|
WS-Security
Web Services Security (WS-Security, WSS) is an extension to SOAP to apply security to Web services. It is a member of the Web service specifications and was published by OASIS. The protocol specifies how integrity and confidentiality can be enforced on messages and allows the communication of various security token formats, such as Security Assertion Markup Language (SAML), Kerberos, and X.509. Its main focus is the use of XML Signature and XML Encryption to provide end-to-end security. Features WS-Security describes three main mechanisms: * How to sign SOAP messages to assure integrity. Signed messages also provide non-repudiation. * How to encrypt SOAP messages to assure confidentiality. * How to attach security tokens to ascertain the sender's identity. The specification allows a variety of signature formats, encryption algorithms and multiple trust domains, and is open to various security token models, such as: * X.509 certificates, * Kerberos tickets, * User ID/Password cr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
WS-SecureConversation
WS-SecureConversation is a Web Services specification, created by IBM and others, that works in conjunction with WS-Security, WS-Trust and WS-Policy to allow the creation and sharing of security contexts. Extending the use cases of WS-Security, the purpose of WS-SecureConversation is to establish security contexts for multiple SOAP message exchanges, reducing the overhead of key establishment. Features * Establish a new security context in following modes: ** Security context token created by a security token service (WS-Trust STS) ** Security context token created by one of the communicating parties and propagated with a message ** Security context token created through negotiation/exchanges * Renew security context * Amend Security context (add claims) * Cancel security context * Derive key: parties may use different keys per side and function (sign/encrypt), and change keys frequently to prevent cryptographic attacks * Maintain high secure context WS-SecureConversation is m ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
WS-Trust
WS-Trust is a WS-* specification and OASIS standard that provides extensions to WS-Security, specifically dealing with the issuing, renewing, and validating of security tokens, as well as with ways to establish, assess the presence of, and broker trust relationships between participants in a secure message exchange. The WS-Trust specification was authored by representatives of a number of companies, and waapproved by OASISas a standard in March 2007. Using the extensions defined in WS-Trust, applications can engage in secure communication designed to work within the Web services framework. Overview WS-Trust defines a number of new elements, concepts and artifacts in support of that goal, including: * the concept of a Security Token Service (STS) - a web service that issues security tokens as defined in the WS-Security specification. * the formats of the messages used to request security tokens and the responses to those messages. * mechanisms for key exchange WS-Trust is ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
List Of Web Service Specifications
There are a variety of specifications associated with web services. These specifications are in varying degrees of maturity and are maintained or supported by various standards bodies and entities. These specifications are the basic web services framework established by first-generation standards represented by WSDL, SOAP, and UDDI. Specifications may complement, overlap, and compete with each other. Web service specifications are occasionally referred to collectively as "WS-*", though there is not a single managed set of specifications that this consistently refers to, nor a recognized owning body across them all. Web service standards listings These sites contain documents and links about the different Web services standards identified on this page. * IBM Developerworks: Standard and Web Service innoQ's WS-Standard Overview() MSDN .NET Developer Centre: Web Service Specification Index PageOASIS Standards and Other Approved WorkOpen Grid Forum Final DocumentXML CoverPageW3C' ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
WS-Federation
WS-Federation (Web Services Federation) is an Identity Federation specification, developed by a group of companies: BEA Systems, BMC Software, CA Inc. (along with Layer 7 Technologies now a part of CA Inc.), IBM, Microsoft, Novell, Hewlett Packard Enterprise, and VeriSign. Part of the larger Web Services Security framework, WS-Federation defines mechanisms for allowing different security realms to broker information on identities, identity attributes and authentication. Associated specifications The following draft specifications are associated with WS-Security: *WS-SecureConversation *WS-Federation * WS-Authorization * WS-Policy *WS-Trust * WS-Privacy See also *List of Web service specifications * Web Services *SAML *XACML *Liberty Alliance *OpenID OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites (known as relying parties, or RP) using a third-party id ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ID-WSF
In computer networking, Identity Web Services Framework is a protocol stack that profiles WS-Security, WS-Addressing, SAML and adds new protocol specifications of its own, such as the Discovery Service, for open market per user service discovery, and the People Service for delegation and social networking. Development The ID-WSF stack was developed by the Liberty Alliance. The first release, ID-WSF 1.0 (and subsequent 1.1 and 1.2) were released in 2003. ID-WSF1 was interoperability tested among several vendor implementations, which received certification from the Liberty Alliance. However, the first version of ID-WSF was not widely adopted. Perhaps the only significant adoption was by France Telecom and the French government's Mon Service Public. Some adoption happened in Japan as well. Liberty Alliance proceeded to create an improved version, the ID-WSF 2.0 in 2006, which included harmonization with certain WS-* technologies, such as WS-Addressing and WS-Security. These chan ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
XML Signature
XML Signature (also called ''XMLDSig'', ''XML-DSig'', ''XML-Sig'') defines an XML syntax for digital signatures and is defined in the W3C recommendationbr>XML Signature Syntax and Processing Functionally, it has much in common with PKCS #7 but is more extensible and geared towards signing XML documents. It is used by various Web technologies such as SOAP, SAML, and others. XML signatures can be used to sign data–a resource–of any type, typically XML documents, but anything that is accessible via a URL can be signed. An XML signature used to sign a resource outside its containing XML document is called a detached signature; if it is used to sign some part of its containing document, it is called an enveloped signature; if it contains the signed data within itself it is called an enveloping signature. Structure An XML Signature consists of a Signature element in the http://www.w3.org/2000/09/xmldsig# namespace. The basic structure is as follows: ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
SOAP (protocol)
Soap is a salt of a fatty acid used in a variety of cleansing and lubricating products. In a domestic setting, soaps are surfactants usually used for washing, bathing, and other types of housekeeping. In industrial settings, soaps are used as thickeners, components of some lubricants, and precursors to catalysts. When used for cleaning, soap solubilizes particles and grime, which can then be separated from the article being cleaned. In hand washing, as a surfactant, when lathered with a little water, soap kills microorganisms by disorganizing their membrane lipid bilayer and denaturing their proteins. It also emulsifies oils, enabling them to be carried away by running water. Soap is created by mixing fats and oils with a base. A similar process is used for making detergent which is also created by combining chemical compounds in a mixer. Humans have used soap for millennia. Evidence exists for the production of soap-like materials in ancient Babylon around 2800 BC. Typ ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
VeriSign
Verisign Inc. is an American company based in Reston, Virginia, United States that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the , , and generic top-level domains and the and country-code top-level domains, and the back-end systems for the , , and sponsored top-level domains. In 2010, Verisign sold its authentication business unit – which included Secure Sockets Layer (SSL) certificate, public key infrastructure (PKI), Verisign Trust Seal, and Verisign Identity Protection (VIP) services – to Symantec for $1.28 billion. The deal capped a multi-year effort by Verisign to narrow its focus to its core infrastructure and security business units. Symantec later sold this unit to DigiCert in 2017. On October 25, 2018, NeuStar, Inc. acquired VeriSign’s Security Service Customer Contracts. The acquisition effectively transferred Verisign Inc.’s Distributed Denial of Service ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
