Interoperable Business Web Services Using Project Metro and.net 3.5

Similar documents
Metro Web Services, NetBeans, GlassFish and OpenSSO in Action with Amazon WS, Azure, and Office

Szolgáltatásorientált rendszerintegráció. WS-* standards

JAVA API FOR XML WEB SERVICES INTRODUCTION TO JAX-WS, THE JAVA API FOR XML BASED WEB SERVICES (SOAP, WSDL)

Infocard and Eduroam. Enrique de la Hoz, Diego R. López, Antonio García, Samuel Muñoz

Software Requirement Specification Web Services Security

Distributed Identification and Consumer Data Protection. Khaja Ahmed Microsoft Corporation

Assessing the usefulness of the WS-I tools for interoperability testing

Federated Identity and Trust Management

REST and SOAP Services with Apache CXF

Presented By: Muhammad Afzal 08May, 2009

The Role of Identity Enabled Web Services in Cloud Computing

Web Services Security: What s Required To Secure A Service-Oriented Architecture. An Oracle White Paper January 2008

NIST s Guide to Secure Web Services

AND SUN OPENSSO MICROSOFT GENEVA SERVER ENABLING UNPRECEDENTED COLLABORATION ACROSS HETEROGENEOUS IT ENVIRONMENTS. White Paper May 2009.

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact

This Working Paper provides an introduction to the web services security standards.

The Use of Service Oriented Architecture In Tax and Revenue

Privacy in Cloud Computing Through Identity Management

GRA Reliable Secure Web Services Service Interaction Profile Version 1.2 Table of Contents

Securing Web Services Using Microsoft Web Services Enhancements 1.0. Petr PALAS PortSight Software Architect

Abstract of the Core Concepts of S.A.F.E.: Standards for Federated Identity Management

Web Services Security: OpenSSO and Access Management for SOA. Sang Shin Java Technology Evangelist Sun Microsystems, Inc. javapassion.

Redpaper. IBM Tivoli Security Solutions for Microsoft Software Environments. Front cover. ibm.com/redbooks

Chapter 1: Web Services Testing and soapui

Federated Identity Management Solutions

Managing Net-Centric Systems: The Complexity of Web Services Management

Introducing Windows Communication Foundation

OpenSSO: Simplify Your Single-Sign-On Needs. Sang Shin Java Technology Architect Sun Microsystems, inc. javapassion.com

WebService Security. A guide to set up highly secured client-server communications using WS-Security extensions to the SOAP protocol

Table of Contents. iii

ALF SSO: Security Framework for Tool Integration. Brian Carroll, Eclipse ALF Project Lead

Securing Web Services From Encryption to a Web Service Security Infrastructure

The Primer: Nuts and Bolts of Federated Identity Management

The Identity Metasystem: A User-Centric, Inclusive Web Authentication Solution

An Oracle White Paper Dec Oracle Access Management Security Token Service

Flexible Identity Federation

Biometric Single Sign-on using SAML Architecture & Design Strategies

Evaluation of different Open Source Identity management Systems

T-Check in Technologies for Interoperability: Web Services and Security Single Sign-On

e-filing Secure Web Service User Manual

Lesson 4. An survey of the impact on and use of Web Services in the industry today. Industry 4.1. Industry SkillBuilders, Inc. V1.

The Primer: Nuts and Bolts of Federated Identity Management

Securing Java Web Services

This project was supported by Grant No DB-BX-K105 awarded by the Bureau of Justice, Office of Justice Programs in collaboration with the U.S.

Software Design Document Securing Web Service with Proxy

Agenda. How to configure

JOHN KNEILING APRIL 3-5, 2006 APRIL 6-7, 2006 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)

ACADEMIC RESEARCH INTEGRATION SYSTEM

Lecture Notes course Software Development of Web Services

Interoperable Provisioning in a Distributed World

Les technologies de gestion de l identité

Web Services Development for IBM WebSphere Application Server V7.0. Version: Demo. Page <<1/10>>

Stronger Authentication with Biometric SSO

WEB SERVICES SECURITY

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011

Enhancing User Authentication in Claim-Based Identity Management

24 BETTER SOFTWARE MARCH

SCUR203 Why Do We Need Security Standards?

