WS-Security-Clement-Song-basic-concepts.ppt
VinturisDiana
10 views
26 slides
Oct 15, 2024
Slide 1 of 26
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
About This Presentation
What is WS-Security?
Why WS-Security?
Terminology
How to Secure?
Code
Demos
Reference
Slide Content
11
WS-Security WS-Security
Clement SongClement Song
02-09-0402-09-04
WS-Security WS-Security
Clement SongClement Song
02-09-0402-09-04
22
OutlineOutline
What is WS-Security?What is WS-Security?
Why WS-Security?Why WS-Security?
Terminology Terminology
How to Secure? How to Secure?
Code Code
Demos Demos
ReferenceReference
OutlineOutline
What is WS-Security?What is WS-Security?
Why WS-Security?Why WS-Security?
Terminology Terminology
How to Secure? How to Secure?
Code Code
Demos Demos
ReferenceReference
33
What is WS-Security?What is WS-Security?
WS-Security:WS-Security:
soap message protection through message soap message protection through message
integrity, confidentiality, and single message integrity, confidentiality, and single message
authentication authentication
extensible and flexible (multiple security extensible and flexible (multiple security
tokens, trust domains, signature formats, and tokens, trust domains, signature formats, and
encryption technologies. )encryption technologies. )
a flexible set of mechanisms that can be used a flexible set of mechanisms that can be used
to construct a range of security protocols to construct a range of security protocols
Source: WS-Security version 1.0. ref[1]
What is WS-Security?What is WS-Security?
WS-Security:WS-Security:
soap message protection through message soap message protection through message
integrity, confidentiality, and single message integrity, confidentiality, and single message
authentication authentication
extensible and flexible (multiple security extensible and flexible (multiple security
tokens, trust domains, signature formats, and tokens, trust domains, signature formats, and
encryption technologies. )encryption technologies. )
a flexible set of mechanisms that can be used a flexible set of mechanisms that can be used
to construct a range of security protocols to construct a range of security protocols
Source: WS-Security version 1.0. ref[1]
44
Why WS-Security?Why WS-Security?
Secure soap message exchangeSecure soap message exchange
Why WS-Security?Why WS-Security?
Secure soap message exchangeSecure soap message exchange
55
Terminology ReferenceTerminology Reference
ClaimClaim - A - A claimclaim is a statement that a requestor makes is a statement that a requestor makes
(e.g. name, identity, key, group, privilege, capability, etc). (e.g. name, identity, key, group, privilege, capability, etc).
Security TokenSecurity Token - A - A security tokensecurity token represents a represents a
collection of claims. collection of claims.
Signed Security TokenSigned Security Token - A - A signed security tokensigned security token is a is a
security token that is asserted and cryptographically security token that is asserted and cryptographically
endorsed by a specific authority (e.g. an X.509 certificate endorsed by a specific authority (e.g. an X.509 certificate
or a Kerberos ticket). or a Kerberos ticket).
Proof-of-PossessionProof-of-Possession - The - The proof-of-possessionproof-of-possession
information is data that is used in a proof process to information is data that is used in a proof process to
demonstrate the sender's knowledge of information that demonstrate the sender's knowledge of information that
should only be known to the claiming sender of a should only be known to the claiming sender of a
security token. security token.
Terminology ReferenceTerminology Reference
ClaimClaim - A - A claimclaim is a statement that a requestor makes is a statement that a requestor makes
(e.g. name, identity, key, group, privilege, capability, etc). (e.g. name, identity, key, group, privilege, capability, etc).
Security TokenSecurity Token - A - A security tokensecurity token represents a represents a
collection of claims. collection of claims.
Signed Security TokenSigned Security Token - A - A signed security tokensigned security token is a is a
security token that is asserted and cryptographically security token that is asserted and cryptographically
endorsed by a specific authority (e.g. an X.509 certificate endorsed by a specific authority (e.g. an X.509 certificate
or a Kerberos ticket). or a Kerberos ticket).
