book

Securing Web Services with WS-Security

by Jothy Rosenberg, David L. Remy

May 2004

Intermediate to advanced

408 pages

11h 25m

English

Sams

Read now

Unlock full access

Securing Web Services to Deliver on Their PromiseBuilding the Foundation for Agile Computing
Who This Book Is ForAbout This BookHow This Book Is Organized
Web Services Basics: XML, SOAP, and WSDLXML and XML SchemaSOAPWSDLUDDIApplication IntegrationB2B Business Process IntegrationPortalsService-Oriented ArchitecturesDefinition of Web ServicesSecurity BasicsShared Key and Public Key TechnologiesCryptographyKeysShared Key CryptographyPublic Key CryptographySecurity Concepts and DefinitionsAuthenticationAuthorizationIntegrityConfidentialityNon-repudiationWeb Services Security BasicsXML SignatureXML EncryptionSAMLWS-SecurityTrust IssuesOther WS-Security–Related SpecsSummary
The Gestalt of Web ServicesApplication IntegrationEnterprise Application IntegrationB2C and B2B Application IntegrationAutomating Business ProcessesInformation Aggregation PortalsThe Evolution of Distributed ComputingMiddlewareThe Web: The Global Network for Information ExchangeThe Inevitability of Web ServicesSecurity ChallengesIdentitiesMessagesService-Oriented ArchitecturesXML: Meta-Language for Data-Oriented InterchangeWhere XML Came From and Why It's ImportantXML and Web ServicesXML NamespacesXML SchemaXML TransformationsXPathXSLTXQueryXMLBeansXML's Role in Web Services SecuritySOAP: XML Messaging and Remote Application AccessWhere SOAP Came From and Why It's ImportantSOAP EnvelopeSOAP HeaderSOAP BodySOAP ProcessingSOAP AttachmentsSOAP and Web Services SecurityWSDL: Schema for XML/SOAP Objects and InterfacesWhere WSDL Came From and Why It's ImportantWSDL ElementsWSDL and SOAPWSDL and Web Services SecurityUDDI: Publishing and Discovering Web ServicesebXML and RosettaNet: Alternative Technologies for Web ServicesThe Web Services Security SpecificationsSummary
The Challenges of Information Security for Web ServicesSecurity of Distributed Systems Is HardSecurity of Exchanged Information (Messages) Is HarderSecurity of Web Services Is HardestShared Key TechnologiesShared Key EncryptionKerberosLimitations of Shared Key TechnologiesPublic Key TechnologiesPublic Key EncryptionLimitations of Public Key EncryptionDigital Signature BasicsHashing the Message to Create a Message DigestPublic Key Encryption of the Message DigestDigital Signature Signing ProcessDigital Signature Verification ProcessIntegrity Without Non-RepudiationA Digital Signature Expressed in XMLPublic Key InfrastructureDigital Certificates Are Containers for Public KeysCertificate Authorities Issue (and Sign) Digital CertificatesCAs Must Be Trusted or Vouched For by a Trusted CARoot CAs Are Trusted by EveryoneKey Escrow for Recovering Lost Private KeysCertificate Revocation for Dealing with Public Keys Gone BadCRL Certificate Revocation CheckingOCSP Certificate Revocation CheckingTrust ServicesKey Management ServicesDigital Signature ServicesSingle Sign-On ServicesAccess Control ServicesSecurity in a BoxBilling and Metering ServicesSSL Transport Layer SecurityA Description of the SSL ProtocolSummary
Introduction To and Motivation for XML SignatureA W3C StandardCritical Building Block for WS-SecurityClose Associations with Web Services SecurityThe Goal of Ensuring Integrity (and Usually Identity) and Non-repudiation PersistentlyXML Signature and XML Encryption: Fundamental Web Services Security TechnologiesXML Signature FundamentalsXML Signature StructureBasic StructureSpecifying the Items Being SignedTypes of XML SignaturesEnveloping SignaturesEnveloped SignaturesDetached SignaturesThe Signature Element SchemaXML Signature ProcessingXML Signature GenerationReference GenerationSignature GenerationXML Signature ValidationReference ValidationSignature ValidationThe XML Signature ElementsThe SignedInfo ElementThe CanonicalizationMethod Element and CanonicalizationCanonicalization Actions from Canonical XML Version 1.0Canonicalization Subtleties: Exclusive CanonicalizationThe SignatureMethod ElementThe Reference ElementThe Transform ElementCanonicalization TransformBase-64 TransformXPath Filtering TransformEnveloped Signature TransformXSLT TransformXPath Filter 2.0 TransformThe DigestMethod ElementThe DigestValue ElementThe SignatureValue ElementThe Object ElementThe Manifest ElementThe SignatureProperties ElementThe KeyInfo ElementKeyNameKeyValueRetrievalMethodX509DataPGPDataSPKIDataSecurity Strategies for XML SignatureUsing TransformsOnly What Is Signed Is SecureOnly What Is Seen Should Be Signed“See” What Is SignedKnowing the Security ModelKnowing Your KeysSigning Object ElementsSigning DTDs with Entity ReferencesSummary

