenc:encryptionmethod Algorithm="..."/> <ds:keyinfo> <wsse:securitytokenreference> <wsse:keyidentifier EncodingType="wsse:Base64Binary" ValueType="wsse:X509v3">F2J...</wsse:KeyIdentifier> </wsse:securitytokenreference> </ds:keyinfo> <xenc:cipherdata>aecdjs78wea...yxc</xenc:cipherdata> <xenc:referencelist> <xenc:datareference URI= #body /> </xenc:referencelist> </xenc:encryptedkey> </wsse:security> </S:Header> Which key to use for decrypting shared key? What is encrypted? Encrypted shared key SOAP Security Note: List can be outside of the 31 EncryptedKey element.

32 SOAP Encryption Based on Wrapped Key XML Encryption (II) Encrypted body: <S:Envelope>... <S:Body> <xenc:encrypteddata Id="body"> <xenc:cipherdata> <xenc:ciphervalue>...</xenc:ciphervalue> </xenc:cipherdata> </xenc:encrypteddata> </S:Body> </S:Envelope> SOAP Security 32

33 Signing SOAP Messages Used for verifying message integrity Used for verifying security token integrity XML signatures are put into the security header The detached signature model is the only one allowed (due to the mutability of headers) <S:Envelope> <S:Header> <wsse:security> <ds:signature> <ds:reference URI= #body >... <S:Body Id= body > SOAP Security 33

34 An Example of a Signed SOAP Message (I) <S:Envelope> <S:Header> This is an X509 <wsse:security> certificate used as <wsse:binarysecuritytoken security token ValueType="wsse:X509v3" EncodingType="wsse:Base64Binary" wsu:id="x509token">figezzcr...</wsse:binarysecuritytoken> <ds:signature> <ds:signedinfo> <ds:canonicalizationmethod Algorithm="...xml-exc-c14n#" /> <ds:signaturemethod Algorithm="...rsa-sha1" /> <ds:reference URI="#body"> <ds:transforms> <ds:transform Algorithm="...xml-exc-c14n#" /> </ds:transforms> <ds:digestmethod Algorithm="...#sha1" /> <ds:digestvalue>eulddytso1...</ds:digestvalue> </ds:reference> </ds:signedinfo> to be continued... SOAP Security 34

35 An Example of a Signed SOAP Message (II)... continued <ds:signaturevalue>xld.../ds:signaturevalue> <ds:keyinfo> <wsse:securitytokenreference> <wsse:reference URI="#X509Token"/> </wsse:securitytokenreference> </ds:keyinfo> </ds:signature> </wsse:security> </S:Header> <S:Body wsu:id="body"> <StatusRequest xmlns="http://www.mycompany.com/order"> <OrderNumber>1234</OrderNumber> </StatusRequest> </S:Body> </S:Envelope> The body is signed... The signature was produced by using the public key attached to the X509 certificate SOAP Security 35

36 Signing and Encrypting a SOAP Message If a producer signs a message before encryption, then following ordering is applied: The <Signature> element with all <Reference> elements is computed and added to the <Security> header The encryption elements such as <EncryptedKey>, <ReferenceList>, and <EncryptedData> are added to the <Security> header in front of the <Signature> element The above order can be sketched accordingly: If encryption is used first, and then signing, then the order changes accordingly (order matters). SOAP Security 36

37 Message Time Stamps WS-Security defines message timestamps Message timestamps define the freshness of a message Message timestamps are introduced in the header Message timestamps should be signed Example: <S:Envelope> <S:Header> <wsu:timestamp> <wsu:created> t08:42:00z</wsu:created> <wsu:expires> t09:00:00z</wsu:expires> </wsu:timestamp>... </S:Header> <S:Body>... </S:Body> </S:Envelope> SOAP Security 37

