Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Web Services Security
BY:
NURMEEN RAFIQUE
ANIK MALIK
FAKHAR-UL-ISLAM
WS-Security Definition
 WS-Security (Web Services Security) is a proposed IT industry standard
that addresses security wh...
Web services security includes several aspects:
 Authentication—Verifying that the user is who she claims to be. A user's...
Web Services Security at Transport Level and
Message Level
 Web Services currently revolves around three important protoc...
Transport-level Security
It secures the actual transport over which the message passes through from client to a
service.
S...
Message Level Security
 Message level security is an application layer service and facilitates the protection of
message ...
Differences
 TLS:
 In this model, a Web Service client will use SSL to open a secure socket to a Web
Service. The client...
Differences cont’d
TRANSPORT LEVEL MESSAGE LEVEL
Uses SSL Dose not use SSL
Point-to-Point: Protects the "pipe Data Chunks ...
Web services security
Web services security
Web services security
Nächste SlideShare
Wird geladen in …5
×

Web services security

476 Aufrufe

Veröffentlicht am

about web data security

Veröffentlicht in: Software
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Web services security

  1. 1. Web Services Security BY: NURMEEN RAFIQUE ANIK MALIK FAKHAR-UL-ISLAM
  2. 2. WS-Security Definition  WS-Security (Web Services Security) is a proposed IT industry standard that addresses security when data is exchanged as part of a Web service. Web Service Security Requirements  The use of transport security to protect the communication channel between the Web service consumer and Web service provider.  Message-level security to ensure confidentiality, integrity and authentication.
  3. 3. Web services security includes several aspects:  Authentication—Verifying that the user is who she claims to be. A user's identity is verified based on the credentials presented by that user, such as: password, biometric information etc.  Authorization (or Access Control)—Granting access to specific resources based on an authenticated user's entitlements. Entitlements are defined by one or several attributes. An attribute is the property or characteristic of a user.  Confidentiality, privacy—Keeping information secret. Accesses a message, for example a Web service request or an email, as well as the identity of the sending and receiving parties in a confidential manner. Confidentiality and privacy can be achieved by encrypting the content of a message and obfuscating the sending and receiving parties' identities.  Integrity, non repudiation—Making sure that a message remains unaltered during transit by having the sender digitally sign the message. A digital signature is used to validate the signature and provides non-repudiation. The timestamp in the signature prevents anyone from replaying this message after the expiration.
  4. 4. Web Services Security at Transport Level and Message Level  Web Services currently revolves around three important protocols: SOAP, WSDL and UDDI.  There are two ways with which we can ensure security with Web Services:  Transport Level Security  Message Level Security
  5. 5. Transport-level Security It secures the actual transport over which the message passes through from client to a service. Secure Socket Layer (SSL), otherwise known as Transport Layer Security (TLS), is the most widely used transport-level data-communication protocol providing:  Authentication (the communication is established between two trusted parties).  Confidentiality (the data exchanged is encrypted).  Message integrity (the data is checked for possible corruption).  Secure key exchange between client and server.
  6. 6. Message Level Security  Message level security is an application layer service and facilitates the protection of message data between applications.  It secures the message itself that is being transported from client to a service and vice versa. Application-level security is based on standards available for securing Web Services at XML level.  Data confidentiality is implemented by XML Encryption.  Data integrity and authenticity are implemented by XML Signature.  Message structure and message security are implemented by SOAP and its security extension, WS-Security.
  7. 7. Differences  TLS:  In this model, a Web Service client will use SSL to open a secure socket to a Web Service. The client then sends and receives SOAP messages over this secured socket using HTTPS.  MLS:  In message level security, security information is contained within the SOAP message, which allows security information to travel along with the message.ge level security, security information is contained within the SOAP message, which allows security information to travel along with the message.
  8. 8. Differences cont’d TRANSPORT LEVEL MESSAGE LEVEL Uses SSL Dose not use SSL Point-to-Point: Protects the "pipe Data Chunks are protected Does not work with Intermediaries Intended to work with Intermediaries Ubiquitous Standards still under development

×