1

Secure Web Secure Web ServicesServices

DevelopmentDevelopmentwith Microsoft Web Services with Microsoft Web Services

Enhancements (WSE 2.0)Enhancements (WSE 2.0)

Jim Van Dyke

2

WSE 2.0WSE 2.0

Add-on to Visual Studio .NET and the .NET Add-on to Visual Studio .NET and the .NET Framework Framework

Interface Tool and Classes that implement Interface Tool and Classes that implement the WS-* Specificationsthe WS-* Specifications

3

WS-* SpecificationsWS-* Specifications

WS-SecurityWS-Security Secure SOAP Messages; Confidentiality Secure SOAP Messages; Confidentiality

(encryption) and Integrity (digital (encryption) and Integrity (digital signatures)signatures)

WS-SecureConversationWS-SecureConversation Secure Communications; Security Secure Communications; Security

ContextsContexts

4

WS-* SpecificationsWS-* Specifications

WS-Policy and WS-SecurityPolicyWS-Policy and WS-SecurityPolicy Means to specify security policies and Means to specify security policies and

requirements (e.g., security token requirements (e.g., security token requirements)requirements)

WS-TrustWS-Trust Means to exchange security tokens; Means to exchange security tokens;

Communications protocol for federationCommunications protocol for federation

WS-FederationWS-Federation Brokering Trust, Single Sign-in/out, Brokering Trust, Single Sign-in/out,

Attributes, and PseudonymsAttributes, and Pseudonyms

5

WSE: Major FeaturesWSE: Major Features Securing Web servicesSecuring Web services

Security credentials, Digital signing, Security credentials, Digital signing, EncryptionEncryption

PolicyPolicy

SOAP messagingSOAP messaging

Routing SOAP messagesRouting SOAP messages

Sending attachments with SOAP messagesSending attachments with SOAP messages

6

WSE ArchitectureWSE Architecture

WSE filter chains are integrated with WSE filter chains are integrated with the SOAP Messaging built-into WSE the SOAP Messaging built-into WSE and the ASP.NET Web services and the ASP.NET Web services infrastructure. infrastructure.

7

WSE ArchitectureWSE Architecture

8

WSE PoliciesWSE Policies

There are four basic steps to configure There are four basic steps to configure a Web service's policy:a Web service's policy: Create a policy file. Create a policy file.

Declare the set of policies for the policy Declare the set of policies for the policy file.file.

Map the policies to SOAP endpoints.Map the policies to SOAP endpoints.

Configure the policy file.Configure the policy file.

9

WSE PoliciesWSE Policies WSE has built-in support the following WSE has built-in support the following

policy assertions:policy assertions: Security tokenSecurity token

IntegrityIntegrity

ConfidentialityConfidentiality

Message ageMessage age

Message predicateMessage predicate

10

Basic FederationBasic FederationDirect Trust Token ExchangeDirect Trust Token Exchange

TrustTrustGet identityGet identitytokentoken

Get accessGet accesstokentoken11

33

22

IP/STS IP/STS

Requestor

Resource

Partially adapted from workshop slides by Tony Nadalin (IBM) and Chris Kaler (Microsoft)