Web Services Security Challenges Based on underlying technologies
Web Services Security Challenges • Based on underlying technologies that already have security challenges • Web services complexities pose new potential problems • Concerns with security standards and their adoption by system and component vendors • Overlapping and possibly incompatible standards 1/15/2022 Secure Systems Research Group - FAU
Web services architectural layers 1/15/2022 Secure Systems Research Group - FAU
Web services standards • Standards for describing, discovering, and invoking web services – Based on XML • Represent data totally independent of application, protocol, vocabulary, OS, programming language – Described using XML schema • Standards organizational committees: – World wide web consortium (W 3 C) – Organization for the advancement of structured information standards (OASIS) – Web services interoperability (WS-I) organization – Liberty alliance – Internet engineering task force (IETF) 1/15/2022 Secure Systems Research Group - FAU
Layers and web services standards 1/15/2022 Secure Systems Research Group - FAU
Web services security standards • Several security-related specifications for providing security for web Services including: • WS-Security • Web Services Security Addendum • WS-Security Policy • WS-Trust • WS-Secure Conversation • Web Services Security Profile for XML-based Tokens • WS-Federation • WSPL (Web Services Policy Language) • The Liberty Alliance Project • These security protocols can bind to Web services messaging protocols • Designed to be modular and composable, to allow developers to use just the required capabilities • Key to the success of Web services is open standards and interoperability among service providers 1/15/2022 Secure Systems Research Group - FAU
Layers and web services security standards 1/15/2022 Secure Systems Research Group - FAU
- Slides: 6