Web Services Based Authentication System for Intranets

1
Web Services Based Authentication System for
Intranets

• Supervisor Professor I-Chen Wu
• Speaker Akram Alkouz
• 2/6/2003
• Department of Computer Science and Information
  Engineering
• National Chiao Tung University

2
Agenda

• Intranet
• Authentication Systems and Intranet
• Research Problem and Goal
• Web Services
• Current Solutions
• Our Solution
• Advantages and Disadvantages
• Conclusion

3
Intranet

• A network within an organization
• Users use Internet technologies to accomplish
  their jobs.

ERP LAN
HR System
Internet
CRM LAN
SCM System
Firewall
SCM LAN
CRM System
ERP System
HR LAN
Intranet X
4
Features of Intranets

• Heterogeneous
• Different Web Applications
• Different Operating Systems
• Interoperability
• Different Authentication Systems.

5
Features of Intranets Different Web
applications
HR System
Human Resources
CRM System
Customer Relationship Management
SCM System
Supply Chain Management
ERP System
Enterprise Resource Planning
6
Features of Intranets Different operating
systems
HR System
Win 2K
CRM System
CRM System
Win NT
SCM System
AS/400
ERP System
Unix
7
Features of Intranets Interoperability
HR System
HR System
Win 2K
CRM System
CRM System
Win NT
SCM System
SCM System
AS/400
ERP System
ERP System
Unix
8
Features of Intranets Different authentication
systems
Microsoft SQL Server
HR System
HR System
Win Y2K
Netscape Directory Server
CRM System
CRM System
Win NT
Active Directory Server
SCM System
SCM System
AS/400
Lotus Directory Server
ERP System
ERP System
Unix
9
Authentication Systems

• Verify the identity of a user against directory
  stores.

Microsoft SQL Server
HR System
HR System
Netscape Directory Server
Netscape Directory Server
CRM System
CRM System
User
Active Directory Server
SCM System
SCM System
Lotus Directory Server
ERP System
ERP System
10
Authentication Systems

• Verify the identity of a client against directory
  stores.

• Directory Stores
• Are databases of usernames, passwords, and other
  profiles of users
• Can be relational databases, directory servers,
  or text files

HR System
HR System
Netscape Directory Server
Netscape Directory Server
CRM System
CRM System
User
Active Directory Server
SCM System
SCM System
Lotus Directory Server
ERP System
ERP System
11
Authentication Systems

• Verify the identity of a client against directory
  stores.

One application ? one or many directories One or
many applications ? one directory
Microsoft SQL Server
HR System
HR System
Netscape Directory Server
CRM System
CRM System
User
Active Directory Server
SCM System
SCM System
Lotus Directory Server
ERP System
ERP System
12
Challenges for Authentication Systems in Intranet

• 1. Since applications may use different
  authentication processes (like Java, C, Perl),
  this increases the cost of maintenances.
• Unified and centralized authentication process.

Microsoft SQL Server
// Java Code If(user.passwordTable(userName).pas
sword) // User is authenticated Else
// User not authenticated
HR System
HR System
// Java Code If(user.passwordTable(userName).pas
sword) // User is authenticated Else //
User not authenticated
CRM System
CRM System
// C Code If(user.passwordTable(userName).passw
ord) // User is authenticated Else
// User not authenticated
// C Code If(user.passwordTable(userName).passwo
rd) // User is authenticated Else //
User not authenticated
Active Directory Server
SCM System
SCM System
// Perl Code If(user_passworduserName_password)
User is authenticated Else User
not authenticated
// Perl Code If(user.passwordTable(userName).pas
sword) // User is authenticated Else //
User not authenticated
ERP System
ERP System
13
Challenges for Authentication Systems in Intranet

• 2. As the number of directory stores grows,
  the
• development overhead will increase.
• Support different directory stores.

Microsoft SQL Server
ODBC
HR System
HR System
ODBC
Netscape Directory Server
LDAP
CRM System
CRM System
ADSI
// C Code if (useODBC) // implement ODBC
Connection code else if (useLDAP) //
implement LDAP APIs else if (useADSI) //
implement ADSI code
// C Code If(user.passwordTable(userName).passwo
rd) // User is authenticated Else //
User not authenticated
Active Directory Server
ADSI
SCM System
SCM System
ADSI
Lotus Directory Server
ERP System
ERP System
Lotus APIs
14
Challenges for Authentication Systems in Intranet

• 3. As the number of Intranet applications
  grows, it is
• hard for users to remember IDs and
  passwords.
• Single Sign-On.

