1 / 10

WS-SecureConversation

WS-SecureConversation provides a robust framework for establishing secure communication in web services. It leverages SSL and Kerberos protocols alongside XML encryption (XMLENC) and XML digital signatures (XMLDSIG) to ensure end-to-end security. By establishing authenticated security contexts, it allows for efficient multi-message communication. The overhead incurred during initial context establishment is offset by faster subsequent exchanges. Key features include amending, renewing, and cancelling contexts, as well as deriving keys without transmitting key material, making it a more flexible and efficient alternative to traditional SSL.

blaze
Télécharger la présentation

WS-SecureConversation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WS-SecureConversation Vidya Iyer 3/11/06

  2. Web services

  3. SecureConversation • End-to-end security • Leverages SSL, and Kerberos • Leverages XMLENC and XMLDSIG • Establishes contexts for convenient multi-message communication • Initial overhead to establish context, then faster communication

  4. Terms • Security Token – security related information (ie. X.509 cert, Kerberos ticket, username) • Security Context – established authenticated state, and related keys • Security Context Token – URI representation of Security Context

  5. Creating Secure Contexts

  6. Changing contexts • Amending, Renewing, Cancel contexts • Requester sends Amend URI http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Amend • And proof of possession of key • Recipients authenticate request and update their context • Same for Renew, Cancel

  7. Deriving keys • Common to use SecureContexts to agree on pseudorandom generators to derive keys • Uses DeriveKeyToken syntax • Syntax is agnostic to key derivation scheme • No need to send key material

  8. Benefits over SSL • End-to-end security • XML aware • Selective encryption • Easier to nullify existing contexts

  9. Questions?

More Related