Introduction to and Motivation for XML EncryptionRelating XML Encryption and XML SignatureCritical Building Block for WS-SecurityThe Goal Is to Ensure Confidentiality of Messages from End to End with Different RecipientsThink Shared Key Cryptography When You Think of XML EncryptionXML Encryption Will Become Part of the Infrastructure Like XML SignatureXML Encryption FundamentalsXML Encryption StructureEncryptedData: The Core of XML EncryptionEncryptedData SchemaEncryptedTypeEncryptionMethodCipherDataCipherValueCipherReferenceEncryptionPropertiesKeyInfoEncryptedKeyAgreementMethodReferenceListCarriedKeyNameSuper EncryptionXML Encryption ProcessingEncryption Process1. Choose an Encryption Algorithm2. Obtain an Encryption Key and Optionally Represent It3. Serialize Message Data4. Encrypt the Data5. Specify the Data Type6. Build the Corresponding EncryptedData StructureDecryption Process1. Get Algorithm, Parameters, and KeyInfo2. Locate the Key3. Decrypt Data4. Process XML Elements or XML Element Content5. Process Non–XML Element (Type Not Specified)Using XML Encryption and XML Signature TogetherThe Decryption Transform for XML SignatureXML Encryption and XML Signature StrategiesSummary
Introduction to and Motivation for SAMLThe Problems SAML AddressesTransporting Identity or “Portable Trust”The Concept of Trust AssertionsHow SAML WorksSAML AssertionsAuthentication AssertionsAttribute AssertionsAuthorization AssertionsSAML Producers and ConsumersSAML ProtocolAuthentication RequestAttribute RequestAuthorization RequestSAML Protocol ResponseSAML BindingsSAML ProfilesUsing SAML with WS-SecurityThe WS-Security SAML ProfileApplying SAML: Project LibertyThe Identity ProblemFederated IdentityHow Liberty Uses SAMLAccount LinkingAuthentication ContextLiberty's SAML ProfilesThe Microsoft Passport Alternative ApproachSummary
Introduction to and Motivation for WS-SecurityProblems and GoalsHTTP Transport Security Versus Message SecurityThe Origins of WS-SecurityWS-Security Is FoundationalExtending SOAP with SecuritySecurity Tokens in WS-SecurityUsernameTokenUsernameToken with Clear-Text PasswordUsernameToken with PasswordDigestUsername PasswordDigest AlgorithmUsernameToken PasswordDigest SummaryBinarySecurityTokensX.509 V3 CertificateKerberos TokensXML TokensSAML TokensXrML TokensXCBF TokensReferencing Security TokensProviding Confidentiality: XML Encryption in WS-SecurityShared Key XML EncryptionWrapped Key XML EncryptionEncrypting AttachmentsWS-Security Encryption SummaryProviding Integrity: XML Signature in WS-SecurityXML Signature for Validating a Security TokenXML Signature for Message IntegrityXML Signature in WS-Security ConsiderationsWS-Security XML Signature ExampleSigning a Security Token ReferenceMessage Time StampsSummary
WS-PolicyWS-Policy and WSDLWS-Policy and WS-SecurityPolicyThe WS-Policy FrameworkWS-Policy DetailsWS-PolicyAssertionsTextEncodingLanguageSpecVersionMessagePredicateWS-PolicyAttachmentArbitrary Resource AttachmentSpecifying WS-Policy in WSDLWS-SecurityPolicySecurityTokenUsername Token ClaimsX509v3 Token ClaimsIntegrityConfidentialityVisibilitySecurityHeaderMessageAgeSummary
The WS-* Family of Security SpecificationsWS-* Security Specifications for Trust RelationshipsWS-Trust<RequestSecurityToken><RequestSecurityTokenResponse>WS-PrivacyWS-* Security Specifications for InteroperabilityWS-PolicyWS-SecureConversation<SecurityContextToken>Establishing a Security ContextWS-* Security Specifications for IntegrationWS-FederationWS-AuthorizationXML Key Management Specification (XKMS)Origins of XKMSGoals of XKMSThe XKMS ServicesX-KISSX-KRSSeXtensible Access Control Markup Language (XACML) SpecificationThe XACML Data ModelXACML OperationXACML Policy ExampleeXtensible Rights Markup Language (XrML) Management SpecificationThe XrML Data ModelXrML Use Case ExampleSummary
Security Layer WalkthroughTransport-Level SecurityMessage-Level SecurityRole-Based SecurityWebLogic Workshop Web Service WalkthroughTransport SecurityMessage-Based SecuritySummary
The SSL ProtocolTesting for PrimalityRSA CryptographyChoosing RSA Key PairsPaddingRSA EncryptionRSA DecryptionDSA Digital Signature AlgorithmsDSA Key GenerationDSA Algorithm OperationBlock Cipher ProcessingBlock Cipher Padding (PKCS#5)Block Cipher FeedbackDES Encryption AlgorithmAES Encryption AlgorithmHashing Details and RequirementsMotivation for Using Hash FunctionsRequirements for Digital SignatureSHA1Collision ResistanceSecuritySimplicity and EfficiencySilvio Micali's Fast Validation/RevocationValidity CheckRevocationCanonicalization of Messages for Digital Signature ManifestsCanonicalization V1 Transform StepsCanonicalization Subtleties: Exclusive CanonicalizationBase-64 EncodingPGP

Overview

Comprehensive coverage is given in this up-to-date and practical guide to Web services security--the first to cover the final release of new standards SAML 1.1 and WS-Security. Rosenberg and Remy are security experts who co-founded GeoTrust, the #2 Web site certificate authority.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Restful Java Web Services Security

René Enríquez

SOA Security

Ramarao Kanneganti, Prasad Chodavarapu

Building Web Services with Java: Making Sense of XML, SOAP, WSDL, and UDDI, Second Edition

Steve Graham, Doug Davis, Simeon Simeonov, Glen Daniels, Peter Brittenham, Yuichi Nakamura, Paul Fremantle, Dieter König, Claudia Zentner

XML Hacks

Michael Fitzgerald

Publisher Resources

ISBN: 0672326515Purchase book