Microsoft SQL Server
(Akram, hrakram123)
HR System
HR System
Netscape Directory Server
(Akram1, CRM55641)
CRM System
CRM System
User
Active Directory Server
Active Directory Server
(Akram2, SCM5555)
SCM System
SCM System
Lotus Directory Server
ERP System
ERP System
(Akram3, ERP1211)
15
Current Authentication Solutions

• SSL/TLS
• Kerberos
• Microsoft Passport

16
SSL/TLS

• SSL provides confidentiality and integrity of
  exchanged data, and authentication of peers.
• Client authentication based on certificates (not
  Unified and centralized authentication process
  Challenge1).
• Certificates stored in servers certificates
  store ( do not support different directory stores
  Challenge2).
• Peer to peer authentication (no Single Sign-On,
  no transfer of session credentials from server
  to server Challenge3).

SCM System
HR System
Certificate(HR)
User
Certificate(ERP)
ERP System
ERP System
17
Kerberos

• Kerberos is a Trusted Third Party (TTP) protocol
  for authentication and key exchange.
• Client authentication based on authentication
  ticket (Unified and centralized authentication
  process Challenge1).
• Authentication tickets generated based on users
  profile stored in Kerberos server ( do not
  support different directory stores Challenge2).
• Secure transfer of session credentials over
  connections as (Auth. Ticket) (Single Sign-On
  Challenge3).
• Not supported in browsers (needs plug-ins)

Directory Store
Kerberos
Auth.Ticket
Auth.Ticket
User
SCM System
HR System
Auth.Ticket
ERP System
ERP System
18
Microsoft Passport

• Passport is a protocol that enables users to
  sign-on to many different merchant servers by
  authenticating themselves only once to a common
  server.
• Client authentication based on passport ticket
  (Unified and centralized authentication process
  Challenge1).
• Passport tickets generated based on users
  profile stored in Passport server ( do not
  support different directory stores Challenge2).
• Secure transfer of session credentials over
  connections as (PassportTicket) (Single Sign-On
  Challenge3).

Microsoft SQL
HR System
PassportTicket
PassportTicket
Passport Server
User
PassportTicket
ERP System
ERP System
19
Microsoft Passport (cont.)

• Other Problems for Passport
• Centralized directory stores
• Corporations dont like to centralized
• What if the centralized servers are down?
• Outsourcing of the corporations users profiles
• Corporations usually do not like to expose their
  privacy to other companies.

Microsoft SQL
HR System
PassportTicket
PassportTicket
Passport Server
User
PassportTicket
ERP System
ERP System
20
Microsoft Passport (cont.)

• Other Problems for Passport
• Centralized directory stores
• Corporations dont like to centralized
• What if the centralized servers are down?
• Outsourcing of the corporations users profiles
• Corporations usually do not like to expose their
  privacy to other companies.
• Key management problem
• Most importantly, keys cannot be changed
  frequently. (Note MS sends keys via email or
  phones.)

Microsoft SQL
HR System
Key
PassportTicket
PassportTicket
Passport Server
User
PassportTicket
ERP System
ERP System
21
Research Problem and Goal

• Web services can help
• Design and implement a unified and centralized
  authentication process in a web-service based
  system to solve the three challenges and other
  problems related to key management

22
Web Services

• Application logic accessible to programs via
  standard protocols in a platform-independent way.

Programs
Microsoft SQL Server
Standard Protocols
HR System
HR System
Win Y2K
SOAP
CRM System
CRM System
Application Logic
SOAP
Win NT
User
Web Services
SOAP
SCM System
SCM System
SOAP
AS/400
Lotus Directory Server
ERP System
ERP System
Unix
23
Why Web Services

• Unified and centralized process (challenge 1)
• Standard and secure method to access different
  directory stores (challenge 2)
• Accessible from different applications and
  platforms, single sign-on (SSO) solution
  (challenge 3)

