Upload
wesley-lambert
View
217
Download
2
Tags:
Embed Size (px)
Citation preview
Basic Authentication
Mutual Authentication
2-legged OAuth
Direct Authentication for Web Services
Transp
ort
Level
UsernameToken Profile with WS-Security
Signing – X.509 Token Profile with WS-Security
Direct Authentication for Web Services
Mess
age L
evel
WS-Trust / STS
WS-Federation
Brokered Authentication for Web Services
Mess
age L
evel
Signing – X.509 Token Profile with WS-Security
Kerberos Token Profile for WS-Security
Resource STS
Message Interceptor Gateway Pattern
Trusted Sub System Pattern
Security Solution PatternsM
ess
age L
evel
X.509 Token Profile & Key Referencing
Mess
age L
evel
SOAP Security
Key Identifiers
Direct References
Mess
age L
evel
SOAP Security
• WS-Security secures SOAP – focuses on message level security
• Focuses on a single message authentication model
• Each message contains everything necessary to authenticate it self
• Suitable for a coarse grained messaging in which a single message at a time from the same requestor is receivedW
S –
Secu
re C
onvers
ati
on
Mess
age L
evel
SOAP SecurityW
S –
Secu
re C
onvers
ati
on
• What SSL does at the transport level in point-to-point communication, WS-SecureConversation does at the SOAP layer
• Removes the need of individual SOAP message carrying authentication information.
• Establishes a mutually authenticated security context in which a series of messages are exchanged.
• Uses public key encryption to exchange a shared secret and then onwards uses the shared key