SECURITY MECHANISM FOR WEBSERVICE USING SECURITY TOKEN SERVICE(STS
1. SECURITY MECHANISM FOR WEBSERVICE USING
SECURITY TOKEN SERVICE(STS)
K.M.MANOJ KUMAR,P.SHYAM SUNDAR
B.TECH IT(IIIYR).,
KONGUNADU COLLEGE OF ENGINEERING ANDTECHNOLOGY,
TRICHY
2. ABSTRACT:
• Web Service has been widely used in the field of distributed
application system
• But the security issue of theWeb Service has often been
considered as a crucial barrier to its application in many fields
that transfers sensitive information
• We introduce the SecurityToken Service (STS) intoWeb Service
and then present a STS-based security architecture for Web
Services
3. Introduction:
• AWeb service is a software system designed
to support interoperable machine-to-machine
interaction over a network
• Common protocols are,
• Extensible Markup Language (XML), which
include the Simple Object Access Protocol
(SOAP)
• TheWeb Services Description Language
(WSDL)
• Universal Description, Discovery, and
Integration (UDDI)
4. Need for security:
• A group ofWeb services interacting together in this manner defines a
particularWeb service application in a Service-Oriented Architecture (SOA)
• Web Service is applied in system that transfers sensitive information, such
as E-commerce
• Needs to include features that can deal with security risks, including
falsification and eavesdropping
5. Transport Layer Security(TLS):
• Transport Layer Security (TLS) is a widely used method for performing
secure transactions for the Web security
• But it is aimed to authenticate the server hosting the Web Service
• There is no means to authenticate a single service or sets of services running
on the same machine
• Problems:
• TLS only provides point-to-point security
• TLS provides security in the transport layer rather than in the message level
• No mechanism for keeping the authenticity and non-repudiation of the transmitting
message
• Couldn’t provide flexibility for message transmitting
6. STS-WS Architecture Overview:
• CA-To manage and centrally issue
certificates to the entities
• STS - authentication server in
service layer, used to issue, renew,
cancel, and validate security
tokens for the WSR in a transaction
• WSR – System requests data
• WSP – System Provides data
7. • TRUST DOMAIN:
• All the individuals in the domain complied with the same rules with a common trust
anchor
• It makes the assumption that the second entity will behave exactly as the first entity
expects
• STS-based authentication Models:
The mechanism for STS is,
• Registering to the trusted domain
• The Services find to bind
• WSR Obtains Security token
• The security services access
8. STS-based authentication Models:
1. WSR must register into the trusted domain
firstly
2. WSR queries UDDI to find aWSP and then gets
theWSDL file of the WSP.The credential is
validated by the UDDI to verify that it is issued
by a trusted CA
3. To obtain theT-ST, theWSR sends an
authentication request to the STS.
BinarySecurityToken issued by STS.WSR
sends a RequestSecurityToken message to the
STS.
4. Receiving theWSDL file of theWSP andT-ST,
theWSR request Web Service.
9. Conclusion:
•The existing security specifications forWeb Services are
developed to meet the security in a particular aspect
•However, there isn’t a complete architecture for theWeb
service security
•Our architecture can provide higher security and higher
performance services
10. REFERENCE:
• OASISWeb Services Security: SOAP Message Security 1.1, OASIS standard specification
• National Institute of Standards andTechnology, Guide to SecureWeb Services
• XML Encryption Syntax and Processing.Technical report, W3C,December 2002.
http://www.w3.org/TR/xmlenc-core/.
• National Institute of Standards andTechnology. Role-based access control-draft 4.
http://csrc.nist.gov/rbac/rbac-std-ncits.pdf
• Ming-Guang Zhang, Wei Qi. E-commerce security system explored.
• Gerald Brose.A gateway to web services security-securing SOAP with proxies. ICWS-Europe, 2003,
2853:101-108
• ZhangWeiyan, Zhi-JieWu, XiaTao. Web Services messages in Communication Research. Computer
Engineering and Design, 2005, 26 (10):2621-2623