Upload
shona-bell
View
216
Download
1
Embed Size (px)
Citation preview
1
Secure Web Secure Web ServicesServices
DevelopmentDevelopmentwith Microsoft Web Services with Microsoft Web Services
Enhancements (WSE 2.0)Enhancements (WSE 2.0)
Jim Van Dyke
2
WSE 2.0WSE 2.0
Add-on to Visual Studio .NET and the .NET Add-on to Visual Studio .NET and the .NET Framework Framework
Interface Tool and Classes that implement Interface Tool and Classes that implement the WS-* Specificationsthe WS-* Specifications
3
WS-* SpecificationsWS-* Specifications
WS-SecurityWS-Security Secure SOAP Messages; Confidentiality Secure SOAP Messages; Confidentiality
(encryption) and Integrity (digital (encryption) and Integrity (digital signatures)signatures)
WS-SecureConversationWS-SecureConversation Secure Communications; Security Secure Communications; Security
ContextsContexts
4
WS-* SpecificationsWS-* Specifications
WS-Policy and WS-SecurityPolicyWS-Policy and WS-SecurityPolicy Means to specify security policies and Means to specify security policies and
requirements (e.g., security token requirements (e.g., security token requirements)requirements)
WS-TrustWS-Trust Means to exchange security tokens; Means to exchange security tokens;
Communications protocol for federationCommunications protocol for federation
WS-FederationWS-Federation Brokering Trust, Single Sign-in/out, Brokering Trust, Single Sign-in/out,
Attributes, and PseudonymsAttributes, and Pseudonyms
5
WSE: Major FeaturesWSE: Major Features Securing Web servicesSecuring Web services
Security credentials, Digital signing, Security credentials, Digital signing, EncryptionEncryption
PolicyPolicy
SOAP messagingSOAP messaging
Routing SOAP messagesRouting SOAP messages
Sending attachments with SOAP messagesSending attachments with SOAP messages
6
WSE ArchitectureWSE Architecture
WSE filter chains are integrated with WSE filter chains are integrated with the SOAP Messaging built-into WSE the SOAP Messaging built-into WSE and the ASP.NET Web services and the ASP.NET Web services infrastructure. infrastructure.
7
WSE ArchitectureWSE Architecture
8
WSE PoliciesWSE Policies
There are four basic steps to configure There are four basic steps to configure a Web service's policy:a Web service's policy: Create a policy file. Create a policy file.
Declare the set of policies for the policy Declare the set of policies for the policy file.file.
Map the policies to SOAP endpoints.Map the policies to SOAP endpoints.
Configure the policy file.Configure the policy file.
9
WSE PoliciesWSE Policies WSE has built-in support the following WSE has built-in support the following
policy assertions:policy assertions: Security tokenSecurity token
IntegrityIntegrity
ConfidentialityConfidentiality
Message ageMessage age
Message predicateMessage predicate
10
Basic FederationBasic FederationDirect Trust Token ExchangeDirect Trust Token Exchange
TrustTrustGet identityGet identitytokentoken
Get accessGet accesstokentoken11
33
22
IP/STS IP/STS
Requestor
Resource
Partially adapted from workshop slides by Tony Nadalin (IBM) and Chris Kaler (Microsoft)