02267: Software Development of Web Services

02267: Software Development of Web Services 02267: Software Development of Web Services Week 11 Hubert Baumeister huba@dtu.dk Department of Applied Mathematics and Computer Science Technical University of Denmark Fall 2015 1 Contents WS-Policy Web

More information

Web Services Security: SAML Token Profile 1.1

Web Services Security: SAML Token Profile 1.1 1 2 3 4 5 6 7 8 9 10 11 12 13 Web Services Security: SAML Token Profile 1.1 OASIS Standard, 1 February 2006 Document Identifier: wss-v1.1-spec-os-samltokenprofile OASIS Identifier: {WSS: SOAP Message Security

More information

Security and Reliability for Web Services

Security and Reliability for Web Services Security and Reliability for Web Services v Takayuki Maeda v Yoshihide Nomura v Hirotaka Hara (Manuscript received June 22, 2003) Web services are expected to become an important information technology

More information

Secure Services withapache CXF

Secure Services withapache CXF Karlsruher Entwicklertag 2014 Secure Services withapache CXF Andrei Shakirin, Talend ashakirin@talend.com ashakirin.blogspot.com/ Agenda Introduction in Apache CXF Security Requirements Apply security

More information

Security in Transaction Processing Systems. Security and Electronic Commerce. Security on the Internet. Decryption key. Notation

Security in Transaction Processing Systems. Security and Electronic Commerce. Security on the Internet. Decryption key. Notation Security and Electronic Commerce Chapter 26 Security in Transaction Processing Systems Security is essential in many transaction processing applications Authentication Is the user who he says he is? Authorization

More information

Encryption, Signing and Compression in Financial Web Services

Encryption, Signing and Compression in Financial Web Services Danske Bank Encryption, Signing and Compression in Financial Web Services Details of how to call the Danske Bank financial web service Version 2.4.7 Encryption, Signing and Compression in Financial Web

More information

This Working Paper provides an introduction to the web services security standards.

This Working Paper provides an introduction to the web services security standards. International Civil Aviation Organization ATNICG WG/8-WP/12 AERONAUTICAL TELECOMMUNICATION NETWORK IMPLEMENTATION COORDINATION GROUP EIGHTH WORKING GROUP MEETING (ATNICG WG/8) Christchurch New Zealand

More information

OSCI-Transport, Version 2.0

OSCI-Transport, Version 2.0 1 2 3 OSCI-Transport, Version 2.0 Web Services Profiling and Extensions Specification 4 OSCI Steering Office 5 6 Status: Final Edition 4 Last edited on 14 th of December, 2010 OSCI-Transport 2.0 Specification,

More information

CICS Identity and Security

CICS Identity and Security CICS Identity and Security Leigh Y Compton IBM zgrowth Team Insert Custom Session QR if Desired. lcompton@us.ibm.com Abstract User identity and security is critical to businesses today. This session will

More information

A Signing Proxy for Web Services Security

A Signing Proxy for Web Services Security A Signing Proxy for Web Services Security Ingo Melzer DaimlerChrysler AG paper@ingo-melzer.de Mario Jeckle FH Furtwangen mario@jeckle.de Abstract: Web Services offer a way for very different systems to

More information

SSL-over-SOAP: Towards a Token-based Key Establishment Framework for Web Services

SSL-over-SOAP: Towards a Token-based Key Establishment Framework for Web Services SSL-over-SOAP: Towards a Token-based Key Establishment Framework for Web Services Sebastian Gajek, Lijun Liao, Bodo Möller, and Jörg Schwenk Horst Görtz Institute for IT Security, Ruhr-Universität Bochum

More information

Web Services Security X509 Binding

Web Services Security X509 Binding 1 2 3 4 Web Services Security X509 Binding Working Draft 01, 18 September 2002 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 Document identifier: WSS-X509-01 Location: TBD Editors: Phillip

More information

CICS Web Service Security. Anthony Papageorgiou IBM CICS Development March 13, 2012 Session: 10282