Proof-of-PossessionProof-of-Possession - The - The proof-of-possessionproof-of-possession
information is data that is used in a proof process to information is data that is used in a proof process to
demonstrate the sender's knowledge of information that demonstrate the sender's knowledge of information that
should only be known to the claiming sender of a should only be known to the claiming sender of a
security token. security token.
66
Terminology ReferenceTerminology Reference
DigestDigest - A - A digestdigest is a cryptographic checksum of an is a cryptographic checksum of an
octet stream octet stream
SignatureSignature - A - A signaturesignature is a cryptographic binding of a is a cryptographic binding of a
proof-of-possession and a digest. This covers both proof-of-possession and a digest. This covers both
symmetric key-based and public key-based signatures. symmetric key-based and public key-based signatures.
Consequently, non-repudiation Consequently, non-repudiation
Non-repudiation - Non-repudiation - means to ensure that a transferred means to ensure that a transferred
message has been sent and received by the parties message has been sent and received by the parties
claiming to have sent and received the message. A way claiming to have sent and received the message. A way
to guarantee that the sender of a message cannot later to guarantee that the sender of a message cannot later
deny having sent the message and that the recipient deny having sent the message and that the recipient
cannot deny having received the message. cannot deny having received the message.
Terminology ReferenceTerminology Reference
DigestDigest - A - A digestdigest is a cryptographic checksum of an is a cryptographic checksum of an
octet stream octet stream
SignatureSignature - A - A signaturesignature is a cryptographic binding of a is a cryptographic binding of a
proof-of-possession and a digest. This covers both proof-of-possession and a digest. This covers both
symmetric key-based and public key-based signatures. symmetric key-based and public key-based signatures.
Consequently, non-repudiation Consequently, non-repudiation
Non-repudiation - Non-repudiation - means to ensure that a transferred means to ensure that a transferred
message has been sent and received by the parties message has been sent and received by the parties
claiming to have sent and received the message. A way claiming to have sent and received the message. A way
to guarantee that the sender of a message cannot later to guarantee that the sender of a message cannot later
deny having sent the message and that the recipient deny having sent the message and that the recipient
cannot deny having received the message. cannot deny having received the message.
77
How to Secure?How to Secure?
Integrity - information is not modified in Integrity - information is not modified in
transit transit
XML signature in conjunction with security XML signature in conjunction with security
tokens tokens
Multiple signature, multiple actors, additional Multiple signature, multiple actors, additional
signature formats signature formats
How to Secure?How to Secure?
Integrity - information is not modified in Integrity - information is not modified in
transit transit
XML signature in conjunction with security XML signature in conjunction with security
tokens tokens
Multiple signature, multiple actors, additional Multiple signature, multiple actors, additional
signature formats signature formats
88
How to Secure?How to Secure?
Confidentiality - only authorized actors or Confidentiality - only authorized actors or
security token owners can view the datasecurity token owners can view the data
XML encryption in conjunction with security XML encryption in conjunction with security
tokenstokens
Multiple encryption processes, multiple actorsMultiple encryption processes, multiple actors
How to Secure?How to Secure?
Confidentiality - only authorized actors or Confidentiality - only authorized actors or
security token owners can view the datasecurity token owners can view the data
XML encryption in conjunction with security XML encryption in conjunction with security
tokenstokens
Multiple encryption processes, multiple actorsMultiple encryption processes, multiple actors
99
How to Secure?How to Secure?
Authentication – you are whom you said you areAuthentication – you are whom you said you are
Security Tokens Security Tokens
How to Secure?How to Secure?
Authentication – you are whom you said you areAuthentication – you are whom you said you are
Security Tokens Security Tokens
1010
SyntaxSyntax
<S:Envelope>
<S:Header>
...
<Security
S:actor="...“
S:mustUnderstand="...">
...
</Security>
...
</S:Header>
<S:Body>…
</S:Body>
</S:Envelope>
SyntaxSyntax
<S:Envelope>
<S:Header>
...
<Security
S:actor="...“
S:mustUnderstand="...">
...
</Security>
...
