More Related Content Similar to Secured SOA (20) Secured SOA29. CLIENT_HELLO
Highest SSL Version,
Ciphers Supported,
Data Compression Methods,
SessionId = 0,
Random Data
30. SERVER_HELLO
Selected SSL Version,
Selected Cipher,
Selected Data Compression Method,
Assigned Session Id,
Random Data
44. <soap:Envelope >
<soap:Body>
<ns1:withdrawMoney >
<param1></ param1>
<param2></ param2>
<param3></ param3>
</ ns1:withdrawMoney >
</soap:Body>
</soap:Envelope>
45. <soap:Envelope >
<soap:Body>
<ns1:withdrawMoney >
<param1></ param1>
<param2></ param2>
<param3></ param3>
</ ns1:withdrawMoney >
</soap:Body>
</soap:Envelope>
55. <wsse:UsernameToken wsu:Id="Example-1">
<wsse:Username> ... </wsse:Username>
<wsse:Password
Type="..."> ... </wsse:Password>
<wsse:Nonce
EncodingType="..."> ... </wsse:Nonce>
<wsu:Created> ... </wsu:Created>
</wsse:UsernameToken>
56. NOBODY Can See the Message
in Clear Text Other
than the Intended Recipient
59. WS - Security
XML Username X.509 Token
XML Signature
Encryption Token Profile Profile
71. <s:Envelope>
<s:Header>
<wsa:Action>
http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue
</wsa:Action>
</s:Header>
<s:Body>
<wst:RequestSecurityToken>
<wst:TokenType>
http://example.org/mySpecialToken
</wst:TokenType>
<wst:RequestType>
http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue
</wst:RequestType>
</wst:RequestSecurityToken>
</s:Body>
</s:Envelope>
72. <s:Envelope>
<s:Header>
<wsa:Action>
http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Issue
</wsa:Action>
</s:Header>
<s:Body>
<wst:RequestSecurityTokenResponseCollection>
<wst:RequestSecurityTokenResponse>
<wst:RequestedSecurityToken>
<xyz:CustomToken xmlns:xyz="...">
</xyz:CustomToken>
</wst:RequestedSecurityToken>
</wst:RequestSecurityTokenResponse>
</wst:RequestSecurityTokenResponseCollection>
</s:Body>
</s:Envelope>
73. WS - Trust
WS - Security
Username X.509
XML XML
Token Token
Signature Encryption
Profile Profile
75. How Do We Communicate
our Security
Requirements to
Outsiders ?