Microsoft SQL Server
HR System
HR System
CRM System
CRM System
Web Services
User
SCM System
SCM System
Lotus Directory Server
ERP System
ERP System
24
How Web Services Works
Web Service Provider
Web Service Consumer
UDDI Registry
UDDI Registry
HR System
HR System
CRM System
CRM System
Web Services
SCM System
SCM System
ERP System
ERP System
25
How Web Services Works
Web Service Provider
Web Service Consumer
UDDI Registry
UDDI Registry
1. Build Web Service
HR System
HR System
CRM System
CRM System
Web Services
SCM System
SCM System
ERP System
ERP System
26
How Web Services Works
Web Service Provider
Web Service Consumer
UDDI Registry
UDDI Registry
1. Build Web Service
HR System
HR System
2. Advertise Web Service
CRM System
CRM System
Web Services
SCM System
SCM System
ERP System
ERP System
27
How Web Services Works
Web Service Provider
Web Service Consumer
UDDI Registry
UDDI Registry
1. Build Web Service
HR System
HR System
2. Advertise Web Service
3. Locate Web Service
CRM System
CRM System
Web Services
SCM System
SCM System
ERP System
ERP System
28
How Web Services Works
Web Service Provider
Web Service Consumer
UDDI Registry
UDDI Registry
1. Build Web Service
HR System
HR System
2. Advertise Web Service
3. Locate Web Service
CRM System
CRM System
Web Services
4. Get Web Service Description (WSDL)
SCM System
SCM System
ERP System
ERP System
29
How Web Services Works
Web Service Provider
Web Service Consumer
UDDI Registry
UDDI Registry
1. Build Web Service
HR System
HR System
2. Advertise Web Service
3. Locate Web Service
CRM System
CRM System
Web Services
4. Get Web Service Description (WSDL)
SCM System
SCM System
5. Build Proxy and Client
ERP System
ERP System
30
How Web Services Works
Web Service Provider
Web Service Consumer
UDDI Registry
1. Build Web Service
HR System
HR System
2. Advertise Web Service
3. Locate Web Service
CRM System
CRM System
Web Services
4. Get Web Service Description (WSDL)
SCM System
SCM System
5. Build Proxy and Client
ERP System
ERP System
6. Call Web Service (SOAP)
31
Our Solution (WSASI)

• Web Services Based Authentication System for
  Intranets (WSASI)
• Similar to Microsoft Passport in functionality
  (SSO)
• Overcome the problems of Microsoft Passport
• Can authenticate users against multiple directory
  stores
• Can unified the authentication process for
  different application servers
• Will be designed based on the standard existing
  technology (HTTP, XML, SOAP, LDAP, ODBC,..), so
  that clients and servers need not be modified

32
WSASI Architecture
Microsoft SQL Server
HR System
HR System
Win Y2K
SOAP
ODBC
RDBMS WS
CRM System
CRM System
SOAP
SOAP
Win NT
HTTP
User (Browser)
SOAP
SOAP
Master WS
SCM System
SCM System
LDAP WS
SOAP
AS/400
Master Server
LDAP
Lotus Directory Server
ERP System
ERP System
Intranet X
Unix
33
WSASI Architecture
CSIE System
SOAP
User (Browser)
Firewall
Intranet Y
Microsoft SQL Server
HR System
HR System
Win Y2K
SOAP
ODBC
RDBMS WS
CRM System
CRM System
SOAP
SOAP
Win NT
HTTP
User (Browser)
SOAP
SOAP
Master WS
SCM System
SCM System
SOAP
LDAP WS
SOAP
AS/400
Master Server
LDAP
Lotus Directory Server
ERP System
ERP System
Intranet X
Unix
34
How WSASI Works

• Deployment
• Development
• Users usage (Sign-On)
• Demo

35
Deployment
Microsoft SQL Server
ODBC
RDBMS WS
SOAP
Directory store configuration information (in
XML)
System Administrator
SOAP
Master WS
LDAP WS
Master Server
LDAP
Lotus Directory Server
http//fslab2.csie.nctu.edu.tw/LDAPAuthWebService1
/ManageLDAPDBServers.aspx
36
Development
1. Gets WSDL file from Master Server
Microsoft SQL Server
HR System
HR System
WSDL
ODBC
RDBMS WS
CRM System
CRM System
WSDL
SOAP
WSDL
SOAP
Master WS
SCM System
SCM System
LDAP WS
WSDL
Master Server
LDAP
Lotus Directory Server
ERP System
ERP System
37
Development
2. Implements web service proxy based on WSDL
file , and that is the only thing developer needs
to do
Microsoft SQL Server
HR System
HR System
Proxy
WSDL
ODBC
CRM System
CRM System
Proxy
WSDL
SOAP
WSDL
SOAP
SCM System
SCM System
Proxy
WSDL
Master Server
LDAP
Lotus Directory Server
ERP System
ERP System
Proxy
38
Development

