Index_X

Previous page
Table of content
Next page


X

X.509 certificates, 138. See also PKI (Public Key Infrastructure)

and LDAP (Lightweight Data Access Protocol), 30

and Microsoft WSDK (in WS-Security), 180

and WS-Security BinarySecurityToken, 172, 174

X.500 directories

and LDAP (Lightweight Data Access Protocol), 30

XACML (eXtensible Access Control Markup Language), 120–121

access control lists (ACLs) in, 121

architecture of, 128–131

authentication of PDP in, 135

checklist for, 136

confidentiality in, 135

and “deny” rule, 124–125

and metapolicy, 128

policy statement documents, integrity of, 135

policyStatement in, 125–128

privacy in, 136

processing SOAP requests in, 131–133

role-based access control in, 121

rule conditions, use of functions in, 123–124

rule definition in (target, effect, conditions), 122

rule obligations in, 124

rule typical code for, 122–123

and SAML, 54

security considerations in, 134–137

SOAP requests, order of execution of, 128–130

trust model in, 135

X-KISS protocol, 147. See also XKMS (XML Key Management Specification)

example: building trust paths in complex PKI, 148–149

example: sending an encrypted e-mail, 148

locate and validate, using VeriSign TSIK for, 151

locate information, verifying, 148

locate request, QueryKeyBinding in, 147

locate service, Request and Response Elements of, 147

trusted vs. trustworthy system, 150–151

validate service, introduction and discussion, 149–150

validate service, Request and Response Elements of, 149

X-KISS validation services, trusting, 153

XKMS (XML Key Management Specification). See also keys; PKI (Public Key Infrastructure); X-KISS protocol; XML Signature

asynchronous processing (in XKMS 2.0), 160–161

and centralized trust management, 142

checklist for, 162

client complexity, reducing, 141

client key generation in, 155

coding PKIs, ease of, 141

compound requests (in XKMS 2.0), 160

configuration options in: referral vs. chained, 151–152

and digital certificate verification, 76

DNS system, (in)security of, 152

and key binding, 143–145

Keybinding Element, members of, 145

locate and validate: implementing the X-KISS protocol, 147–153

locate and validate, using VeriSign TSIK for, 151

PKI, difficulties/advantages in implementing, 140

and PKI client deployment, 141–142

and PKI implementation, 55

private key recovery in, 157–158

private key revocation in, 158–159

register service in, 154–156

Request Elements, members of, 146

Request/Result Elements, common members of, 146

Response Element, members of, 146, 147

service key generation in, 155

two-phase request protocol (in XKMS 2.0), 161–162

X-KISS locate services, locating, 152–153

X-KISS validation services, trusting, 153

XKMS 2.0 (specification), 138

XKMS protocol, introduction to, 143, 145–147

X-KRSS (XML Key Registration Service Specification). See also PKI (Public Key Infrastructure); XKMS (XML Key Management Specification)

authenticating public keys with, 153–154

recovering public keys with (recover service), 157–158

reissuing public keys with (reissue service), 158–159

revoking public keys with (revoke service), 158–159

XML (eXtensible Markup Language), 6. See also ebXML (electronic business XML); XML gateway rollout (case study); XML Encryption; XML Signature

canonicalization of, 69–70

data transformation in, 69

DTD, structured documents using, 8–9

EDI implementation of, 12

restructuring of EDI fragment in, 7

SOAP implementation in, 11–12

using XPath in, 10

verbosity in, 7–8

as Web Services message layer, 4

well-formed, syntax rules for, 8

XML elements, abbreviation of, 7

XML firewalls, 57

XML Encryption, 52–53, 85. See also XML (eXtensible Markup Language); XML Signature

CBC (Cipher Block Chaining), 90

checklist for, 99

child nodes, including, 88

choosing an encryption algorithm, 90

creating/populating EncryptionContext Object, 97

data type information (for arbitrary data), 89

decryption, steps in, 95–96

decryption process: code examples, 98

DES/Triple DES (Data Encryption Standard), 25, 90–91, 96–97

Diffie-Hellman Key Agreement, using, 94

EncryptedData structure, processing, 95

encryption, steps in, 90–95

encryption process: code examples, 96–97

example: encrypting an XML element and its content, 87–88

example: encrypting arbitrary data (including XML), 88–89

example: encrypting XML content only, 88

example: using KeyName, 92

IANA (Internet Assigned Numbers Authority), 89

and IBM XML Security Suite, 96, 97

(IV) Initialization Vector, 24, 91–92

key transport example: sending a symmetric encrypted key, 92–94

large files, encrypting (using CipherReference), 89

overlap with XML Signature, 98

performing encryption; specifying data type, 94

and persistent encryption, 84–85

plaintext UTF-8 conversion, 94

sign-encrypt-sign, 99

types of information expressed in, 86

using transforms: XML Encryption vs. XML Signature, 90

using XML Encryption on a signed document, 98

using XML Signature on an encrypted document, 99

and WS-Security BinarySecurityToken, 175–177

XML gateway rollout (case study)

alert conditions, configuring via VordelSecure, 300

DoS/buffer overflow vulnerability, 290–291

loading Web Service description, 293–294

message-based authentication, configuring (X.509), 297–298

preexisting security policy, using, 294–295

project overview, 290

routing configuration, internal Web Service, 299

security management wizard (VordelSecure), 292–294

XML firewall, 291–292

XML Schema enforcement, configuring, 295–297

XML security, configurability of, 291

XML Signature filter, configuring, 295–296

XML Schema

document structure using, 9–10

security advantages of, 10

XML Signature, 28, 53, 64–65. See also contracts/contract law; keys; PKI (Public Key Infrastructure); XML (eXtensible Markup Language); XKMS (XML Key Management Specification); XML Encryption

and ASN.1, 68–69

authentication via KeyInfo, 76–77

checklist for, 81

creating, step-by-step procedure for, 77–78

detached signature (sample code for), 73–74

digital signatures, hierarchy of, 273–274

and enveloped XML Signature, 71–73

intelligibility of (vs. PKCS#7), 68

JAVA code example for, 78–79

and multiple signed documents, 74–75

and persistent integrity, 75–76

and replay attacks, 77

signature in XML Signature, sample code for, 66–67

SignedInfo element, 74–75

syntactical structure of, 65

validating (C+ code example), 80–81

validating (step-by-step example), 79–80

verification via KeyInfo, 76

and WS-Security BinarySecurityToken (sample code for), 173–174

as “XML aware Signature,” 75

XMLAssertionGeneratorFactory, 114

XMLRequestGeneratorFactory, 114

XMLResponseGeneratorFactory, 114

XMLSecurityParameters, 114

XMLSpy, 20

XPath

and SOAP message data validation, 59

in XML, 10–11



Previous page
Table of content
Next page
Web Services Security
Web Services Security
ISBN: 0072224711
EAN: 2147483647
Year: 2003
Pages: 105
Authors: Mark ONeill
BUY ON AMAZON
SQL Tips & Techniques (Miscellaneous)
Systematic Software Testing (Artech House Computer Library)
C & Data Structures (Charles River Media Computer Engineering)
Introduction to 80x86 Assembly Language and Computer Architecture
Special Edition Using Crystal Reports 10
Special Edition Using FileMaker 8
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy