Geeks With Blogs
Pradeep Loganathan Distributed August 2006 Entries
WS-Trust -- 7
A SOAP message using WS-Security is protected by security tokens. These security tokens can be obtained in a variety of ways such as username/password or x509 certificate, Kerberos e.t.c. Even though the SOAP message is now protected the recipient may not be able to use the token due to 1. Security token format incompatibility: The recipient may find the token format incompatible. 2. Security token trust: Even if the recipient can understand and process the token the recipient may be unable to map ......

Posted On Friday, August 25, 2006 12:11 PM

SAML: Portable Identity, Authorization & Authentication - 6
As web services are increasingly crossing organizational and domain boundaries the problems of representing identity and its associated attributes across these boundaries is becoming more essential. A system is secure if it knows all its users and all information is secure if the information is intact, non-tampered and can be proven to be confidential. A payroll processing service may need to further interact with the service implemented by the HR systems and maybe with an external Banking service ......

Posted On Tuesday, August 8, 2006 7:18 AM

XML Encryption - Sample - 5
using System; using System.Collections.Generic; using System.Text; using System.IO; using System.Xml; using System.Security; using System.Security.Cryptography; using System.Security.Cryptograph... namespace XMLDIGSIG { class Class1 { static void Main(string[] args) { TripleDES tdes = new TripleDESCryptoServiceProvi... EncryptXML(tdes); DecryptXML(tdes); Console.ReadKey(); } public static void EncryptXML(TripleDES tdes) { try { XmlDocument doc = new XmlDocument(); doc.Load("xmlfile1.xml"); ......

Posted On Monday, August 7, 2006 8:03 AM

XML Encryption - 4
XML encryption is used to ensure confidentiality of XML documents. With XML encryption you can either encrypt the whole XML document or just portions of the document. The .net implementation of XML encryption is totally w3c compliant. XML encryption scores over transport level security in two areas by ensuring that only certain portions of the document can be encrypted and also ensuring that the document is secure through its lifetime ......

Posted On Monday, August 7, 2006 8:02 AM

XML Signature Sample
using System.IO; using System.Xml; using System.Security; using System.Security.Cryptography; using System.Security.Cryptograph... namespace XMLDIGSIG { class Program { static void Main(string[] args) { SignXML(); ValidateXML(); Console.ReadKey(); } private static void SignXML() { XmlDocument doc = new XmlDocument(); doc.Load("xmlfile1.xml"); SignedXml sx = new SignedXml(doc); RSA Key = new RSACryptoServiceProvider(); sx.KeyInfo = new KeyInfo(); sx.KeyInfo.AddClause(new RSAKeyValue(Key)); sx.SigningKey ......

Posted On Thursday, August 3, 2006 5:23 AM

XML signature - 3
XML signature and XML encryption are used to ensure the integrity & confidentiality of SOAP messages and are the basic pillars of WS-security. A XML signature is a method of associating a Key to data using XML to represent the signature. XML signatures can be applied to any digital content. Once a XML document is signed any attempts to modify the contents of the XML document will result in failure of the verification. A simple XML signature contains the following A reference to what is being signed ......

Posted On Wednesday, August 2, 2006 6:24 AM

Foundations of Message Level Security - 2
Foundations of Message Level Security The main aim of securing Web services is to secure the messages sent and consumed by the services. This depends on using standards such as XML signature and XML encryption. To understand XML signature and XML encryption we need to understand the principles of shared Key cryptography and public Key cryptography. Shared Key Cryptography Shared Key cryptography is used to ensure confidentiality of messages. Shared key technologies depend on the sender and the recipient ......

Posted On Wednesday, August 2, 2006 6:23 AM

WS-Security Basics - 1
Web services can be secured using either Transport level security or Message level security. The main goal of transport level security is to establish a secure pipe between two endpoints and all messages that go into and out of the pipe are secured from point to point. The advantages of transport level security are The technologies for Transport level security are mature and well established. The technologies used are simpler and easier to administer. The disadvantages are It only secures a message ......

Posted On Wednesday, August 2, 2006 6:00 AM

Copyright © Pradeep Loganathan | Powered by: GeeksWithBlogs.net