• Implementing proxy in ASP.Net (can be generated
  using some tools)
• public class LDAPDBGenerateMasterAuthTicket
  System.Web.Services.Protocols.SoapHttpClientProto
  col
• public LDAPDBGenerateMasterAuthTicket()
• this.Url http//140.113.215.39/LDAP
  AuthWebService1/LDAPDBGenerateMasterAuthTicket.asm
  x"
• System.Web.Services.Protocols.SoapDocument
  MethodAttribute ( "http//tempuri.org/IsTicketGene
  rated", RequestNamespace "http//tempuri.org/",
  ResponseNamespace "http//tempuri.org/",Use
  System.Web.Services.Description.SoapBindingUse.Lit
  eral, ParameterStyle
• System.Web.Services.Protocols.SoapParamet
  erStyle.Wrapped)
• public bool IsTicketGenerated(string
  userName, string userPass)
• object results this.Invoke("IsTick
  etGenerated", new object userName, userPass
  )
• return ((bool)(results0))

39
Users Usage (Sign-On)

• User Sign-On to CRM Server
• User Sign-On to ERP Server

Microsoft SQL Server
ODBC
RDBMS WS
CRM System
CRM System
Proxy
User
Master WS
LDAP WS
Master Server
LDAP
Lotus Directory Server
ERP System
ERP System
Proxy
40
User Sign-On to CRM Server

• 1. User try to access CRM application server, If
  user does not has a valid (AuthTicket) cookie,
  CRM server will detect that the user is not
  authenticated and will redirect the user to the
  Master Server

Microsoft SQL Server
ODBC
RDBMS WS
CRM System
CRM System
Proxy
1.
Proxy
User
Master WS
LDAP WS
Master Server
LDAP
Lotus Directory Server
ERP System
ERP System
Proxy
Proxy
41
User Sign-On to CRM Server

• 2. Master Server asks the user for his
  credentials, User will submit his credentials to
  the Master Web Services on the Master Server

Microsoft SQL Server
ODBC
RDBMS WS
CRM System
CRM System
Proxy
Proxy
1.
User
User ID (ID), User Password (PW)
Master WS
2.
LDAP WS
Master Server
LDAP
Lotus Directory Server
ERP System
ERP System
Proxy
Proxy
42
User Sign-On to CRM Server

• 3. Master Web Service will read the XML file that
  contains the directory stores information, For
  each directory store, if it is RDBMS Master
  Service will invoke an asynchronous web method
  on the RDBMS Web Service, and if it is LDAP
  store, Master Service will invoke an asynchronous
  web method on the LDAP Web Service, Master
  Service will wait for any of the services to
  return a result

Microsoft SQL Server
ODBC
RDBMS WS
CRM System
CRM System
Proxy
Proxy
1.
SOAP
5.
3.
User
SOAP
User ID (ID), User Password (PW)
Master WS
2.
LDAP WS
Master Server
LDAP
Lotus Directory Server
ERP System
ERP System
Proxy
Proxy
43
User Sign-On to CRM Server
4. RDBMS and LDAP web Service will generate an
asynchronous search request over all the
available LDAP and RDBMS stores, if any of the
requests for the stores returns with a positive
result, result will return to the Master Web
Service
Microsoft SQL Server
ID,PW
ODBC
RDBMS WS
CRM System
CRM System
Proxy
Proxy
7.
4.
1.
SOAP
5.
3.
User
SOAP
User ID (ID), User Password (PW)
Master WS
2.
7.
4.
LDAP WS
Master Server
ID,PW
LDAP
Lotus Directory Server
ERP System
ERP System
Proxy
Proxy
44
User Sign-On to CRM Server

• 5. Master Server will create encrypted master
  cookie (EMC) in users browser, and redirect the
  user back to CRM server with Authentication Token
  (EAT) included in the redirected message
• Master Key (CMK) used to generate a user specific
  key to encrypt the master cookie (EMC)
• Authentication Token (EAT) encrypted using a
  symmetric key
• (MSK) stored in the Master Server

Microsoft SQL Server
ID,PW
ODBC
RDBMS WS
CRM System
CRM System
Proxy
Proxy
4.
1.
SOAP
3.
User
SOAP
User ID (ID), User Password (PW)
Master WS
2.
4.
EMC, EAT SessionID, EncryptedSessionID
LDAP WS
5.
Master Server
ID,PW
LDAP
Lotus Directory Server
ERP System
ERP System
Proxy
Proxy
45
User Sign-On to CRM Server

