Nataraj Nagaratnam

Securing web services

The Web service security challenge is to understand and assess the risk involved in securing a Web-based service today, based on our existing security technology, and at the same time track emerging standards and understand how they will be used to offset the risk in new Web services. Any security model must illustrate how data can flow through an application and network topology to meet the requirements defined by the business without exposing the data to undue risk. In this paper we propose a mechanism for the client to provide authentication data, based on the service definition, and for the service provider to retrieve those data. We also show how XML Digital Signatures and encryption can be exploited to achieve a level of trust.HTTP, Web Server and Web Services share very complicated set of functionalities and exchanges of information. Each and every component plays very important role in the thousands of functions which any user can access and utilize over Internet. Hyper Text Transfer Protocol allows users to interact with Web Servers a nd hence they can access the information via the Internet. If any user requests data and files, Web servers serve them. Web Services allow cross -system, cross- language communication among various types of machines and enable inter -business transaction and communications. Although each technology works on its own and performs many useful functions, it is the combination of these technologies that has created the dynamic functionalities of the Web that are available today. This research paper will explore theinter-relationships between HTTP, Web Servers and Web Services technologies that have facilitated the functionalities and convenience of the Web. Web Services are very powerful tool that has greatly enhanced the efficiency and communication among business es. According to the World Wide Web Consortium (W3C), �a Web Service is a software system designed to support interoperable machine -to-machine interaction over a network. � According to Zeldman, Web Services are areusable software components based on XMLand related protocols that enable near zero ABSTRACT HTTP, Web Server and Web Services share very complicated set of functionalities and exchanges of information. Each and every component plays very important role in the thousands of functions which any user can access and utilize over Internet. Hyper Text Transfer Protocol allows users to interact with Web Servers a nd hence they can access the information via the Internet. If any user requests data and files, Web servers serve them. Web Services allow cross -system, cross- language communication among various types of machines and enable inter -business transaction and communications. Although each technology works on its own and performs many useful functions, it is the combination of these technologies that has created the dynamic functionalities of the Web that are available today. This research paper will explore theinter-relationships between HTTP, Web Servers and Web Services technologies that have facilitated the functionalities and convenience of the Web. Web Services are very powerful tool that has greatly enhanced the efficiency and communication among business es. According to the World Wide Web Consortium (W3C), �a Web Service is a software system designed to support interoperable machine -to-machine interaction over a network. � According to Zeldman, Web Services are areusable software components based on XMLand related protocols that enable near zero -cost interaction throughout the business ecosystem. � In other words, Web Services are the software system that allows servers and client computers to communicate with each other regardless of each individual mach ines environment (operating systems and programming ABSTRACT HTTP, Web Server and Web Services share very complicated set of functionalities and exchanges of information. Each and every component plays very important role in the thousands of functions which any user can access and utilize over Internet. Hyper Text Transfer Protocol allows users to interact with Web Servers a nd hence they can access the information via the Internet. If any user requests data and files, Web servers serve them. Web Services allow cross -system, cross- language communication among various types of machines and enable inter -business transaction and communications. Although each technology works on its own and performs many useful functions, it is the combination of these technologies that has created the dynamic functionalities of the Web that are available today. This research paper will explore theinter-relationships between HTTP, Web Servers and Web Services technologies that have facilitated the functionalities and convenience of the Web. Web Services are very powerful tool that has greatly enhanced the efficiency and communication among business es. According to the World Wide Web Consortium (W3C), �a Web Service is a software system designed to support interoperable machine -to-machine interaction over a network. � According to Zeldman, Web Services are areusable software components based on XMLand related protocols that enable near zero

CredEx: user-centric credential management for grid and Web services

User authentication is a crucial security component for most computing systems. But since the security needs of different systems vary widely, authentication mechanisms are similarly diverse. In particular, independently-managed Web and grid services vary with regard to the type of security token (credential) used to prove user identity (username/password, X.509 signing, Kerberos, etc.). Forcing users to manage and present credentials manually for each service is tedious, error-prone and potentially insecure. In contrast, we present CredEx, an open-source, standards-based Web service that facilitates the secure storage of credentials and enables the dynamic exchange of different credential types using the WS-Trust token exchange protocol. With CredEx, a user can achieve single sign-on by acquiring a single (default) credential then dynamically exchanging that credential as needed for services that authenticate a different way. We describe the design and implementation of CredEx by focusing on its use in bridging password-based Web services and PKI-based grid services, illustrating how interoperability between these realms can be based upon the WS-Security and WS-Trust specifications.

Security for a Smarter Planet

Bit by bit, our planet is getting smarter. By this, we mean the systems that run, the way we live and work as a society. Three things have brought this about - the world is becoming instrumented, interconnected and intelligent. Given the planet is becoming instrumented and interconnected, this opens up more risks that need to be managed. Escalating security and privacy concerns along with a renewed focus on organizational oversight are driving governance, risk management and compliance (GRC) to the forefront of the business. Compliance regulations have increasingly played a larger role by attempting to establish processes and controls that mitigate the internal and external risks organizations have today. To effectively meet the requirements of GRC, companies must prove that they have strong and consistent controls over who has access to critical applications and data. Security has to be applied within a business context and fused into the fabric of business and not as a widget to solve the next security threat. This presentation will discuss challenges planet face, what companies, societies, governments need to be doing to address these challenges, and technical approach around a solution.

Securing service-oriented applications

Securing applications in a service-oriented architecture is challenging, because the loose coupling that characterizes a SOA can also expose existing security implementations’ brittleness. Our solution includes well-defined trust models based on acceptable forms of proof, as well as reliance on policies, Web Services security, and security engineering best practices.