</S:Header>
<S:Body>…
</S:Body>
</S:Envelope>
1111
UsernameToken ElementUsernameToken Element
<UsernameToken Id="..."> <UsernameToken Id="...">
<Username>...</Username> <Username>...</Username>
<Password Type="...">...</Password> <Password Type="...">...</Password>
</UsernameToken> </UsernameToken>
Types:Types:
wsse:PasswordText wsse:PasswordText
(default) (default)
The actual password for the username The actual password for the username
wsse:PasswordDigest wsse:PasswordDigest The digest of the password for the The digest of the password for the
username. The value is a base64-encoded username. The value is a base64-encoded
SHA1 hash value of the UTF8-encoded SHA1 hash value of the UTF8-encoded
password password
UsernameToken ElementUsernameToken Element
<UsernameToken Id="..."> <UsernameToken Id="...">
<Username>...</Username> <Username>...</Username>
<Password Type="...">...</Password> <Password Type="...">...</Password>
</UsernameToken> </UsernameToken>
Types:Types:
wsse:PasswordText wsse:PasswordText
(default) (default)
The actual password for the username The actual password for the username
wsse:PasswordDigest wsse:PasswordDigest The digest of the password for the The digest of the password for the
username. The value is a base64-encoded username. The value is a base64-encoded
SHA1 hash value of the UTF8-encoded SHA1 hash value of the UTF8-encoded
password password
1212
UsernameToken ExampleUsernameToken Example
<wsse:Security> <wsse:Security>
<wsse:UsernameToken> <wsse:UsernameToken>
<wsse:Username>Zoe<wsse:Username>Zoe
</wsse:Username> </wsse:Username>
<wsse:Password>ILoveDogs<wsse:Password>ILoveDogs
</wsse:Password> </wsse:Password>
</wsse:UsernameToken> </wsse:UsernameToken>
</wsse:Security> </wsse:Security>
UsernameToken ExampleUsernameToken Example
<wsse:Security> <wsse:Security>
<wsse:UsernameToken> <wsse:UsernameToken>
<wsse:Username>Zoe<wsse:Username>Zoe
</wsse:Username> </wsse:Username>
<wsse:Password>ILoveDogs<wsse:Password>ILoveDogs
</wsse:Password> </wsse:Password>
</wsse:UsernameToken> </wsse:UsernameToken>
</wsse:Security> </wsse:Security>
1313
Binary Security TokensBinary Security Tokens
<BinarySecurityToken Id=... EncodingType=... ValueType=.../><BinarySecurityToken Id=... EncodingType=... ValueType=.../>
wsse:Base64Binary wsse:Base64Binary base 64 encoding base 64 encoding
wsse:HexBinary wsse:HexBinary hex encoding hex encoding
EncodingType:
ValueType:
wsse:X509v3 wsse:X509v3 X.509 v3 certificate X.509 v3 certificate
wsse:Kerberosv5TGT wsse:Kerberosv5TGT Kerberos v5 ticket, ticket Kerberos v5 ticket, ticket
granting ticketgranting ticket
wsse:Kerberosv5ST wsse:Kerberosv5ST Kerberos v5 ticket, Kerberos v5 ticket,
service ticketservice ticket
Binary Security TokensBinary Security Tokens
<BinarySecurityToken Id=... EncodingType=... ValueType=.../><BinarySecurityToken Id=... EncodingType=... ValueType=.../>
wsse:Base64Binary wsse:Base64Binary base 64 encoding base 64 encoding
wsse:HexBinary wsse:HexBinary hex encoding hex encoding
EncodingType:
ValueType:
wsse:X509v3 wsse:X509v3 X.509 v3 certificate X.509 v3 certificate
wsse:Kerberosv5TGT wsse:Kerberosv5TGT Kerberos v5 ticket, ticket Kerberos v5 ticket, ticket
granting ticketgranting ticket
wsse:Kerberosv5ST wsse:Kerberosv5ST Kerberos v5 ticket, Kerberos v5 ticket,
service ticketservice ticket
1414
Binary Security Tokens ExampleBinary Security Tokens Example
<wsse:BinarySecurityToken <wsse:BinarySecurityToken
xmlns:wsse="http://schemas.xmlsoap.org/ws/20xmlns:wsse="http://schemas.xmlsoap.org/ws/20
02/04/secext" 02/04/secext"
Id="myToken" ValueType="wsse:X509v3" Id="myToken" ValueType="wsse:X509v3"
EncodingType="wsse:Base64Binary"> EncodingType="wsse:Base64Binary">
MIIEZzCCA9CgAwIBAgIQEmtJZc0...MIIEZzCCA9CgAwIBAgIQEmtJZc0...
