Steve Schmalz - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

Steve Schmalz

Description:

SOAP Message using an XML Digital Signature. SAML and SOAP ... S:Envelope http://developer.rsasecurity.com. Bookmark our new site and visit often! ... – PowerPoint PPT presentation

Number of Views:37
Avg rating:3.0/5.0
Slides: 14
Provided by: jkau3
Category:

less

Transcript and Presenter's Notes

Title: Steve Schmalz


1
Steve Schmalz
  • Senior Systems Engineer
  • RSA Security Inc.
  • Developer Solutions Group

2
Agenda
  • XML Digital Signatures
  • SOAP Message
  • SOAP Message using an XML Digital Signature
  • SAML and SOAP
  • SOAP Message Carrying a SAML Assertion
  • SOAP/SAML/XML Digital Signature

3
XML Signature Structure
  • ltSignature ID?gt ltSignedInfogt
    ltCanonicalizationMethod/gt ltSignatureMethod/gt
    (ltReference URI? gt (ltTransformsgt)?
    ltDigestMethodgt ltDigestValuegt
    lt/Referencegt) lt/SignedInfogtltSignatureValuegt
    (ltKeyInfogt)?(ltObject ID?gt)lt/Signaturegt

4
WS-Security Core ltSecuritygt Element
SOAP

ltSecuritygt lt/Securitygt
EncryptionDigital SignatureSecurity Tokens
5
Signing Input Document
  • ltSEnvelope xmlnsS"http//www.w3.org/2001/12/soa
    p-envelope"gt
  • ltSBody Id"MsgBody"gt
  • ltfnOrder xmlnsfn"http//www.foo.com/fakens"gt
  • ltItemgtPool Tablelt/Itemgt
  • ltQuantitygt1lt/Quantitygt
  • ltAccountNumbergt123456789lt/AccountNumbergt
  • ltPricegt800.00lt/Pricegt
  • lt/fnOrdergt
  • lt/SBodygt
  • lt/SEnvelopegt

6
WS-Security Example Signature (1 of 2)
ltSEnvelope xmlnsS"http//www.w3.org/2001/12/soa
p-envelope"gt ltSHeadergt ltwsseSecuritygt
lt/wsseSecuritygtlt/SHeadergt ltSBody
Id"MsgBody"gt ltfnOrder xmlnsfn"http//www.foo.
com/fakens"gt ltItemgtPool Tablelt/Itemgt
ltQuantitygt1lt/Quantitygt ltAccountNumbergt123456789
lt/AccountNumbergt ltPricegt800.00lt/Pricegt
lt/fnOrdergtlt/SBodygt lt/SEnvelopegt
7
WS-Security Example Signature (2 of 2)
ltwsseSecurity xmlnswsse"http//schemas.xmlsoap
.org/ws/2002/07/secext"gtltwsseUsernameToken
Id"signTok"gt ltwsseUsernamegtBoblt/wsseUsername
gtlt/wsseUsernameTokengt ltdsSignaturegt
ltdsKeyInfogt ltwsseSecurityTokenReferencegt
ltwsseReference URI"signTok/gt
lt/wsseSecurityTokenReferencegt lt/dsKeyInfogt
lt/dsSignaturegtlt/wsseSecuritygt
Match
8
Web Services Security vs. SAML
  • SAML (Security Assertion Markup Language).
  • SAML was developed by OASIS (Organization for the
    Advancement of Structured Information Standards),
    and is being supported by Liberty Alliance. SAML
    does not directly provide message integrity or
    confidentiality it relies on XML Signature to
    protect integrity and on SSL/TLS for
    confidentiality. Single Sign On (SSO) can assert
    authorization across multiple services.
  • WS-Security
  • Developed by the Web Services Interoperability
    Organization (IBM, Microsoft and Verisign)
    enhances SOAP with methods to protect message
    integrity and confidentiality and to exchange
    security information. WS-Security specifically
    protects a single SOAP exchange.

9
Attached SAML Assertion
ltSEnvelope xmlnsSgt ltSHeadergt ltwsseSecu
rity xmlnswssegt ltsamlAssertion
lt/samlAssertiongt lt/wsseSecuritygt
lt/SHeadergt ltSBodygt lt/Bodygt lt/SEnvelopegt
10
Referencing a SAML Assertion
ltSEnvelope xmlnsSgt ltSHeadergt ltwsseSecu
rity xmlnswssegt ltsamlAssertion
AssertionIDSecurityToken-12345678 gt
lt/samlAssertiongt ltwsseSecurityTokenReference
gt ltwsseKeyIdentifier wsuidgt ValueType
samlAssertion SecurityToken-12345678 lt/wsse
KeyIdentifiergt lt/wsseSecurityTokenReferencegt
lt/wsseSecuritygt lt/SHeadergt ltSBodygt
lt/Bodygt lt/SEnvelopegt
11
Signed SOAP/SAML slide 1 of 2
ltSEnvelope xmlnsSgt ltSHeadergt ltwsseSecu
rity xmlnswssegt ltsamlAssertion
AssertionID12345678 gt ltsamlAuthenticationSt
atement AuthMethpasswordgt
ltsamlSubjectgt ltsamlNameIdentifiergt
uidsteve,ou lt/samlNameIdentifiergt
ltsamlSubjectConfirmationgt
ltsamlConfirmationMethodgt
urnoasisnamestcSAML1.0cmholder-of-key
lt/samlConfirmationMethodgt
ltdsKeyInfogt ltdsKeyValuegt
lt/dsKeyValuegt lt/dsKeyInfogt
lt/samlSubjectConfirmationgt
lt/samlSubjectgt lt/samlAuthenticationStatementgt

12
Signed SOAP/SAML slide 2 of 2
ltsamlAttributeStatementgt
ltsamlSubjectgt see above lt/samlSubjectgt
ltsamlAttributegt lt/samlAttributegt
lt/samlAttributeStatementgt ltdsSignaturegt
of all SAML assertions lt/dsSignaturegt lt/saml
Assertiongt ltdsSignaturegt of Msg Body using
keyvalue in Subj Conf ltdsKeyInfogt
ltwsseSecurityTokenReferencegt
ltwsseKeyidentifier ValueTypesamlAssertiongt
12345678 lt/wsseKeyidentifiergt
lt/wsseSecurityTokenReferencegt
lt/dsKeyInfogt lt/dsSignaturegt
lt/wsseSecuritygt lt/SHeadergt ltSBodygt
lt/Bodygt lt/SEnvelopegt
13
http//developer.rsasecurity.comBookmark our new
site and visit often!
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Steve Schmalz" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!