Web Services Security: An Enabler of Semantic Web Services - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Web Services Security: An Enabler of Semantic Web Services

Description:

Authorization to access resources. Data integrity and confidentiality ... Uniform access management. Secure network operations. Secure multimedia communications ... – PowerPoint PPT presentation

Number of Views:118
Avg rating:3.0/5.0
Slides: 19
Provided by: defu82
Category:

less

Transcript and Presenter's Notes

Title: Web Services Security: An Enabler of Semantic Web Services


1
Web Services Security An Enabler of Semantic Web
Services
  • Presented by
  • Sonali Pagade
  • Nibha Dhagat
  • http//www.cs.unb.ca/baseweb/baseweb03/papers/abbi
    e-barbir-BaseWeb2003-paper1.pdf

2
Introduction
  • Web Services are emerging as an important
    technology for various forms of Information
    Services.
  • A key Enabler is to develop an effective security
    model for Web Services.
  • No broadly-adopted specifications yet.
  • This paper describes a multi-layered security
    architecture to be used by Enterprise for
    securing Web Services.

3
Introduction
  • Some aspects of Web Services are standardized in
    OASIS.
  • Our goal is to develop Semantic Web Enabled Web
    Services.
  • The use of semantic web technologies such as
    ontologies will help in transforming the web into
    a distributed device that can handle machine
    processable and machine interpretable content.

4
Introduction
  • This paper talks about an integrated security
    architecture that can be used at multiple layers
    in a network to ensure network and web service
    security.

5
Web Services Security Challenges and Requirements
6
Challenges and Requirements
  • Requirements for providing end-to-end WS-security
    are
  • Authentication Mechanism
  • Authorization to access resources
  • Data integrity and confidentiality
  • Integrity of transactions and communications
  • Non-repudiation
  • End-to-end integrity and confidentiality of
    messages
  • Security and Audit trials
  • Distributed security policy enforcement

7
(No Transcript)
8
Current Mechanisms
  • Some of the important existing security standards
    are
  • XKMS
  • SAML
  • XACML
  • XML Signature and XML Encryption
  • WS-Security

9
Integrated Security Architecture
10
  • Organizations that are considering implementing
    Web Services need to make security an integral
    part of their efforts.
  • The Integrated Security Architecture promotes a
    process, rather than an endpoint. Effective
    security is not achieved through a one-time
    initiative.

11
The integrated security architecture is based on
the following key elements
  • Multi-layer security that defines security
    protection functions at application, network
    assisted, and network security levels.
  • Variable-depth security across the enterprise and
    not just at the edge of the Internet.
  • Closed-loop policy management

12
  • Uniform access management
  • Secure network operations
  • Secure multimedia communications

13
Integrated Security Architecture
14
Basic Security Stages
15
Integrated Security Architecture and Web Services
Security
  • Distributed Identities
  • The users of Web Services may belong to various
    security domains and may need to communicate with
    each other using different identity verification
    schemes.
  • Distributed Policies
  • Policy principles behind the Integrated Security
    Architecture enable organizations to support
    distributed policies as they relate to Web
    Services.

16
  • Secure Discovery
  • The principles in the Integrated Security
    Architecture enable the development of secure
    discovery mechanisms, whereby, the policies that
    specify who can discover a service can be
    enforced.
  • Message Security
  • Message security can ensure privacy,
    confidentiality and interaction integrity.

17
Conclusion
18
  • A key enabler of the development and future
    deployment of Semantic Web Services is the
    creation and adoption of an effective security
    model for the
  • current generation of Web Services.
Write a Comment
User Comments (0)
About PowerShow.com