CICS Web Service Security. Anthony Papageorgiou IBM CICS Development March 13, 2012 Session: 10282 Web Service Security Anthony Papageorgiou IBM Development March 13, 2012 Session: 10282 Agenda Web Service Support Overview Security Basics and Terminology Pipeline Security Overview Identity Encryption

More information

Cloud Computing. Lecture 5 Grid Security 2014-2015

Cloud Computing. Lecture 5 Grid Security 2014-2015 Cloud Computing Lecture 5 Grid Security 2014-2015 Up until now Introduction. Definition of Cloud Computing. Grid Computing: Schedulers Globus Toolkit Summary Grid Security TLS WS-Security Proxy certificates

More information

Web Services. Web Service Security. Copyright 2010 Davide Cerri & Srdjan Komazec

Web Services. Web Service Security. Copyright 2010 Davide Cerri & Srdjan Komazec Web Services Web Service Security Copyright 2010 Davide Cerri & Srdjan Komazec 1 Where Are We? # Title 1 Distributed Information Systems 2 Middleware 3 Web Technologies 4 Web Services 5 Basic Web Service

More information

GCSS-AF SOA and Web Services Infrastructure & Support

GCSS-AF SOA and Web Services Infrastructure & Support GCSS-AF SOA and Web Services Infrastructure & Support May 2009 Mike Acton Lockheed Martin 0 Agenda Building the GCSS-AF SOA Infrastructure The SOA Journey GCSS-AF SOA Infrastructure Data Power SOA Appliance

More information

Web Services Security X.509 Certificate Token Profile 1.1

Web Services Security X.509 Certificate Token Profile 1.1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 Web Services Security X.509 Certificate Token Profile 1.1 OASIS Standard Specification, 1 February 2006

More information

OIOIDWS for Healthcare Token Profile for Authentication Tokens

OIOIDWS for Healthcare Token Profile for Authentication Tokens OIOIDWS for Healthcare Token Profile for Authentication Tokens Common Web Service Profile for Healthcare in the Danish Public Sector, version 2.0 Content Document History...3 Introduction...4 Notation...

More information

Securing Web Services with WS-Security

Securing Web Services with WS-Security Securing Web Services with WS-Security Demystifying WS-Security, WS-Policy, SAML, XML Signature and XML Encryption jothy Rosenberg David L. Remy SAMS Sams Publishing, 800 East 96th Street, Indianapolis,

More information

SAML Implementation Guidelines

SAML Implementation Guidelines 1 2 3 4 SAML Implementation Guidelines Working Draft 01, 27 August 2004 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 Document identifier: sstc-saml-implementation-guidelines-draft-01 Location:

More information

Java Security Web Services Security (Overview) Lecture 9

Java Security Web Services Security (Overview) Lecture 9 Java Security Web Services Security (Overview) Lecture 9 Java 2 Cryptography Java provides API + SPI for crypto functions Java Cryptography Architecture Security related core classes Access control and

More information

Web Services Security: SOAP Message Security 1.0 (WS-Security 2004)

Web Services Security: SOAP Message Security 1.0 (WS-Security 2004) 1 2 3 4 5 6 7 8 9 10 11 12 13 Web Services Security: SOAP Message Security 1.0 (WS-Security 2004) OASIS Standard 200401, March 2004 Document identifier: {WSS: SOAP Message Security }-{1.0} (Word) (PDF)

More information

vcenter Single Sign On Programming Guide vcenter Single Sign On SDK vsphere 5.5

vcenter Single Sign On Programming Guide vcenter Single Sign On SDK vsphere 5.5 vcenter Single Sign On Programming Guide vcenter Single Sign On SDK vsphere 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

More information

Diplomarbeit. Single Sign On In Web Service Scenarios

Diplomarbeit. Single Sign On In Web Service Scenarios Diplomarbeit Single Sign On In Web Service Scenarios Joachim Götze Juli 2004 Betreuer: Prof. Dr. Müller Dipl. Inform. Markus Hillenbrand Fachbereich Informatik AG Integrierte Kommunikationssysteme TU Kaiserslautern

More information

Brief History of Software

Brief History of Software Web Services Security Presentation by Gunnar Peterson www.arctecgroup.net Brief History of Software 1 Mission Accomplished! Software Security 1995 CGI/PERL Network firewall & SSL 2 Mission Accomplished!

