Collection of general data mining briefings

1
Trustworthy Semantic Webs Lecture 16 Web
Services and Security
Dr. Bhavani Thuraisingham
October 2006

2
Outline

• Web Services
• Service Oriented Architectures
• Web Services Description Language
• UDDI
• SOAP
• WSDL with XML
• Security
• OASIS
• Federated identity
• Directions
• http//www.service-architecture.com/articles/index
  .html

3
Web Services Definition

• Web Services refers to the technologies that
  allow for making connections.
• Services are what you connect together using Web
  Services.
• A service is the endpoint of a connection.
• Also, a service has some type of underlying
  computer system that supports the connection
  offered.
• The combination of services - internal and
  external to an organization - make up a
  service-oriented architecture. 

4
Service Oriented Architectures (SOA)

• A service-oriented architecture is essentially a
  collection of services.
• These services communicate with each other.
• The communication can involve either simple data
  passing or it could involve two or more services
  coordinating some activity. Some means of
  connecting services to each other is needed.
• Service-oriented architectures are not a new
  thing. The first service-oriented architecture
  for many people in the past was with the use DCOM
  or Object Request Brokers (ORBs) based on the
  CORBA specification.
• If a service-oriented architecture is to be
  effective, we need a clear understanding of the
  term service.
• A service is a function that is well-defined,
  self-contained, and does not depend on the
  context or state of other services

5
Service Oriented Architectures

• The technology of web services is the most likely
  connection technology of service-oriented
  architectures.
• Web services essentially use XML Technology
  create a robust connection.
• A service consumer sends a service request
  message to a service provider
• The service provider returns a response message
  to the service consumer.
• The request and subsequent response connections
  are defined in some way that is understandable to
  both the service consumer and service provider.
• A service provider can also be a service
  consumer. 

6
Web Services Description Language

• The Web Services Description Language (WSDL)
  forms the basis for Web Services. The steps
  involved in providing and consuming a service
  are
• A service provider describes its service using
  WSDL. This definition is published to a directory
  of services. The directory could use Universal
  Description, Discovery, and Integration (UDDI).
  Other forms of directories can also be used.
• A service consumer issues one or more queries to
  the directory to locate a service and determine
  how to communicate with that service. 
• Part of the WSDL provided by the service provider
  is passed to the service consumer. This tells the
  service consumer what the requests and responses
  are for the service provider.
• The service consumer uses the WSDL to send a
  request to the service provider.
• The service provider provides the expected
  response to the service consumer.

7
UDDI

• The UDDI registry is intended to eventually serve
  as a means of "discovering" Web Services
  described using WSDL .
• The idea is that the UDDI registry can be
  searched in various ways to obtain contact
  information and the Web Services available for
  various organizations.
• UDDI registry is a way to keep up-to-date on the
  Web Services your organization currently uses
• Alternative to UDDI is ebXML Directory

8
SOAP

• All the messages are sent using SOAP. (SOAP at
  one time stood for Simple Object Access Protocol
  Now, the letters in the acronym have no
  particular meaning .)
• SOAP essentially provides the envelope for
  sending the Web Services messages.
• SOAP generally uses HTTP , but other means of
  connection may be used.
• HTTP is the familiar connection we all use for
  the Internet.
• It is the pervasiveness of HTTP connections that
  will help drive the adoption of Web Services.

9
WDSL with XML

• WSDL uses XML to define messages.
• XML has a tagged message format.
• Both the service provider and service consumer
  use these tags.
• In fact, the service provider could send the data
  in any order.
• The service consumer uses the tags and not the
  order of the data to get the data values.

10
Security

• Security and authorization is a important topic
  with Web Services.
• In fact, security and authorization
  specifications are currently in flux. This is
  often the reason cited for not proceeding with
  any work related to Web Services. Therefore, we
  need experimentation.
• Much can be done without having the
  specifications complete. Nearly all organizations
  should be able to find some areas to experiment
  with Web Services that have low requirements for
  security and authorization.

11
Security

• Security and authorization specifications
  include
• eXtensible Access Control Markup Language (XACML)
• eXtensible Rights Markup Language (XrML)
• Security Assertion Markup Language (SAML)
• Service Protection Markup Language (SPML)
• Web Services Security (WSS)
• XML Common Biometric Format (XCBF)
• XML Key Management Specification (XKMS)

12
Security

• Firewalls
• Specialized XML firewalls offer the promise of
  protecting internal systems when using Web
  Services.
• Traditional firewalls offer protection at the
  packet level and do not examine the contents of
  messages.
• XML firewalls, on the other hand, examine the
  contents of messages. This includes the SOAP
  headers and the XML content.
• They are designed to permit authorized content to
  pass through the firewall.

13
Security Examples XACML, SAML, WSS

• XACML (OASIS Spec)
• eXtensible Access Control Markup Language (XACML)
  provides fine grained control of authorized
  activities, the effect of characteristics of the
  access requestor, the protocol over which the
  request is made, authorization based on classes
  of activities, and content introspection.
• SAML (OASIS Spec)
• It is an XML framework for exchanging
  authentication and authorization information. It
  is used with WSS
• WSS (OASIS Spec)
• It describes enhancements to SOAP messaging in
  order to provide quality of protection through
  message integrity, and single message
  authentication. These mechanisms can be used to
  accommodate a wide variety of security models and
  encryption technologies.

14
OASIS

• Organization for the Advancement of Structured
  Information Standards (OASIS)
• OASIS is a not-for-profit, global consortium that
  drives the development, convergence, and adoption
  of e-business standards.
• Members themselves set the OASIS technical
  agenda, using a lightweight, open process
  expressly designed to promote industry consensus
  and unite disparate efforts.
• OASIS produces worldwide standards for security,
  Web Services, XML conformance, business
  transactions, electronic publishing, topic maps,
  and interoperability within and between
  marketplaces. OASIS also hosts XML.org, which
  provides information about the application of
  XML, and The Cover Pages which is a reference
  collection supporting the SGML/XML family of
  markup language standards and their application.

15
Federated Identity

• Federated identity allows users to link identity
  information between accounts without centrally
  storing personal information.
• Also, users can control when and how their
  accounts and attributes are linked and shared
  between domains and Service Providers, allowing
  for greater control over their personal data.
• In practice, this means that users can be
  authenticated by one company or Web site and be
  recognized and delivered personalized content and
  services in other locations without having to
  re-authenticate or sign on with a separate
  username and password. 
• Standards include Identity Web Services Framework
  (I-WSF)

16
Directions

• Security for Web Services and Service Oriented
  Architectures
• Confidentiality, Privacy and Trust Management for
  SOA
• Model, Policy Language, Risk Analysis and
  Economics