Avoiding Web Services Chaos with WebSphere Service Registry and Repository

Choose an IBM WebSphere Application Server configuration to suit your business needs

Introduction to CASA: An Open Source Composite Application Editor

Single Sign On. SSO & ID Management for Web and Mobile Applications

Digital Identity and Identity Management Technologies.

Web Services in WebSphere: An Overview of the Feature Pack for Web Services

New Single Sign-on Options for IBM Lotus Notes & Domino IBM Corporation

Federated Identity in the Enterprise

Improving performance for security enabled web services. - Dr. Colm Ó héigeartaigh

Towards an Open Identity Infrastructure with OpenSSO. RMLL Nantes July Fulup Ar Foll Master Architect

CICS Web Service Security. Anthony Papageorgiou IBM CICS Development March 13, 2012 Session: 10282

Web Services Technologies Examples from the Mainstream

OpenSSO: Cross Domain Single Sign On

Web Service Testing. SOAP-based Web Services. Software Quality Assurance Telerik Software Academy

Microsoft and Novell - A Case Study in Identity Federation

Secure the Web: OpenSSO

Trends in Information Management (TRIM) ISSN: (1), pp

Open Source Identity Integration with OpenSSO

Securely Managing and Exposing Web Services & Applications

Gabriel Magariño. Software Engineer. Overview Revisited

The Global Justice Reference Architecture (JRA) Web Services Service Interaction Profile

Biometric Single Sign-on using SAML

Server based signature service. Overview

Web Services Development for IBM WebSphere App Server V7.0 Exam.

Web Services and Service Oriented Architectures. Thomas Soddemann, RZG

Service Virtualization: Managing Change in a Service-Oriented Architecture

Federation Proxy for Cross Domain Identity Federation

SAML and OAUTH Technologies WebSphere Application Server

IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation

Dimension Technology Solutions Team 2

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Making Reliable Web Services Message Exchanges Secure and Tamper Proof. Alan J Weissberger. Data Communications Technology. aweissberger@sbcglobal.

Web Service Security Vulnerabilities and Threats in the Context of WS-Security

Requirement Priority Name Requirement Text Response Comment

NEMSIS v3 Web Services Guide

Identity opens the participation age. Dr. Rainer Eschrich. Program Manager Identity Management Sun Microsystems GmbH

Business Process Execution Language for Web Services

Identity Server Guide Access Manager 4.0

Federated Identity and Single Sign-On using CA API Gateway

SPML (Service Provisioning Markup Language) and the Importance of it within the Security Infrastructure Framework for ebusiness

Transcription:

Interoperable Business Web Services Using Project Metro and.net 3.5 Harold Carr, Metro Lead Architect, Sun Microsystems Kevin Wittkopf, Senior Solutions Architect, Microsoft TS-6128

Learn how to architect and build interoperable business web services using Project Metro and.net 3.5 2008 JavaOne SM Conference java.sun.com/javaone 2

Agenda Overview of Java environment/.net 3.5 Web Service Interoperability Demos Token creation and validation Token expiration Identity and attribute extraction for Database search Identity propagation thru multiple web apps & services Brokered trust More info Q & A 2008 JavaOne SM Conference java.sun.com/javaone 3

Java Environment /.NET 3.5 Web Service Interoperability.NET 3.5 framework Windows Communication Foundation Java environment Project Metro (aka JAX-WS RI + WSIT/Tango) GlassFish application server (Java Platform, Enterprise Edition ("Java EE platform")) Basic web services WS-I: BP 1.1, BSP 1.0 Enterprise web services Oasis: WS-Security, WS-SecureConversation, WS-Trust, WS- SecurityPolicy, WS-ReliableMessaging, WS-AtomicTransactions, WS-Coordintation W3C: WS-Addressing, WS-Policy, WS-Transfer WS-MetadataExchange 2008 JavaOne SM Conference java.sun.com/javaone 4

Token Creation and Validation AM (Metro SOAP) STS 2a. Client (.NET SOAP) 2b. 1. 2c. 3. GetDataWS (GF/Metro SOAP) 1. HTTPS/MEX to get GetDataWS WSDL 1a. GetDataWS has WSDL that indicates SAML token required from STS 2. getdata called. 2a. HTTPS/MEX to get STS WSDL. 2b: HTTP/SAML security to do STS operation to get Token. 2c: Pass token w/attribute inserted directly in token to GetDataWS 3. GetDataWS returns result when valid token received. 2008 JavaOne SM Conference java.sun.com/javaone 5