More information

Network Security Part II: Standards

Network Security Part II: Standards Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview

More information

XML Encryption Syntax and Processing. Duan,Limiao 07,12,2006

XML Encryption Syntax and Processing. Duan,Limiao 07,12,2006 XML Encryption Syntax and Processing Duan,Limiao 07,12,2006 Agenda Introduction Encryption Overview and Examples - An XML Element - XML Element Content (Elements) - XML Element Content (Character Data)

More information

igovt logon service Context Mapping Service (icms) Messaging Specification Release 9.6

igovt logon service Context Mapping Service (icms) Messaging Specification Release 9.6 igovt logon service Context Mapping Service (icms) Messaging Specification Release 9.6 Subject Client Author Context Mapping Service Messaging Specification for the igovt logon service The Department of

More information

Configuring SAML2 for Single Sign-On to Smartsheet (Enterprise Only)

Configuring SAML2 for Single Sign-On to Smartsheet (Enterprise Only) Configuring SAML2 for Single Sign-On to Smartsheet (Enterprise Only) This document is intended for technical professionals who are familiar with SAML and have access to the Identity Provider that will

More information

The Secure Sockets Layer (SSL)

The Secure Sockets Layer (SSL) Due to the fact that nearly all businesses have websites (as well as government agencies and individuals) a large enthusiasm exists for setting up facilities on the Web for electronic commerce. Of course

More information

Chapter 15 User Authentication

Chapter 15 User Authentication Chapter 15 User Authentication 2015. 04. 06 Jae Woong Joo SeoulTech (woong07@seoultech.ac.kr) Table of Contents 15.1 Remote User-Authentication Principles 15.2 Remote User-Authentication Using Symmetric

More information

Secure Authentication and Session. State Management for Web Services

Secure Authentication and Session. State Management for Web Services Lehman 0 Secure Authentication and Session State Management for Web Services Clay Lehman CSC 499: Honors Thesis Supervised by: Dr. R. Michael Young Lehman 1 1. Introduction Web services are a relatively

More information

Network Security Protocols

Network Security Protocols Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination

More information

Authentication & Digital Signature

Authentication & Digital Signature Authentication & Digital Signature an overview Authentication Authentication Smartcard (UZI pass) with: private key (RSA) X.509 certificate (includes public key) PKI-Government Personal pass guard safely

More information

Electronic Bank Account Management - EBAM

Electronic Bank Account Management - EBAM Electronic Bank Account Management - EBAM EBAM and Digital Signature This guide provides an overview of how to use a digital signature in the EBAM solution to sign the XML messages and the potential attachments.

More information

Web Security Considerations

Web Security Considerations CEN 448 Security and Internet Protocols Chapter 17 Web Security Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

More information

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

More information

Security Assertion Markup Language (SAML)

Security Assertion Markup Language (SAML) CS 595G 02/14/06 Security Assertion Markup Language (SAML) Vika Felmetsger 1 SAML as OASIS Standard OASIS Open Standard SAML V2.0 was approved in March, 2005 Blending of two earlier efforts on portable

More information

PowerCenter Real-Time Development

PowerCenter Real-Time Development PowerCenter Real-Time Development Brian Bunn, Project Manager Serco Jay Moles, Sr. Informatica Designer Serco Tom Bennett, Sr. Consultant Informatica 1 Agenda Overview of PowerCenter Web Services Error