</wsse:BinarySecurityToken> </wsse:BinarySecurityToken>
Binary Security Tokens ExampleBinary Security Tokens Example
<wsse:BinarySecurityToken <wsse:BinarySecurityToken
xmlns:wsse="http://schemas.xmlsoap.org/ws/20xmlns:wsse="http://schemas.xmlsoap.org/ws/20
02/04/secext" 02/04/secext"
Id="myToken" ValueType="wsse:X509v3" Id="myToken" ValueType="wsse:X509v3"
EncodingType="wsse:Base64Binary"> EncodingType="wsse:Base64Binary">
MIIEZzCCA9CgAwIBAgIQEmtJZc0...MIIEZzCCA9CgAwIBAgIQEmtJZc0...
</wsse:BinarySecurityToken> </wsse:BinarySecurityToken>
1515
SecurityTokenReferenceSecurityTokenReference
<SecurityTokenReference Id="..."> <Reference URI="..."/><SecurityTokenReference Id="..."> <Reference URI="..."/>
</SecurityTokenReference> </SecurityTokenReference>
Example: Example:
<wsse:SecurityTokenReference <wsse:SecurityTokenReference
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/sexmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/se
cext"> cext">
<wsse:Reference <wsse:Reference
URI="http://www.fabrikam123.com/tokens/Zoe#X509tokeURI="http://www.fabrikam123.com/tokens/Zoe#X509toke
n"/>n"/>
</wsse:SecurityTokenReference> </wsse:SecurityTokenReference>
SecurityTokenReferenceSecurityTokenReference
<SecurityTokenReference Id="..."> <Reference URI="..."/><SecurityTokenReference Id="..."> <Reference URI="..."/>
</SecurityTokenReference> </SecurityTokenReference>
Example: Example:
<wsse:SecurityTokenReference <wsse:SecurityTokenReference
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/sexmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/se
cext"> cext">
<wsse:Reference <wsse:Reference
URI="http://www.fabrikam123.com/tokens/Zoe#X509tokeURI="http://www.fabrikam123.com/tokens/Zoe#X509toke
n"/>n"/>
</wsse:SecurityTokenReference> </wsse:SecurityTokenReference>
1616
Username Token DemoUsername Token Demo
Username Token DemoUsername Token Demo
1717
Digital SigningDigital Signing
Digital SigningDigital Signing
1818
XML SignatureXML Signature
<Signature ID?> <Signature ID?>
<SignedInfo> <SignedInfo>
<CanonicalizationMethod/> <CanonicalizationMethod/>
<SignatureMethod/> <SignatureMethod/>
(<Reference URI? > (<Transforms>)? (<Reference URI? > (<Transforms>)?
<DigestMethod> <DigestValue> </Reference>)+ <DigestMethod> <DigestValue> </Reference>)+
</SignedInfo> </SignedInfo>
<SignatureValue> <SignatureValue>
(<KeyInfo>)? (<Object ID?>)* (<KeyInfo>)? (<Object ID?>)*
</Signature> </Signature>
XML SignatureXML Signature
<Signature ID?> <Signature ID?>
<SignedInfo> <SignedInfo>
<CanonicalizationMethod/> <CanonicalizationMethod/>
<SignatureMethod/> <SignatureMethod/>
(<Reference URI? > (<Transforms>)? (<Reference URI? > (<Transforms>)?