Protocols used in Token Creation scenario WS-Transfer/WS-Metadata Exchange Used to obtain service and STS WSDLs WS-Trust Used by client to obtain security token from STS WS-Security Used to sign/encrypt messages between client and service STS = Secure Token Service Sun Java System Access Manager in this example Uses SAML tokens More on STS and SAML in subsequent slides 2008 JavaOne SM Conference java.sun.com/javaone 6

Security Token Creation and Validation 2008 JavaOne SM Conference java.sun.com/javaone 7

Token Expiration AM (Metro SOAP) STS Client (.NET SOAP) GetDataWS (GF/Metro SOAP) 1. Same setup / interaction as previous slide. 1. Change token expiration on STS to 5 seconds. 2. After getting token from STS have client sleep 10 seconds then call getdata. Should receive invalid token fault 3. Change token expiration on STS to 15 seconds. 4. After getting token from STS have client sleep 10 seconds then call getdata. Should now receive valid result. 2008 JavaOne SM Conference java.sun.com/javaone 8

STS used in SAML Token Creation scenario STS == Secure Token Service STS in this example is Java System Access Manager SAML == Security Assertion Markup Language SAML tokens generated by STS specify details ('claims') about client to server Tokens have predefined elements & attributes Token can include user-defined claims Token includes 'expires' element STS (in this example) sets expires to 15 seconds 2008 JavaOne SM Conference java.sun.com/javaone 9

Security Token Expiration 2008 JavaOne SM Conference java.sun.com/javaone 10

Identity and attribute extraction for Database Search Active Directory (.NET SOAP) STS 2a. Client (Metro SOAP) 1. 2b. 3. GetDataWS (IIS.NET SOAP) 1. HTTPS/MEX to get GetDataWS WSDL. 1a. GetDataWS has WSDL that indicates SAML token required from STS 2. User A (permission to SOME data) logs in and calls getdata. 2a. HTTPS/MEX and HTTP/SAML STS interaction. 2b. Pass token w/attribute inserted directly in token to GetDataWS 3. Use token to determine user role. Result should be a subset of data (e.g., 5 rows). User B (permission to ALL data) logs in and does SAME query. Result should be all data (e.g., 10 rows). 2008 JavaOne SM Conference java.sun.com/javaone 11

STS used in DB search scenario STS in this example is backed by Active Directory (AD) User supplies credentials to authenticate to Active Directory (username/password, X.509, etc) STS issues SAML token with claims regarding user Identity STS inserts additional claim regarding the users ROLE (as defined in AD) GetDataWS verifies SAML token issued by trusted STS Role extracted from SAML token Used in DB access 2008 JavaOne SM Conference java.sun.com/javaone 12

Identity for Role-based DB Access 2008 JavaOne SM Conference java.sun.com/javaone 13

Identity Propagation thru multiple web apps & services AM (Metro SOAP) STS A GetData Web App (GF/Metro SOAP) GetDataWS (IIS.NET SOAP) AuditWS (GF/Metro SOAP) AuditDB Client (browser using CardSpace) +RM RecordsDB 1. Browser-based client authenticates via CardSpace + AM 2. Client does call on GetData Web Application. 3. GetData WA calls GetDataWS.getData. 3a. GetDataWS will get data from RecordsDB. 3a. GetDataWS will also call AuditWS.audit. Will use WS-RM. Validate: record must be retrieved correctly and AuditDB verified. Audit record should show User A, time, Application, GetDataWS and RecordsDB. NOTE: GetDataWs and AuditWS also secured using initial client token. 2008 JavaOne SM Conference java.sun.com/javaone 14

InfoCard CardSpace Microsoft s identity metasystem Supports multiple identity systems based on standards (e.g., WS-Security, WS-Trust, WS- MetadataExchange, WS-SecurityPolicy) Users download cards from identity providers their bank/etc, or create their own self-issued cards Cards used to convey any info from identity provider to relying party that makes sense to both of them CardSpace allows the user to select a card that provides identity and required claims to STS Java System Access Manager supports InfoCard using its own identity system SAML token returned by STS includes identity is propagated and verified by Metro and.net based services 2008 JavaOne SM Conference java.sun.com/javaone 15