• 6. CRM Server will get the Authentication Token
  (EAT) from the query string, and check the
  authenticity of EAT by invoking
  IsAuthTokenValid() web method in the Master Web
  Services
• Master Web Services has access to the encryption
  key
• (MSK) stored in the Master Server
• SOAP message between CRM Server and the Master
  Server
• will be encrypted using WS Security

Microsoft SQL Server
ID,PW
ODBC
6. IsAuthTokenValid(EAT)
RDBMS WS
CRM System
CRM System
Proxy
Proxy
4.
1.
SOAP
3.
User
SOAP
User ID (ID), User Password (PW)
Master WS
2.
4.
EMC, EATSessionID, EncryptedSessionID
LDAP WS
5.
Master Server
ID,PW
LDAP
Lotus Directory Server
ERP System
ERP System
Proxy
Proxy
46
SOAP WS Security

• Proposed by IBM, Microsoft and VeriSign
• WS-Security describes enhancements to SOAP
  messaging to support security models and
  encryption technologies
• By associating security tokens with messages

Microsoft SQL Server
ODBC
RDBMS WS
CRM System
SOAP WS Security
CRM System
Proxy
Proxy
Master WS
LDAP WS
Master Server
SOAP WS Security
LDAP
Lotus Directory Server
ERP System
ERP System
Proxy
Proxy
47
SOAP WS Security
Microsoft SQL Server
ODBC
6.1 IsAuthTokenValid(EAT)
RDBMS WS
CRM System
CRM System
Proxy
Proxy
6.2 SHA1 Hashed hH( SessionID,
EncryptedSessionID, CRM Encryption Key
(CRMPK))
User
Master WS
LDAP WS
Master Server
LDAP
Lotus Directory Server
ERP System
ERP System
Proxy
Proxy
48
SOAP WS Security
Microsoft SQL Server
Password Provider( sessionID, encryptedSessionID
) encryptionResult Encrypt( SessionID,
MSK) if( encryptionResult encryptedSessionID)
return (Encrypt (ValidAuthTicket, CRMPK)

ODBC
6.1 IsAuthTokenValid(EAT)
RDBMS WS
CRM System
Proxy
6.2 SHA1 Hashed hH( SessionID,
EncryptedSessionID, CRM Encryption Key
(CRMPK))
User
Master WS
5. EAT SessionID, EncryptedSessionID
LDAP WS
Master Server
LDAP
Lotus Directory Server
ERP System
ERP System
Proxy
Proxy
49
User Sign-On to CRM Server

• 7. If the authenticity check result is OK, CRM
  Server will create encrypted cookie (CRMC) in the
  users browser
• CRMC contains Authentication Ticket (AuthTicket)

Microsoft SQL Server
ID,PW
ODBC
7. CRMC AuthTicket
6. IsAuthTokenValid(EAT)
RDBMS WS
CRM System
CRM System
Proxy
Proxy
4.
1.
SOAP
3.
User
SOAP
User ID (ID), User Password (PW)
Master WS
2.
4.
EMC, EATSessionID, EncryptedSessionID
LDAP WS
5.
Master Server
ID,PW
LDAP
Lotus Directory Server
ERP System
ERP System
Proxy
Proxy
50
User Sign-On to CRM Server
8. When the user returns back to CRM Server, the
Authentication Ticket will returns as well, so
CRM Server can detect that the user is already
authenticated
Microsoft SQL Server
8. CRMC AuthTicket
ID,PW
ODBC
7. CRMC AuthTicket
6. IsAuthTokenValid(EAT)
RDBMS WS
CRM System
CRM System
4.
Proxy
Proxy
1.
SOAP
3.
User
SOAP
User ID (ID), User Password (PW)
2.
Master WS
4.
EMC, EATSessionID, EncryptedSessionID
5.
LDAP WS
Master Server
ID,PW
LDAP
Lotus Directory Server
ERP System
ERP System
Proxy
Proxy
51
User Sign-On to ERP Server

• 1. User try to access ERP application server, If
  user does not has a valid AuthTicket cookie, ERP
  server will redirect the user to the Master
  Server, (EMC) is sent to Master Server, so Master
  server can detect this user is already
  authenticated

Microsoft SQL Server
ODBC
RDBMS WS
CRM System
CRM System
Proxy
Proxy
User
Master WS
EMC (Cookie)
1.
LDAP WS
Master Server
LDAP
Lotus Directory Server
ERP System
ERP System
Proxy
Proxy
52
User Sign-On to ERP Server

