Login   |   Signup  
Exforsys

SOA Web Services

  1. SOA Web Services - SOA and Web Services Approach for Integration
  2. SOA Web Services - SOA Evolution
  3. SOA Web Services - IT Evolution
  4. SOA Web Services - Patterns
  5. SOA Web Services - Designing Sound Web Services
  6. SOA Web Services - Self-Service Business Pattern
  7. SOA Web Services - Extended Enterprise Business Pattern
  8. SOA Web Services - Application Integration Pattern
  9. SOA Web Services - Direct Connection Application Pattern
  10. SOA Web Services - Broker Application Pattern
  11. SOA Web Services - Serial Process Application Pattern
  12. SOA Web Services - Parallel Process Application Pattern
  13. SOA Web Services - Runtime Patterns
  14. SOA Web Services - Direct Connection Runtime Pattern
  15. SOA Web Services - Direct Connection Pattern
  16. SOA Web Services - Runtime Patterns for Broker
  17. SOA Web Services - Differences between B2B and EAI Web Services
  18. SOA Web Services - Writing Interoperable WSDL Definitions
  19. SOA Web Services - Validating Interoperable WSDL
  20. SOA Web Services - WS-I Specifications
  21. SOA Web Services - WS-I Basic Security Profile 1.0
  22. SOA Web Services - Guidelines for Creating Interoperable Web Services
  23. SOA Web Services - Java EE and .NET Integration using Web Services
  24. SOA Web Services - WSDL for Java Web Service
  25. SOA Web Services - Developing the .NET Web Service
  26. SOA Web Services - Developing the Test Client

Career Training

Technical Training

Skill Test

Ads


Home arrow Reviews arrow SOA Web Services

SOA Web Services - WS-I Basic Security Profile 1.0

Author: Packt Publishing     Published on: 29th Jul 2008

WS-I Basic Security Profile 1.0

The Basic Security Profile was created to address the interoperability issues of secured web services. The profile addresses several key areas listed next:

Ads

  • Transport Layer Security
  • SOAP Message Security
  • Username Token Profile
  • X.509 Certificate Token Profile
  • XML-Signature
  • XML Encryption, Algorithms
  • Relationship of Basic Security Extension Profile to Basic Profile
  • Attachment security

The security profile does not completely guarantee interoperability. However, it addresses the most common problems experienced in practical implementations to increase the probability of interoperability.

The focus is laid on the interoperability characteristics of two main technologies:

  • HTTP over TLS—technology that protects the confidentiality of all information that flows over an HTTP connection
  • SOAP Message Security

It does not prohibit the use of any encryption algorithms; however, it recommends some TSL & SSL cipher suits.

It is a requirement that the partners exchanging the messages must agree on the following:

  • Which elements must be signed and/or encrypted
  • Which elements may be signed and/or encrypted
  • Which security tokens must be present
  • Which security tokens may be present

The profile puts the following conditions on the applications:

The Envelope, Header, or Body elements must not be encrypted. Encrypting these elements breaks the SOAP processing model and is therefore prohibited.

A SOAP intermediary INSTANCE MUST NOT remove or modify any HEADER_ELEMENT unless that SOAP intermediary is acting in the role specified by the S11:actor attribute of that HEADER_ELEMENT.

Messages may be signed and encrypted, potentially by multiple entities signing and encrypting overlapping elements. A signature applied before encryption has different security properties than encryption applied before a signature.

SOAP Message Security defines a Timestamp element for use in SOAP messages. (Time stamp must contain only one CREATED & EXPIRES element)

Ads

Thus, to create interoperable secured web services, the conditions just listed must be satisfied. Note that the list is by no means complete, and the reader is referred to the WS-I site (http://www.ws-i.org" target="_blank" rel="nofollow") for full coverage of the security profile. The previous discussions merely give an overview of what is required to create secured interoperable web services.



 
This tutorial is part of a SOA Web Services tutorial series. Read it from the beginning and learn yourself.

SOA Web Services

  1. SOA Web Services - SOA and Web Services Approach for Integration
  2. SOA Web Services - SOA Evolution
  3. SOA Web Services - IT Evolution
  4. SOA Web Services - Patterns
  5. SOA Web Services - Designing Sound Web Services
  6. SOA Web Services - Self-Service Business Pattern
  7. SOA Web Services - Extended Enterprise Business Pattern
  8. SOA Web Services - Application Integration Pattern
  9. SOA Web Services - Direct Connection Application Pattern
  10. SOA Web Services - Broker Application Pattern
  11. SOA Web Services - Serial Process Application Pattern
  12. SOA Web Services - Parallel Process Application Pattern
  13. SOA Web Services - Runtime Patterns
  14. SOA Web Services - Direct Connection Runtime Pattern
  15. SOA Web Services - Direct Connection Pattern
  16. SOA Web Services - Runtime Patterns for Broker
  17. SOA Web Services - Differences between B2B and EAI Web Services
  18. SOA Web Services - Writing Interoperable WSDL Definitions
  19. SOA Web Services - Validating Interoperable WSDL
  20. SOA Web Services - WS-I Specifications
  21. SOA Web Services - WS-I Basic Security Profile 1.0
  22. SOA Web Services - Guidelines for Creating Interoperable Web Services
  23. SOA Web Services - Java EE and .NET Integration using Web Services
  24. SOA Web Services - WSDL for Java Web Service
  25. SOA Web Services - Developing the .NET Web Service
  26. SOA Web Services - Developing the Test Client
 

Comments

 
Privacy and Legal | Contact Us | DMCA | Sitemap

Copyright © 2000 - 2012 exforsys.com. All Rights Reserved