WS-ReliableMessaging Used between GetDataWS and AuditWS To ensure audit trail Ensures all messages sent are received 2008 JavaOne SM Conference java.sun.com/javaone 16

Identity Propagation through multiple Web Applications and Services 2008 JavaOne SM Conference java.sun.com/javaone 17

Brokered Trust AM (Metro SOAP) STS A GetData Web App (GF/Metro SOAP) GetDataWS (IIS.NET SOAP) Active Directory (.NET SOAP) STS B AuditWS (GF/Metro SOAP) AuditDB Client (browser using CardSpace) +RM RecordsDB Same as previous scenario except: GetDataWS has trust relationship with STS A, AuditWS has trust relationship with STS B. STS A and B trust each other. 2008 JavaOne SM Conference java.sun.com/javaone 18

Brokered Trust User supplies credentials to authenticate to STS A (Java System Access Manager) Identity is propagated through multiple web apps/services AuditWS does not know/trust STS A (Java System Access Manager) AuditWS trusts STS B (AD) STS B has a trust relationship with STS A (via WS-Trust) STS B can use STS A to validate identity 2008 JavaOne SM Conference java.sun.com/javaone 19

Identity Propagation through multiple Web Applications and Services + Brokered Trust 2008 JavaOne SM Conference java.sun.com/javaone 20

What we did not cover WS-AtomicTransactions & WS-Coordination All operations in TX boundary succeed or rollback Same TX as in EJBs and COM+/Serviced Components Now supported in web services WS-SecureConversation Optimization when multiple secure messages exchanged 2008 JavaOne SM Conference java.sun.com/javaone 21

Summary Web Service Interoperability Java technology-based web services using Metro and GlassFish application server.net 3.5 web services using Windows Communication Foundation Identity Java System Access Manager Microsoft Active Directory WS-Trust SAML InfoCard Security SAML, WS-Security, WS-SecureConversation, WS-SecurityPolicy 2008 JavaOne SM Conference java.sun.com/javaone 22

Related Sessions TS-6373 Next-Generation Web User Experience Interoperability with Java Platform, Enterprise Edition (Java EE Platform) Technology and Silverlight TS-6658 GlassFish Project Web Services Stack Metro : Easy to Use, Robust, and High-Performance BOF-5590 Java Technology for Web Services Secure Exchange: New WS-SX Standards in Action LAB-3410 Metro: Try Out Simple and Interoperable Web Services 2008 JavaOne SM Conference java.sun.com/javaone 23

Relevant Blogs WCF blog: http://wcf.netfx3.com/blogs/wcf_team_bloggers/ InfoCard blogs: http://netfx3.com/blogs/cardspace_blogs/ http://blogs.sun.com/main/tags/infocard GlassFish project and Metro blogs: http://blogs.sun.com/theaquarium/ http://feeds.feedburner.com/metroblogs Java System Access Manager and OpenSSO blogs: http://planets.sun.com/opensso/ http://developers.sun.com/identity/ 2008 JavaOne SM Conference java.sun.com/javaone 24

For More Information GlassFish project, Metro, Java System Access Manager, OpenSSO http://glassfish.java.net/ https://metro.dev.java.net/ http://www.sun.com/software/products/access_mgr/index.jsp http://opensso.org/ Windows Communications Foundation &.NET 3.5: http://msdn2.microsoft.com/en-us/netframework/aa663324.aspx http://netfx3.com/default.aspx WCF Interoperability Guide & Plugfests: http://msdn2.microsoft.com/en-us/library/ms734776.aspx http://msdn2.microsoft.com/en-us/webservices/aa740612.aspx Windows CardSpace: http://msdn2.microsoft.com/en-us/netframework/aa663320.aspx J+N (Java technology +.NET) Program: http://www.microsoft.com/windowsserver/jplusn/default.mspx 2008 JavaOne SM Conference java.sun.com/javaone 25

Harold Carr, Metro Lead Architect, Sun Microsystems Kevin Wittkopf, Senior Solutions Architect, Microsoft TS-6128 2008 JavaOne SM Conference java.sun.com/javaone 26

EXTRA SLIDES in case InfoCard demo doesn t work 2008 JavaOne SM Conference java.sun.com/javaone 27

2008 JavaOne SM Conference java.sun.com/javaone 28

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information