More information

Communication Security for Applications

Communication Security for Applications Communication Security for Applications Antonio Carzaniga Faculty of Informatics University of Lugano March 10, 2008 c 2008 Antonio Carzaniga 1 Intro to distributed computing: -server computing Transport-layer

More information

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security UNIT 4 SECURITY PRACTICE Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security Slides Courtesy of William Stallings, Cryptography & Network Security,

More information

Presented By: Muhammad Afzal 08May, 2009

Presented By: Muhammad Afzal 08May, 2009 Secure Web ServiceTransportation for HL7 V3.0 Messages Authors: Somia Razzaq, Maqbool Hussain, Muhammad Afzal, Hafiz Farooq Ahmad Presented By: Muhammad Afzal 08May, 2009 NUST School of Electrical Engineering

More information

Web Services Security Tutorial

Web Services Security Tutorial Web Services Security Tutorial A Web Services Security Overview and Implementation Tutorial Jorgen Thelin Chief Scientist Cape Clear Software Inc. 1 Copyright Notice Copyright 2003 Cape Clear Software.

More information

WEB SERVICES SECURITY

WEB SERVICES SECURITY WEB SERVICES SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Grid Working Draft - Informational, GWD-I-XXX Network Service Interface (NSI) Working Group (WG) September 1, 2010

Grid Working Draft - Informational, GWD-I-XXX Network Service Interface (NSI) Working Group (WG) September 1, 2010 Inter-Domain Controller (IDC) Protocol Specification Status of this Document This document is provided to the Open Grid Forum (OGF) Network Service Group (NSI) as an informational document. Distribution

More information

SAML Profile for SSO in Danish Public Sector V2.0 Assertion Examples,

SAML Profile for SSO in Danish Public Sector V2.0 Assertion Examples, > SAML Profile for SSO in Danish Public Sector V2.0 Assertion Examples, Version 1.1 IT- og Telestyrelsen, Center for Serviceorienteret Infrastruktur August 2007 1 Introduction This non-normative document

More information

Automatic Penetration Test Tool for Detection of XML Signature Wrapping Attacks in Web Services

Automatic Penetration Test Tool for Detection of XML Signature Wrapping Attacks in Web Services Master Thesis Automatic Penetration Test Tool for Detection of XML Signature Wrapping Attacks in Web Services Ruhr-Universität Bochum Christian Mainka 22. May 2012 Lehrstuhl für Netz- und Datensicherheit

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Web Services Security with SOAP Security Proxies

Web Services Security with SOAP Security Proxies Web Services Security with Security Proxies Gerald Brose, PhD Technical Product Manager Xtradyne Technologies AG OMG Web Services Workshop USA 22 April 2003, Philadelphia Web Services Security Risks! Exposure

More information

Web Services Security: What s Required To Secure A Service-Oriented Architecture. An Oracle White Paper January 2008

Web Services Security: What s Required To Secure A Service-Oriented Architecture. An Oracle White Paper January 2008 Web Services Security: What s Required To Secure A Service-Oriented Architecture An Oracle White Paper January 2008 Web Services Security: What s Required To Secure A Service-Oriented Architecture. INTRODUCTION

More information

Configuring SAML2 for Single Sign-On to Smartsheet (Enterprise Only)

Configuring SAML2 for Single Sign-On to Smartsheet (Enterprise Only) Configuring SAML2 for Single Sign-On to Smartsheet (Enterprise Only) This document is intended for technical professionals who are familiar with SAML and have access to the Identity Provider that will

More information

Securing Web Services From Encryption to a Web Service Security Infrastructure

Securing Web Services From Encryption to a Web Service Security Infrastructure Securing Web Services From Encryption to a Web Service Security Infrastructure Kerberos WS-Security X.509 TLS Gateway OWSM WS-Policy Peter Lorenzen WS-Addressing Agent SAML Policy Manager Technology Manager

More information

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 8. Network Security. Version 2 CSE IIT, Kharagpur Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication

