Greg Giles, Cisco Systems. Is compression a valid candidate for a standard?



Similar documents
Securing Web Services With SAML

Service Virtualization: Managing Change in a Service-Oriented Architecture

Service Oriented Architecture (SOA) Implementation Framework for Satellite Mission Control System Software Design

SOA Planning Guide The Value Enablement Group, LLC. All rights reserved.

Federated Identity in the Enterprise

Service-Oriented Architecture and Software Engineering

Biometric Single Sign-on using SAML Architecture & Design Strategies

GENERAL OVERVIEW OF VARIOUS SSO SYSTEMS: ACTIVE DIRECTORY, GOOGLE & FACEBOOK

Integrating Web Messaging into the Enterprise Middleware Layer

Introduction to Service Oriented Architectures (SOA)

An Open Policy Framework for Cross-vendor Integrated Governance

Christoph Bussler. B2B Integration. Concepts and Architecture. With 165 Figures and 4 Tables. IIIBibliothek. Springer

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

SAML Security Analysis. Huang Zheng Xiong Jiaxi Ren Sijun

Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards)

Biometric Single Sign-on using SAML

OpenSSO: Cross Domain Single Sign On

Web Access Management and Single Sign-On

A Federated Authorization and Authentication Infrastructure for Unified Single Sign On

WHAT IS BPEL AND WHY IS IT SO IMPORTANT TO MY BUSINESS?

Enterprise Application Designs In Relation to ERP and SOA

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Table of Contents. 1 Executive Summary SOA Overview Technology Processes and Governance... 8

e-science Technologies in Synchrotron Radiation Beamline - Remote Access and Automation (A Case Study for High Throughput Protein Crystallography)

SOA CERTIFIED JAVA DEVELOPER (7 Days)

Interoperable Provisioning in a Distributed World

SOA, case Google. Faculty of technology management Information Technology Service Oriented Communications CT30A8901.

e-gov Architecture Service Interface Guidelines

Secure Semantic Web Service Using SAML

Agenda. How to configure

WebSphere Portal Server and Web Services Whitepaper

Flexible Identity Federation

Run-time Service Oriented Architecture (SOA) V 0.1

Standards and Guidelines for. Information Technology. Infrastructure, Architecture, and Ongoing Operations

NIST s Guide to Secure Web Services

Emerging Technologies Shaping the Future of Data Warehouses & Business Intelligence

SOA CERTIFIED CONSULTANT

Oasis Security Services Use Cases And Requirements

Service Oriented Architecture

EBXML FEATURE SOAP WSDL. written by Una Kearns UDDI. Content Management & Web Services. 6 November

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

SERVICE-ORIENTED MODELING FRAMEWORK (SOMF ) SERVICE-ORIENTED SOFTWARE ARCHITECTURE MODEL LANGUAGE SPECIFICATIONS

Motivation Definitions EAI Architectures Elements Integration Technologies. Part I. EAI: Foundations, Concepts, and Architectures

NetworkingPS Federated Identity Solution Solutions Overview

EAI OVERVIEW OF ENTERPRISE APPLICATION INTEGRATION CONCEPTS AND ARCHITECTURES. Enterprise Application Integration. Peter R. Egli INDIGOO.

How To Create A C++ Web Service

Apigee Gateway Specifications

SAML-Based SSO Solution

Server based signature service. Overview

ELM Manages Identities of 4 Million Government Program Users with. Identity Server

A Quick Introduction to SOA

Introduction to UDDI: Important Features and Functional Concepts

Trend of Federated Identity Management for Web Services

SOA Myth or Reality??

