Web Services Security: An Enabler of Semantic Web Services

1
Web Services Security An Enabler of Semantic Web
Services

• Presented by
• Sonali Pagade
• Nibha Dhagat
• http//www.cs.unb.ca/baseweb/baseweb03/papers/abbi
  e-barbir-BaseWeb2003-paper1.pdf

2
Introduction

• Web Services are emerging as an important
  technology for various forms of Information
  Services.
• A key Enabler is to develop an effective security
  model for Web Services.
• No broadly-adopted specifications yet.
• This paper describes a multi-layered security
  architecture to be used by Enterprise for
  securing Web Services.

3
Introduction

• Some aspects of Web Services are standardized in
  OASIS.
• Our goal is to develop Semantic Web Enabled Web
  Services.
• The use of semantic web technologies such as
  ontologies will help in transforming the web into
  a distributed device that can handle machine
  processable and machine interpretable content.

4
Introduction

• This paper talks about an integrated security
  architecture that can be used at multiple layers
  in a network to ensure network and web service
  security.

5
Web Services Security Challenges and Requirements
6
Challenges and Requirements

• Requirements for providing end-to-end WS-security
  are
• Authentication Mechanism
• Authorization to access resources
• Data integrity and confidentiality
• Integrity of transactions and communications
• Non-repudiation
• End-to-end integrity and confidentiality of
  messages
• Security and Audit trials
• Distributed security policy enforcement

7
(No Transcript)
8
Current Mechanisms

• Some of the important existing security standards
  are
• XKMS
• SAML
• XACML
• XML Signature and XML Encryption
• WS-Security

9
Integrated Security Architecture
10

• Organizations that are considering implementing
  Web Services need to make security an integral
  part of their efforts.
• The Integrated Security Architecture promotes a
  process, rather than an endpoint. Effective
  security is not achieved through a one-time
  initiative.

11
The integrated security architecture is based on
the following key elements

• Multi-layer security that defines security
  protection functions at application, network
  assisted, and network security levels.
• Variable-depth security across the enterprise and
  not just at the edge of the Internet.
• Closed-loop policy management

12

• Uniform access management
• Secure network operations
• Secure multimedia communications

13
Integrated Security Architecture
14
Basic Security Stages
15
Integrated Security Architecture and Web Services
Security

• Distributed Identities
• The users of Web Services may belong to various
  security domains and may need to communicate with
  each other using different identity verification
  schemes.
• Distributed Policies
• Policy principles behind the Integrated Security
  Architecture enable organizations to support
  distributed policies as they relate to Web
  Services.

16

• Secure Discovery
• The principles in the Integrated Security
  Architecture enable the development of secure
  discovery mechanisms, whereby, the policies that
  specify who can discover a service can be
  enforced.
• Message Security
• Message security can ensure privacy,
  confidentiality and interaction integrity.

17
Conclusion
18

• A key enabler of the development and future
  deployment of Semantic Web Services is the
  creation and adoption of an effective security
  model for the
• current generation of Web Services.