More information

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https

More information

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn Web Payment Security A discussion of methods providing secure communication on the Internet Group Members: Peter Heighton Zhao Huang Shahid Kahn 1. Introduction Within this report the methods taken to

More information

Key Management (Distribution and Certification) (1)

Key Management (Distribution and Certification) (1) Key Management (Distribution and Certification) (1) Remaining problem of the public key approach: How to ensure that the public key received is really the one of the sender? Illustration of the problem

More information

Message Containers and API Framework

Message Containers and API Framework Message Containers and API Framework Notices Copyright 2009-2010 Motion Picture Laboratories, Inc. This work is licensed under the Creative Commons Attribution-No Derivative Works 3.0 United States License.

More information

User Management Interfaces for Earth Observation Services Abstract Test Suite

User Management Interfaces for Earth Observation Services Abstract Test Suite User Management Interfaces for Earth Observation Services Abstract Test Suite Primary Author Andrew Woolf, STFC Rutherford Appleton Laboratory Revision history Version Contributors Date Changes 0.1 Andrew

More information

W orking Draft 0 6, 2 1 February

W orking Draft 0 6, 2 1 February 1 2 3 4 W eb Services Security: SAML Token Profile W orking Draft 0 6, 2 1 February 2 0 0 3 5 6 7 8 9 10 11 12 13 14 15 Docum ent identifier: WSS-SAML-06 Location: TBD Editors: Phillip Hallam -Baker, VeriSign

More information

17 March 2013 NIEM Web Services API Version 1.0 URI: http://reference.niem.gov/niem/specification/web-services-api/1.0/

17 March 2013 NIEM Web Services API Version 1.0 URI: http://reference.niem.gov/niem/specification/web-services-api/1.0/ 17 March 2013 NIEM Web Serv vices API Version 1.0 URI: http://reference.niem.gov/niem/specification/web-services-api/1.0/ i Change History No. Date Reference: All, Page, Table, Figure, Paragraph A = Add.

More information

SSL Protect your users, start with yourself

SSL Protect your users, start with yourself SSL Protect your users, start with yourself Kulsysmn 14 december 2006 Philip Brusten Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service

More information

OSCI-Transport, Version 2.0.1

OSCI-Transport, Version 2.0.1 1 2 3 4 OSCI-Transport, Version 2.0.1 Web Services Profiling and Extensions Specification Koordinierungsstelle für IT-Standards (KoSIT) 5 6 Coordination Office for IT-Standards 7 8 Version 2.0.1 Last edited

More information

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace Lab Exercise SSL/TLS Objective To observe SSL/TLS (Secure Sockets Layer / Transport Layer Security) in action. SSL/TLS is used to secure TCP connections, and it is widely used as part of the secure web:

More information

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP) Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

Transport Layer Security Protocols

Transport Layer Security Protocols SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known

More information

By Koji MIYAUCHI* ABSTRACT. XML is spreading quickly as a format for electronic documents and messages. As a consequence,

By Koji MIYAUCHI* ABSTRACT. XML is spreading quickly as a format for electronic documents and messages. As a consequence, Falsification Prevention and Protection Technologies and Products XML Signature/Encryption the Basis of Web Services Security By Koji MIYAUCHI* XML is spreading quickly as a format for electronic documents

More information

On Partial Encryption of RDF-Graphs

On Partial Encryption of RDF-Graphs On Partial Encryption of RDF-Graphs Mark Giereth Institute for Intelligent Systems, University of Stuttgart, 70569 Stuttgart, Germany giereth@iis.uni-stuttgart.de Abstract. In this paper a method for Partial

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Network Security - Secure upper layer protocols - Background. Email Security. Question from last lecture: What s a birthday attack? Dr.

