0
2.5kviews
WS-SECURITY AND WEB SERVICE SECURITYSPECIFICATION
1 Answer
0
35views
  • The web services WS-Security specification describes enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies.
  • A web service is a self-contained, self-describing modular application that can be published, discovered, and invoked over a network using standard network protocols. Typically, XML is used to tag the data, SOAP is used to transfer the data, WSDL is used for describing the services available, and UDDI is used for listing the services that are available.
  • The WS-Security specification is one of several security standards that can be used to secure a web service. It provides message-level security, which means it is independent of the transport protocol and can be used for any web service binding, such as HTTP, SOAP, and RMI. It also provides a general-purpose mechanism for associating security tokens with message content.

1 Authentication

This mechanism uses a security token to validate the user and determine whether a client is valid in a particular context. A client can be an end user, machine, application, or import. Without authentication, an attacker can use spoofing techniques to send a modified SOAP message to the service provider.

2 Integrity

This mechanism uses message signing to ensure that information is not changed, altered, or lost in an unauthorized or accidental way. When integrity is implemented, an XML digital signature is generated on the contents of a SOAP message. If the message data changes illegally, the signature is not validated. Without integrity, an attacker can use tampering techniques to intercept a SOAP message between the web service client and server and then modify it.

3 Confidentiality

This mechanism uses message encryption to ensure that no unauthorized party or process can access or disclose the information in the message. When a SOAP message is encrypted, only a service that knows the key for confidentiality can decrypt and read the message. Without confidentiality, an attacker can use eavesdropping techniques to intercept a SOAP message and read the contained information.

Message security architecture

enter image description here

Sr No Component Description
1 Request generator On the client (import) side, the request generator defines the security constraints on the outgoing SOAP request message with one or more security mechanisms, such as digital signing, encryption, or security tokens.
2 Request consumer On the server (export) side, the request consumer defines the security constraints on the incoming SOAP request message, such as ensuring that: 1. The required integrity parts are signed and the signature is verified. 2. The required confidential parts are encrypted and subsequently decrypted. 3. The security tokens are validated. The WS-Security properties defined for the request consumer must match those that were defined for the request generator.
3 Response generator On the server (export) side, the response generator defines the security constraints on the outgoing SOAP response message with one or more security mechanisms, such as digital signing, encryption, or security tokens.
4 Response consumer On the client (import) side, the response consumer defines the security constraints on the incoming SOAP response message, such as ensuring that: 1. The required integrity parts are signed and the signature is verified. 2. The required confidential parts are encrypted and subsequently decrypted. 3. The security tokens are validated. The WS-Security properties defined for the response consumer must match those that were defined for the response generator.
  • Advantages of WS-Security

    There are numerous advantages to using WS-Security, such as:

  1. Different parts of a message can be secured in a variety of ways. For example, you can use integrity on the security token (user ID and password) and confidentiality on the SOAP message body.
  2. Intermediaries can be used and end-to-end message-level security can be provided through any number of intermediaries.
  3. WS-Security works across multiple transports and is independent of the underlying transport protocol.
  4. Authentication of both individual users and multiple party identities is possible.
Please log in to add an answer.