<DigestMethod> <DigestValue> </Reference>)+ <DigestMethod> <DigestValue> </Reference>)+
</SignedInfo> </SignedInfo>
<SignatureValue> <SignatureValue>
(<KeyInfo>)? (<Object ID?>)* (<KeyInfo>)? (<Object ID?>)*
</Signature> </Signature>
1919
XML Signature ExampleXML Signature Example
<Signature Id="MyFirstSignature" <Signature Id="MyFirstSignature"
xmlns="http://www.w3.org/2000/09/xmldsig#"> xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo> <CanonicalizationMethod <SignedInfo> <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod <SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
<Reference URI="http://www.w3.org/TR/2000/REC-xhtml1-<Reference URI="http://www.w3.org/TR/2000/REC-xhtml1-
20000126/"> 20000126/">
<Transforms> <Transform <Transforms> <Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms> </Transforms>
<DigestMethod <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue> <DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue>
</Reference> </Reference>
</SignedInfo></SignedInfo>
<SignatureValue>MC0CFFrVLtRlk=...</SignatureValue> <SignatureValue>MC0CFFrVLtRlk=...</SignatureValue>
<KeyInfo> <KeyValue> <DSAKeyValue> <KeyInfo> <KeyValue> <DSAKeyValue>
<P>...</P><Q>...</Q><G>...</G><Y>...</Y> </DSAKeyValue> <P>...</P><Q>...</Q><G>...</G><Y>...</Y> </DSAKeyValue>
</KeyValue> </KeyInfo> </Signature> </KeyValue> </KeyInfo> </Signature>
XML Signature ExampleXML Signature Example
<Signature Id="MyFirstSignature" <Signature Id="MyFirstSignature"
xmlns="http://www.w3.org/2000/09/xmldsig#"> xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo> <CanonicalizationMethod <SignedInfo> <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod <SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
<Reference URI="http://www.w3.org/TR/2000/REC-xhtml1-<Reference URI="http://www.w3.org/TR/2000/REC-xhtml1-
20000126/"> 20000126/">
<Transforms> <Transform <Transforms> <Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms> </Transforms>
<DigestMethod <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue> <DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue>
</Reference> </Reference>
</SignedInfo></SignedInfo>
<SignatureValue>MC0CFFrVLtRlk=...</SignatureValue> <SignatureValue>MC0CFFrVLtRlk=...</SignatureValue>
<KeyInfo> <KeyValue> <DSAKeyValue> <KeyInfo> <KeyValue> <DSAKeyValue>
<P>...</P><Q>...</Q><G>...</G><Y>...</Y> </DSAKeyValue> <P>...</P><Q>...</Q><G>...</G><Y>...</Y> </DSAKeyValue>
</KeyValue> </KeyInfo> </Signature> </KeyValue> </KeyInfo> </Signature>
2020
XML signature in WS-SecurityXML signature in WS-Security
<wsse:Security> <wsse:Security>
<wsse:BinarySecurityToken ValueType="wsse:X509v3" <wsse:BinarySecurityToken ValueType="wsse:X509v3"
EncodingType="wsse:Base64Binary" Id="X509Token"> EncodingType="wsse:Base64Binary" Id="X509Token">
MIIEZzCCA9CgAwIBAgIQEmtJZc0rqrKh5i... </wsse:BinarySecurityToken> MIIEZzCCA9CgAwIBAgIQEmtJZc0rqrKh5i... </wsse:BinarySecurityToken>
<ds:Signature> <ds:Signature>
<ds:SignedInfo> <ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm= "http://www.w3.org/2001/10/xml-exc-<ds:CanonicalizationMethod Algorithm= "http://www.w3.org/2001/10/xml-exc-
c14n#"/>c14n#"/>
<ds:SignatureMethod Algorithm= "http://www.w3.org/2000/09/xmldsig#rsa-<ds:SignatureMethod Algorithm= "http://www.w3.org/2000/09/xmldsig#rsa-
sha1"/> sha1"/>
<ds:Reference> <ds:Reference>
<ds:Transforms> <ds:Transform Algorithm= "http://...#RoutingTransform"/> <ds:Transforms> <ds:Transform Algorithm= "http://...#RoutingTransform"/>