Evaluation of different Open Source Identity management Systems

STUDY ON IMPROVING WEB SECURITY USING SAML TOKEN

CA Performance Center

Requirement Priority Name Requirement Text Response Comment

Redbook Overview Patterns: SOA Design with WebSphere Message Broker and WebSphere ESB

Cross-domain Identity Management System for Cloud Environment

David Pilling Director of Applications and Development

A Unified Messaging-Based Architectural Pattern for Building Scalable Enterprise Service Bus

Introduction to Web services architecture

IVOA Single-Sign-On Profile: Authentication Mechanisms Version 2.0

Introduction to SAML

APIs vs. SOA Integrations with SX without the ION Investment

Introduction to Directory Services

SCA-based Enterprise Service Bus WebSphere ESB

Provisioning and deprovisioning in an identity federation

Outline SOA. Properties of SOA. Service 2/19/2016. Definitions. Comparison of component technologies. Definitions Component technologies

This Working Paper provides an introduction to the web services security standards.

Service Oriented Architecture

SAML-Based SSO Solution

MONDESIR Eunice WEILL-TESSIER Pierre FEDERATED IDENTITY. ASR 2006/2007 Final Project. Supervisers: Maryline Maknavicius-Laurent, Guy Bernard

tibbr Now, the Information Finds You.

Unlocking the Power of SOA with Business Process Modeling

LinuxWorld Conference & Expo Server Farms and XML Web Services

Security solutions Executive brief. Understand the varieties and business value of single sign-on.

What is a Web service?

Web Services Trust and XML Security Standards

Client/server is a network architecture that divides functions into client and server

VALLIAMMAI ENGINEERING COLLEGE SRM NAGAR, KATTANKULATHUR DEPARTMENT OF COMPUTER APPLICATIONS SUBJECT : MC7502 SERVICE ORIENTED ARCHITECTURE

A Comparison of Protocols for Device Management and Software Updates

Service-Oriented Architecture: Analysis, the Keys to Success!

The Integration Between EAI and SOA - Part I

4. Concepts and Technologies for B2C, B2E, and B2B Transaction

Introduction into Web Services (WS)

SAML Federated Identity at OASIS

How To Build A Connector On A Website (For A Nonprogrammer)

The Jamcracker Enterprise CSB AppStore Unifying Cloud Services Delivery and Management for Enterprise IT

AquaLogic Service Bus

Service-Oriented Architectures

Java Security Web Services Security (Overview) Lecture 9

Software Requirement Specification Web Services Security

API Architecture. for the Data Interoperability at OSU initiative

Transcription:

1 WebServices Framework & Assertion exchange using SAML 2 3 4 5 Submitted By : Abstract: Krishna Sankar, Cisco Systems Greg Giles, Cisco Systems 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 This paper defines a general framework for web services and attempts to point out some of the facilities needed. It dives a little deeper into two areas first the intra web services communication and second exchange of assertions between web services using the SAML standard being developed under OASIS. Some of the question to think about : Do we need a lightweight XML infrastructure for the intra web services communication Will it provide interoperability between different implementations (eg. CORBA,COM,RMI et al) Do we need to standardize context What about session management Is compression a valid candidate for a standard Where can we leverage the SAML initiative, which provi des the framework for exchanging assertions Introduction The term Web Services has an XML over http look and feel. However, it need not be so. We can look at a web service as a bundle of active functionality. We could create applications by syndicating web services, which is a better model than the current monolithic applications. A web service is a thing that responds to messages and that is one of the main difference from a web service and an object, for example. The core of a web service is the business logic. The core would be supported by other related capabilities like logging, error handling et al by a web service container. Figure 1 outlines this concept.

Web Services Framework Messaging Middleware Messaging Framework To Software/Data Bus Security (SAML,XKMS) Profiles Web Service Logic XML Interface (XMLP) Database Session Manager XML Compression Context Logging Admin Error Handling Perf. Counters Intra Web Services bus Web Services Container 38 39 Figure 1 40 41 42 43 44 45 46 47 Anatomy of a Web Services Framework With reference to Figure 1, for current discussion we can ignore database interface, logging, admin, error handling and the performance interfaces. These would be provided by the operating and developing environments like Windows, Java et al. Even though it is desirable to have standards in these areas, I think we can live with out standards, but depend on programming models provided by implementations and 3 rd party vendors. We would need standards in the more communication/protocol-oriented interfaces. 2

