What is VLAB?
An interdisciplinary consortium dedicated to the development and promotion of the theory of planetary materials.
Interpreted seismic data in the context of likely geophysical processes.
Be used as input for more sophisticated and reliable modeling of planets.
The Three Main Goals In Security!
Authentication verifying the identity of a user
Confidentialityprotecting the privacy of the message contents
Integrityensures that a message has not been altered since its departure from the original sender
Common ways to Solve Web Services Security
Sent over HTTPS/SSL secure channel gives confidentiality during transport.
Doing your own signatures/encryption using XML signatures & encryption standards
Service ‘authentication’ using public key certificates Client ‘authentication’ using user/password sent over
secure channel SOAP formatted messages
Is HTTPS/SSL enough Security?
Transport Security a Point to Point Security Server authentication by client using public key certificate Encrypted whole messages to block eavesdroppers
Limitations that come from Transport Security Does not support intermediaries so router sees entire clear text
message
User > SSL > Router > SSL > Server Does not support signing a message to verified that the
message was not change on transit
OASIS Web Services Security
End to End SecurityData can be hidden from intermediaries
Transport Independent
Run over HTTP, TCP, UDP, email or whatever Framework for building security protocols
Integrity, Confidentiality and Authentication
Support for different types of Security algorithms
Encryption, Digest, Signature, Canonicalization, Transforms
How to achieve Authentication
Using UsernameToken with password Digest Digest = SHA1 ( nonce + created + password ) SHA1 is Secure hash algorithm Nonce is a unique sequence of random character
UsernameToken Digest
<S:Envelope xmlns:S="http://www.w3.org/2001/12/soap-envelope" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/xx/secext">
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"> <S:Header>
... <wsse:UsernameToken
<wsse:Username>Javier</wsse:Username> <wsse:Password Type="wsse:PasswordDigest>OEdR...</wsse:Password>
<wsse:Nonce>FKJh...</wsse:Nonce> <wsu:Created>2007-07-14T09:00:00Z </wsu:Created>
</wsse:UsernameToken> ... </S:Header>
...</S:Envelope>
Adding Encryption too
Setting the Encrypt parameterThe encryption algorithm select AES A Special-purpose quantum computer in the
year 2015 will take 108 million years to break a key of 128 bits
You can select the parts you want to encrypt
in the message
Encrypting Body and UsernameToken
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Adding Integrity
Using UsernameTokenSignature can determine whether a message was altered in transit
Verify that message was sent by possessor of particular security token
Generate a key using the username and password to Signature a element of a message or the Body