<ds:Transform Algorithm= "http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:Transform Algorithm= "http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms> <ds:DigestMethod Algorithm= </ds:Transforms> <ds:DigestMethod Algorithm=
"http://www.w3.org/2000/09/xmldsig#sha1"/> "http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>EULddytSo1...</ds:DigestValue><ds:DigestValue>EULddytSo1...</ds:DigestValue>
</ds:Reference></ds:Reference>
</ds:SignedInfo> </ds:SignedInfo>
<ds:SignatureValue> BL8jdfToEb1l/vXcMZNNjPOV... </ds:SignatureValue> <ds:SignatureValue> BL8jdfToEb1l/vXcMZNNjPOV... </ds:SignatureValue>
<ds:KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference <ds:KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference
URI="#X509Token"/> </wsse:SecurityTokenReference> </ds:KeyInfo>URI="#X509Token"/> </wsse:SecurityTokenReference> </ds:KeyInfo>
</ds:Signature> </ds:Signature>
</wsse:Security> </wsse:Security>
XML signature in WS-SecurityXML signature in WS-Security
<wsse:Security> <wsse:Security>
<wsse:BinarySecurityToken ValueType="wsse:X509v3" <wsse:BinarySecurityToken ValueType="wsse:X509v3"
EncodingType="wsse:Base64Binary" Id="X509Token"> EncodingType="wsse:Base64Binary" Id="X509Token">
MIIEZzCCA9CgAwIBAgIQEmtJZc0rqrKh5i... </wsse:BinarySecurityToken> MIIEZzCCA9CgAwIBAgIQEmtJZc0rqrKh5i... </wsse:BinarySecurityToken>
<ds:Signature> <ds:Signature>
<ds:SignedInfo> <ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm= "http://www.w3.org/2001/10/xml-exc-<ds:CanonicalizationMethod Algorithm= "http://www.w3.org/2001/10/xml-exc-
c14n#"/>c14n#"/>
<ds:SignatureMethod Algorithm= "http://www.w3.org/2000/09/xmldsig#rsa-<ds:SignatureMethod Algorithm= "http://www.w3.org/2000/09/xmldsig#rsa-
sha1"/> sha1"/>
<ds:Reference> <ds:Reference>
<ds:Transforms> <ds:Transform Algorithm= "http://...#RoutingTransform"/> <ds:Transforms> <ds:Transform Algorithm= "http://...#RoutingTransform"/>
<ds:Transform Algorithm= "http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:Transform Algorithm= "http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms> <ds:DigestMethod Algorithm= </ds:Transforms> <ds:DigestMethod Algorithm=
"http://www.w3.org/2000/09/xmldsig#sha1"/> "http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>EULddytSo1...</ds:DigestValue><ds:DigestValue>EULddytSo1...</ds:DigestValue>
</ds:Reference></ds:Reference>
</ds:SignedInfo> </ds:SignedInfo>
<ds:SignatureValue> BL8jdfToEb1l/vXcMZNNjPOV... </ds:SignatureValue> <ds:SignatureValue> BL8jdfToEb1l/vXcMZNNjPOV... </ds:SignatureValue>
<ds:KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference <ds:KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference
URI="#X509Token"/> </wsse:SecurityTokenReference> </ds:KeyInfo>URI="#X509Token"/> </wsse:SecurityTokenReference> </ds:KeyInfo>
</ds:Signature> </ds:Signature>
</wsse:Security> </wsse:Security>
2121
Digital-Signing DemoDigital-Signing Demo
Digital-Signing DemoDigital-Signing Demo
2222
XML EncryptionXML Encryption
<EncryptedData Id? Type? MimeType? Encoding?> <EncryptedData Id? Type? MimeType? Encoding?>
<EncryptionMethod/>? <EncryptionMethod/>?
<ds:KeyInfo> <ds:KeyInfo>
<EncryptedKey>? <EncryptedKey>?
<AgreementMethod>? <AgreementMethod>?
<ds:KeyName>? <ds:KeyName>?
<ds:RetrievalMethod>? <ds:RetrievalMethod>?
<ds:*>? <ds:*>?
</ds:KeyInfo>? </ds:KeyInfo>?
<CipherData> <CipherData>
<CipherValue>? <CipherReference URI?>? <CipherValue>? <CipherReference URI?>?