• 2. Master Server will redirect the user back to
  ERP server with Authentication Token (EAT)
  included in the redirected message
• Authentication Token (EAT) encrypted using a
  symmetric key
• (MSK) stored in the Master Server

Microsoft SQL Server
ODBC
RDBMS WS
CRM System
CRM System
Proxy
Proxy
2.
EAT SessionID, EncryptedSessionID
User
Master WS
EMC
1.
LDAP WS
Master Server
LDAP
Lotus Directory Server
ERP System
ERP System
Proxy
Proxy
53
User Sign-On to ERP Server

• 3. ERP Server will get the Authentication Token
  (EAT) from the query string, and check the
  authenticity of EAT by invoking
  IsAuthTokenValid() web method in the Master Web
  Services
• Master Web Services has access to the encryption
  key
• (MSK) stored in the Master Server
• SOAP message between ERP Server and the Master
  Server
• will be encrypted using WS Security

Microsoft SQL Server
ODBC
RDBMS WS
CRM System
CRM System
Proxy
Proxy
2.
EATSessionID, EncryptedSessionID
User
Master WS
EMC
1.
LDAP WS
Master Server
3. IsAuthTokenValid(EAT)
LDAP
Lotus Directory Server
ERP System
ERP System
Proxy
Proxy
54
User Sign-On to ERP Server

• 4. If the authenticity check result is OK, ERP
  Server will create encrypted cookie (ERPC) in the
  users browser
• ERPC contains Authentication Ticket (AuthTicket)

Microsoft SQL Server
ODBC
RDBMS WS
CRM System
CRM System
Proxy
Proxy
2.
EATSessionID, EncryptedSessionID
User
Master WS
EMC
1.
LDAP WS
Master Server
3. IsAuthTokenValid(EAT)
LDAP
Lotus Directory Server
ERP System
ERP System
Proxy
Proxy
4. ERPC AuthTicket
55
User Sign-On to ERP Server
5. When the user returns back to ERP Server, the
Authentication Ticket will returns as well, so
ERP Server can detect that the user is already
authenticated
Microsoft SQL Server
ODBC
RDBMS WS
CRM System
CRM System
Proxy
Proxy
2.
EATSessionID, EncryptedSessionID
User
Master WS
EMC
1.
LDAP WS
Master Server
3. IsAuthTokenValid(EAT)
LDAP
Lotus Directory Server
ERP System
ERP System
Proxy
Proxy
4. ERPC AuthTicket
5. ERPC AuthTicket
56
Demo

• http//fslab2.csie.nctu.edu.tw/EPortal

57
Master Server Architecture
Microsoft SQL Server
Master Server
WSASI
WSE
ODBC
Web Service
WS
WS
IIS
ODBC
RDBMS Web Service
10.2
.Net Framework
Master Web Service
LDAP APIs
LDAP Web Service
Master Server
LDAP
Windows 2000
Lotus Directory Server
58
Application Servers Architecture
Microsoft SQL Server
HR System
ODBC
Application Server
CRM System

Web Application
Proxy
RDBMS Web Service
Web Server
Application Server
Master Web Service
SCM System
OS
LDAP Web Service
Master Server
LDAP
Lotus Directory Server
ERP System
59
Advantages

• Integrate new application servers to the WSASI in
  easy way.
• Integrate multiple directory stores to WSASI.
• Secure transfer of authentication XML and HTTP
  messages between User, Application Servers, and
  Master Server.
• Integrate many Intranets to the system.
• No plug-ins.

60
Disadvantages

• Current version of WSE 1.0 is Microsoft.Net
  dependent
• Other platforms will not take benefit from the
  WS-Security feature of WSASI
• But still can use WSASI ? XML messages between
  application server and Master Server encrypted
  using SSL
• Microsoft working on a version of WSE to be
  compatible with WSDL, so it can be used with any
  platform

61
Conclusion

• WSASI provides developers with a unified and
  centralized authentication process that can be
  accessed from different platforms
• WSASI provides organizations with a standard
  centralized way of accessing and adding multiple
  distributed directory stores
• WSASI provides users with a cross platform
  Single-Sign-On authentication system
• Key Management
• Using master key to generate specific key for
  each user to encrypt his cookies
• Exchange PK by means of WS-Security
• WSASI provide easy and standard way of adding new
  application servers to the system
• WSASI can Integrate many Intranets to the system