Monday Sep 17, 2007

WS-Trust in WSIT 1.0

WSIT 1.0 is released today in line of the release of Glassfish V2. WS-Trust is supported in WSIT 1.0 as a major security feature.

Here is a summary of the WS-Trust support in WSIT:

1. Support for token issuance protocol
2. Support for Security Token Service (STS) Framework for building STS as a
independent Web service.
3. Client and Service Authentication and Security with issued tokens from STS
within the general framework of WS-Security and WS-SecurityPolicy.

More about STS support:

1. Provide a general framework for building STS as an Web service for issuing
security tokens.
2. Authentication and secure communication between client and STS handled in the
same way as for a regular Web service.
3. Support for issuing SAML1.0, SAML 1.1 and SAML2.0 tokens by default.
4. Support for issuing symmetric key and public key (partially)
5. Extensible to support for issuing other types of tokens
6. Allows for plugging-in authorization mechanisms for controlling the issuing of
the tokens according to the user's identity and the targeted service.
7. Allows for plugging-in user mappings for controlling the user
identity/attributes carried in the SAML token issued by STS for different services.

WS-SecureConversation in WSIT 1.0

WSIT 1.0 is released today in line of the release of Glassfish V2. WS-SecureConversation is supported in WSIT 1.0 as a major security feature. WS-SecureConversation, built on top of the general mechanisms
defined in WS-Security and WS-Trust, provides a way to establish security context (session) for more efficient communication and better security for multiple message exchanges between a cleint and a service.

Here is a summary of the WS-SecureConversation support in WSIT:

1. SCT Binding of WS-Trust (Issuance binding) for establishing security context
2. Embedded STS for issuing SCT - each WSIT enabled Web service can act as an STS for managing security context.
3. Security context concellation
4. Extensible SessionManager to persist security contexts for Web farms
5. Align with WS-RM to secure reliable messaging sessions.
6. SecurityContextToken for securing messages in the framework of WS-Security
7. Support for Key Derivation and KeyDerivedToken with various types of tokens.
8. Using Netbeans, enabling secure converation is just a click of a button on top of any security profiles.
9. Overall, performance improvement using secure conversation is significant, of 250 to 450 percent depending on the size of messages and the number of messages sent.

About

Jiandong Guo

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today