Why WS Trust and Secure Conversation?
WS-Security adds enterprise-level security features to SOAP message exchanges, but with a substantial performance cost.
WS-Trust builds on WS-Security to provide a way of exchanging security tokens,
WS-SecureConversation builds on WS-Security and WS-Trust to improve performance for ongoing message exchanges
What is the performance issue with WS Security?
WS Security uses asymmetric keys - that is public and private key pair, which require larger keys and complex processing while decrypting messages vs single secret keys known to the both parties.
WS Conversation uses WS Trust (+ WS Security) to use only a single key pair to communicate between client and server.
What is WS-Trust?
WS Trust is a WS based standard for Requesting / Receiving the tokens
References:
http://www.ibm.com/developerworks/library/j-jws15/
https://www.youtube.com/watch?v=YZNVyUc-3fQ
http://bit.ly/1WcpDKb
WS-Security adds enterprise-level security features to SOAP message exchanges, but with a substantial performance cost.
WS-Trust builds on WS-Security to provide a way of exchanging security tokens,
WS-SecureConversation builds on WS-Security and WS-Trust to improve performance for ongoing message exchanges
What is the performance issue with WS Security?
WS Security uses asymmetric keys - that is public and private key pair, which require larger keys and complex processing while decrypting messages vs single secret keys known to the both parties.
WS Conversation uses WS Trust (+ WS Security) to use only a single key pair to communicate between client and server.
What is WS-Trust?
WS Trust is a WS based standard for Requesting / Receiving the tokens
- Function 1 - Implement the STS to
- issuing
- renew
- cancel
- validate Security Tokens
- Function 2 - Support brokering Trust relationship
What is STS (Security Token Service)?
An STS is a web service that implements a simple interface defined by the WS-Trust specification. The operations supported are issue, renew, cancel and validation of Tokens.
WS Conversation - is a standard which allows symmetric encryption to be used ongoing exchange of messages between client and the server.
-----------------------
How WS Trust is established?-----------------------
- Consumer Requests a Security Token (RST) to the STS
- STS returns a signed token to the Consumer - Request Security Token Response (RSTR)
- Once the token is received - the requester can present it to multiple services.
References:
http://www.ibm.com/developerworks/library/j-jws15/
https://www.youtube.com/watch?v=YZNVyUc-3fQ
http://bit.ly/1WcpDKb
No comments:
Post a Comment