</CipherData> </CipherData>
<EncryptionProperties>? <EncryptionProperties>?
</EncryptedData> </EncryptedData>
XML EncryptionXML Encryption
<EncryptedData Id? Type? MimeType? Encoding?> <EncryptedData Id? Type? MimeType? Encoding?>
<EncryptionMethod/>? <EncryptionMethod/>?
<ds:KeyInfo> <ds:KeyInfo>
<EncryptedKey>? <EncryptedKey>?
<AgreementMethod>? <AgreementMethod>?
<ds:KeyName>? <ds:KeyName>?
<ds:RetrievalMethod>? <ds:RetrievalMethod>?
<ds:*>? <ds:*>?
</ds:KeyInfo>? </ds:KeyInfo>?
<CipherData> <CipherData>
<CipherValue>? <CipherReference URI?>? <CipherValue>? <CipherReference URI?>?
</CipherData> </CipherData>
<EncryptionProperties>? <EncryptionProperties>?
</EncryptedData> </EncryptedData>
2323
ExampleExample
ExampleExample
2424
RSA Algorithm DemoRSA Algorithm Demo
(optional)(optional)
RSA Algorithm DemoRSA Algorithm Demo
(optional)(optional)
2525
Primary ReferencesPrimary References
1. WS-Security Specification 1. WS-Security Specification
http://msdn.microsoft.com/webservices/understhttp://msdn.microsoft.com/webservices/underst
anding/advancedwebservices/default.aspx?anding/advancedwebservices/default.aspx?
pull=/library/en-us/dnglobspec/html/ws-pull=/library/en-us/dnglobspec/html/ws-
security.aspsecurity.asp
2. WS-Security AppNotes (examples and guidance 2. WS-Security AppNotes (examples and guidance
to implementers) to implementers)
http://www-106.ibm.com/developerworks/http://www-106.ibm.com/developerworks/
library/ws-secapp/library/ws-secapp/
Primary ReferencesPrimary References
1. WS-Security Specification 1. WS-Security Specification
http://msdn.microsoft.com/webservices/understhttp://msdn.microsoft.com/webservices/underst
anding/advancedwebservices/default.aspx?anding/advancedwebservices/default.aspx?
pull=/library/en-us/dnglobspec/html/ws-pull=/library/en-us/dnglobspec/html/ws-
security.aspsecurity.asp
2. WS-Security AppNotes (examples and guidance 2. WS-Security AppNotes (examples and guidance
to implementers) to implementers)
http://www-106.ibm.com/developerworks/http://www-106.ibm.com/developerworks/
library/ws-secapp/library/ws-secapp/
2626
Secondary ReferencesSecondary References
1. 1. XML signature (Syntax and processing)XML signature (Syntax and processing)
http://www.w3.org/TR/2002/REC-xmldsig-core-http://www.w3.org/TR/2002/REC-xmldsig-core-
20020212/20020212/
2. XML encryption (Syntax and processing)2. XML encryption (Syntax and processing)
http://www.w3.org/TR/xmlenc-core/http://www.w3.org/TR/xmlenc-core/
2. RSA encryption Demo (Explain how RSA works)2. RSA encryption Demo (Explain how RSA works)
http://intercom.virginia.edu/crypto/crypto.html http://intercom.virginia.edu/crypto/crypto.html
Secondary ReferencesSecondary References
1. 1. XML signature (Syntax and processing)XML signature (Syntax and processing)
http://www.w3.org/TR/2002/REC-xmldsig-core-http://www.w3.org/TR/2002/REC-xmldsig-core-
20020212/20020212/
2. XML encryption (Syntax and processing)2. XML encryption (Syntax and processing)
http://www.w3.org/TR/xmlenc-core/http://www.w3.org/TR/xmlenc-core/
2. RSA encryption Demo (Explain how RSA works)2. RSA encryption Demo (Explain how RSA works)
http://intercom.virginia.edu/crypto/crypto.html http://intercom.virginia.edu/crypto/crypto.html
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 10
- Slides 26
- Age 416 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
33 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
36 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
33 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views