Network Security - Secure upper layer protocols - Background. Email Security. Question from last lecture: What s a birthday attack? Dr. Network Security - Secure upper layer protocols - Dr. John Keeney 3BA33 Question from last lecture: What s a birthday attack? might think a m-bit hash is secure but by Birthday Paradox is not the chance

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Design and Implementaion of a Single Sign-On Library Supporting SAML (Security Assertion Markup Language) for Grid and Web Services Security

Design and Implementaion of a Single Sign-On Library Supporting SAML (Security Assertion Markup Language) for Grid and Web Services Security Design and Implementaion of a Single Sign-On Library Supporting SAML (Security Assertion Markup Language) for Grid and Web Services Security Dongkyoo Shin, Jongil Jeong, and Dongil Shin Department of Computer

More information

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University Network Security Web Security and SSL/TLS Angelos Keromytis Columbia University Web security issues Authentication (basic, digest) Cookies Access control via network address Multiple layers SHTTP SSL (TLS)

More information

Improving performance for security enabled web services. - Dr. Colm Ó héigeartaigh

Improving performance for security enabled web services. - Dr. Colm Ó héigeartaigh Improving performance for security enabled web services - Dr. Colm Ó héigeartaigh Agenda Introduction to Apache CXF WS-Security in CXF 3.0.0 Securing Attachments in CXF 3.0.0 RS-Security in CXF 3.0.0 Some

More information

Core Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems

Core Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems Core Feature Comparison between XML / SOA Gateways and Web Application Firewalls Jason Macy jmacy@forumsys.com CTO, Forum Systems XML Gateway vs Competitive XML Gateways or Complementary? and s are Complementary

More information

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Copyright 2012, Oracle and/or its affiliates. All rights reserved. 1 OTM and SOA Mark Hagan Principal Software Engineer Oracle Product Development Content What is SOA? What is Web Services Security? Web Services Security in OTM Futures 3 PARADIGM 4 Content What is SOA?

More information

Grid Delegation Protocol

Grid Delegation Protocol UK Workshop on Grid Security Experiences, Oxford 8th and 9th July 2004 Grid Delegation Protocol Mehran Ahsant a, Jim Basney b and Olle Mulmo a a Center for Parallel Computers,Royal Institute of Technology,

More information

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Network Layer: IPSec Transport Layer: SSL/TLS Chapter 4: Security on the Application Layer Chapter 5: Security

More information

Lukasz Pater CMMS Administrator and Developer

Lukasz Pater CMMS Administrator and Developer Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign

More information

ECE-8843 Prof. John A. Copeland 404 894-5177 fax 404 894-0035

ECE-8843  Prof. John A. Copeland 404 894-5177 fax 404 894-0035 ECE-8843 http://www.csc.gatech.edu/copeland/jac/8813-03/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: GCATT Bldg 579 email or call for office visit, or call

More information

Kerberos and Single Sign-On with HTTP

Kerberos and Single Sign-On with HTTP Kerberos and Single Sign-On with HTTP Joe Orton Red Hat Introduction The Problem Current Solutions Future Solutions Conclusion Overview Introduction WebDAV: common complaint of poor support for authentication

More information

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS)

Secure Socket Layer (SSL) and Trnasport Layer Security (TLS) Secure Socket Layer (SSL) and Trnasport Layer Security (TLS) CSE598K/CSE545 - Advanced Network Security Prof. McDaniel - Spring 2008 1 SSL/TLS The Secure Socket Layer (SSL) and Transport Layer Security

More information

Secure Client Applications

Secure Client Applications Secure Client Applications Networking Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 26 June 2014 Common/Reports/secure-client-apps.tex, r900 1/26 Acronyms

More information

The BritNed Explicit Auction Management System. Kingdom Web Services Interfaces

The BritNed Explicit Auction Management System. Kingdom Web Services Interfaces The BritNed Explicit Auction Management System Kingdom Web Services Interfaces Version 5.1 November 2014 Contents 1. PREFACE... 6 1.1. Purpose of the Document... 6 1.2. Document Organization... 6 2. Web

