1 / 10

Secure Contexts for Efficient, End-to-End Communication

Learn how WS Secure Conversation leverages SSL and Kerberos, using XMLENC and XMLDSIG for establishing secure contexts. Explore creating, changing, and deriving keys securely with benefits over SSL. Have questions? Get answers!

katherine
Télécharger la présentation

Secure Contexts for Efficient, End-to-End Communication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WS-SecureConversation Vidya Iyer 3/11/06

  2. Web services

  3. SecureConversation • End-to-end security • Leverages SSL, and Kerberos • Leverages XMLENC and XMLDSIG • Establishes contexts for convenient multi-message communication • Initial overhead to establish context, then faster communication

  4. Terms • Security Token – security related information (ie. X.509 cert, Kerberos ticket, username) • Security Context – established authenticated state, and related keys • Security Context Token – URI representation of Security Context

  5. Creating Secure Contexts

  6. Changing contexts • Amending, Renewing, Cancel contexts • Requester sends Amend URI http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Amend • And proof of possession of key • Recipients authenticate request and update their context • Same for Renew, Cancel

  7. Deriving keys • Common to use SecureContexts to agree on pseudorandom generators to derive keys • Uses DeriveKeyToken syntax • Syntax is agnostic to key derivation scheme • No need to send key material

  8. Benefits over SSL • End-to-end security • XML aware • Selective encryption • Easier to nullify existing contexts

  9. Questions?

More Related