48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 1. XML Interface: This is the main interface for a web service. This interface communicates with the outside world thru an XML technology most probably XMLP with binding to protocols, most common being http. The XMLP standard we are working on should suffice this interface. 2. Compression: This is more towards performance. Compressing the messages, especially XML data can dramatically improve throughput and optimize network traffic. There is an opportunity here for a wrapper standard for compression. This is important especially when the messages cross many organizational and system boundaries. 3. Session Manager: Currently the web service assumes a stateless machine with sync or async communication. The state could be maintained as a part of some piece of information at the payload level (E.g. A Purchase Order Number) or there could be specific mechanisms like authtoken for UDDI or session tokens. There is an opportunity here to standardize the way session and session information is handled. The SAML (which will be covered later) could be leveraged to exchange session information 4. Context: Context is related to session, but could also carry geographical information, run time information, load balancing information et al. Again, there is an opportunity to standardize the context management, information hierarchy et al. 5. Profiles: A profile is related to session as well as security. It can also contain authorization information (for systems and human personnel) As web services are active elements, they should have the notion of right and wrong! 6. Security: Security is a broad area and we could define the minimum security implications for a web service at various layers. This note could be more descriptive rather than prescriptive. We do have an opportunity here to provide some leadership. 7. Intra web services communication: The main (or the only) communication pipe a web service has is the XML interface. For a normal standalone Internet based web service, this is sufficient. Nevertheless, if we cross to the world of syndicated services or service aggregations we would quickly see the need for a lightweight protocol. Figure 2 shows the concept of the syndicated services. 3

83 84 Figure 2 85 86 87 88 89 90 91 92 93 The syndicated service talks to the outside world using the XMLP bus. However, internally, the service itself consists of three web services (green, red and gray), with two instances of one of them (the green one) Moreover, the red one does not have an XML bus. Usually the plan would be to use some proprietary forms of intra web services bus (RMI, COM,..) but that would take the interoperability out of the web services at this layer. There is an opportunity here to propose an on the wire lightweight protocol, syntax and semantics. Innovations like e-speak, Jini, fipa et al have many good ideas, but all are fragmented. 4

94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 Do we dare go there Don t know ;-) We plan to evangelize a MOM based middleware, possibly some XML compression and some form of publish/subscribe mechanisms because of the lack of some standards. SAML for exchanging assertions between web services: What is SAML SAML stands for Security Assertions Mark-up Language. The charter of the group is to define a data format for authentication and authorization assertions, including descriptions of authentication events. The authorization includes group and role membership, profile information et al. One feature of SAML which could be very valuable for web services is the fact that SAML will allow assertions to be made about anonymous principals, where "anonymous" means that an assertion about a principal does not include an attribute uniquely identifying the principal (ex: user name, distinguished name, etc.). The SAML messaging protocol allows push and pull model. It also has the notion of security zones, which is good for the syndicated/aggregated services. We could have one zone for syndication and another for external interaction thru the XML bus. SAML will define bindings for browser, HTTP, MIME, XMLP and ebxml. Where does it stand now 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 How can it be leveraged for web services The obvious place to start with, is the exchange of security assertions between web services be at the external XML communication or the intra web services bus. I think, when we build applications, based on web services, the SAML should be employed in the exchange of more information like the session, context, profiles et al. Currently the SAML group is concentrating only on exchanging authentication and authorization information. Once the group delivers on these, it would be an easier task to extend the SAML standard to include session, context and profile information. Sample SAML use cases and XML documents: <TBD : 2 diagrams, couple of use cases and 2 or 3 XML sample docs> Conclusion: This paper covers only a very small set of the web services world. There are many other related topics like negotiations, discovery, dynamic configuration using TPAs, collaboration protocols, redundancy/failover et al. The questions raised are : 5

128 129 130 131 132 133 134 135 136 137 138 139 140 1. Do we need a lightweight XML infrastructure for the intra web services communication Will it provide interoperability between different implementations (eg. CORBA,COM,RMI et al) 2. Do we need to standardize context 3. What about session management 4. Is compression a valid candidate for a standard 5. Where can we leverage the SAML initiative, which provides the framework for exchanging assertions 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information