More information

Email, SNMP, Securing the Web: SSL

Email, SNMP, Securing the Web: SSL Email, SNMP, Securing the Web: SSL 4 January 2015 Lecture 12 4 Jan 2015 SE 428: Advanced Computer Networks 1 Topics for Today Email (SMTP, POP) Network Management (SNMP) ASN.1 Secure Sockets Layer 4 Jan

More information

Using Voltage SecureMail

Using Voltage SecureMail Using Voltage SecureMail Using Voltage SecureMail Desktop Based on the breakthrough Identity-Based Encryption technology, Voltage SecureMail makes sending a secure email as easy as sending it without encryption.

More information

Web Security: Encryption & Authentication

Web Security: Encryption & Authentication Web Security: Encryption & Authentication Arnon Rungsawang fenganr@ku.ac.th Massive Information & Knowledge Engineering Department of Computer Engineering Faculty of Engineering Kasetsart University, Bangkok,

More information

, ) I Transport Layer Security

, ) I Transport Layer Security Secure Sockets Layer (SSL, ) I Transport Layer Security _ + (TLS) Network Security Products S31213 UNCLASSIFIED Location of SSL -L Protocols TCP Ethernet IP SSL Header Encrypted SSL data= HTTP " Independent

More information

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

CS 356 Lecture 27 Internet Security Protocols. Spring 2013 CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public

More information

CA Nimsoft Service Desk

CA Nimsoft Service Desk CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

More information

XML Signatures in an Enterprise Service Bus Environment

XML Signatures in an Enterprise Service Bus Environment XML Signatures in an Enterprise Bus Environment Eckehard Hermann Research & Development XML Integration Uhlandstraße 12 64297 Darmstadt, Germany Eckehard.Hermann@softwareag.com Dieter Kessler Research

More information

How To Configure SAML Authentication for SAP NetWeaver Process Integration 7.1

How To Configure SAML Authentication for SAP NetWeaver Process Integration 7.1 SAP NetWeaver How-To Guide How To Configure SAML Authentication for SAP NetWeaver Process Integration 7.1 Applicable Releases: SAP NetWeaver Process Integration 7.1x and higher Topic Area: SOA Middleware

More information

e-filing Secure Web Service User Manual

e-filing Secure Web Service User Manual e-filing Secure Web Service User Manual Page1 CONTENTS 1 BULK ITR... 6 2 BULK PAN VERIFICATION... 9 3 GET ITR-V BY TOKEN NUMBER... 13 4 GET ITR-V BY ACKNOWLEDGMENT NUMBER... 16 5 GET RETURN STATUS... 19

More information

APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0

APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0 APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations

More information

WEB Security: Secure Socket Layer

WEB Security: Secure Socket Layer WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP581 - L22 1 Outline of this Lecture Brief Information on SSL and TLS Secure Socket Layer (SSL) Transport Layer Security

More information

Web Services Advanced Topics

Web Services Advanced Topics Web Services Advanced Topics Where things are now and where they are going Version 9 Web Services Advanced Topics WSAdvanced-2 Enterprise Web Services Industry trends and organizations Security and Reliability

More information

Secure Socket Layer. Security Threat Classifications

Secure Socket Layer. Security Threat Classifications Secure Socket Layer 1 Security Threat Classifications One way to classify Web security threats in terms of the type of the threat: Passive threats Active threats Another way to classify Web security threats

More information

Single Sign-On Implementation Guide

Single Sign-On Implementation Guide Salesforce.com: Salesforce Winter '09 Single Sign-On Implementation Guide Copyright 2000-2008 salesforce.com, inc. All rights reserved. Salesforce.com and the no software logo are registered trademarks,

More information

Security Protocols/Standards

Security Protocols/Standards Security Protocols/Standards Security Protocols/Standards Security Protocols/Standards How do we actually communicate securely across a hostile network? Provide integrity, confidentiality, authenticity

More information