Securing Enterprise Securing Enterprise Securing Enterprise ...
Securing Web Services with CAS Proxy Tickets
-
Upload
jeremy-rosenberg -
Category
Technology
-
view
231 -
download
2
description
Transcript of Securing Web Services with CAS Proxy Tickets
![Page 1: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/1.jpg)
June 2010
Securing Web ServicesSolving the Web Services Security Problem with an XML Gateway
![Page 2: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/2.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About Us
![Page 3: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/3.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About Us
• Jeremy Rosenberg Developer in IT services since 2004 Identity management strategy Java Developer
![Page 4: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/4.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About Us
• Jeremy Rosenberg Developer in IT services since 2004 Identity management strategy Java Developer
• Steve HillmanIT ArchitectWith IT Services since 1987Unix infrastructure
![Page 5: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/5.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About SFU
![Page 6: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/6.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About SFU
• Named after famous explorer
Simon Fraser 1776 -1862
![Page 7: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/7.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About SFU
• Named after famous explorer • Opened on September 9, 1965
Simon Fraser 1776 -1862
![Page 8: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/8.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About SFU
• Named after famous explorer • Opened on September 9, 1965• One University - Three campuses
• Burnaby• Surrey• Vancouver
Simon Fraser 1776 -1862
![Page 9: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/9.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About SFU
• Named after famous explorer • Opened on September 9, 1965• One University - Three campuses
• Burnaby• Surrey• Vancouver
• 32,000 students • 900 faculty• 1600 staff• 100,000 alumni Simon Fraser
1776 -1862
![Page 10: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/10.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
![Page 11: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/11.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions
![Page 12: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/12.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions• XML Security Challenges
![Page 13: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/13.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions• XML Security Challenges• About the Layer 7 SecureSpan XML Gateway
![Page 14: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/14.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions• XML Security Challenges• About the Layer 7 SecureSpan XML Gateway• Why we chose SecureSpan
![Page 15: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/15.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions• XML Security Challenges• About the Layer 7 SecureSpan XML Gateway• Why we chose SecureSpan• A little about Public Keys
![Page 16: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/16.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions• XML Security Challenges• About the Layer 7 SecureSpan XML Gateway• Why we chose SecureSpan• A little about Public Keys• Walkthroughs
• SOAP• REST
![Page 17: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/17.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About This Presentation
• Definitions• XML Security Challenges• About the Layer 7 SecureSpan XML Gateway• Why we chose SecureSpan• A little about Public Keys• Walkthroughs
• SOAP• REST
• Questions
![Page 18: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/18.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
•First, A Few Definitions
![Page 19: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/19.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
![Page 20: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/20.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:
![Page 21: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/21.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:• An API to a remote procedure
![Page 22: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/22.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:• An API to a remote procedure• Typically accessed over HTTP
![Page 23: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/23.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:• An API to a remote procedure• Typically accessed over HTTP• Machine-to-machine communications
![Page 24: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/24.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:• An API to a remote procedure• Typically accessed over HTTP• Machine-to-machine communications • Allows data source to be loosely coupled to
applications
![Page 25: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/25.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:• An API to a remote procedure• Typically accessed over HTTP• Machine-to-machine communications • Allows data source to be loosely coupled to
applications• Makes systems reusable
![Page 26: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/26.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions
Web Service:• An API to a remote procedure• Typically accessed over HTTP• Machine-to-machine communications • Allows data source to be loosely coupled to
applications• Makes systems reusable• Very popular with Twitter, Facebook, Amazon, etc
![Page 27: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/27.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
![Page 28: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/28.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•SOAP:
![Page 29: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/29.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•SOAP:• XML Message passing protocol
![Page 30: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/30.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•SOAP:• XML Message passing protocol • Numerous ‘WS-’ standards
![Page 31: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/31.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•SOAP:• XML Message passing protocol • Numerous ‘WS-’ standards• Associated with “Big” Web Services
• Most vendor SOA solutions use SOAP
![Page 32: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/32.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
![Page 33: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/33.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•REST:
• URL-addressable objects
![Page 34: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/34.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•REST:
• URL-addressable objects• “http://maps.google.com/maps/api/geocode/xml?address=Memorial+University,+NL,+CA”
![Page 35: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/35.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•REST:
• URL-addressable objects• “http://maps.google.com/maps/api/geocode/xml?address=Memorial+University,+NL,+CA”
• Accessed and manipulated with standard HTTP GET/POST/PUT/DELETE
![Page 36: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/36.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•REST:
• URL-addressable objects• “http://maps.google.com/maps/api/geocode/xml?address=Memorial+University,+NL,+CA”
• Accessed and manipulated with standard HTTP GET/POST/PUT/DELETE
• Lightweight client requirements
![Page 37: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/37.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•REST:
• URL-addressable objects• “http://maps.google.com/maps/api/geocode/xml?address=Memorial+University,+NL,+CA”
• Accessed and manipulated with standard HTTP GET/POST/PUT/DELETE
• Lightweight client requirements• Stateless (every request is self-contained)
![Page 38: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/38.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Definitions - SOAP vs REST
•REST:
• URL-addressable objects• “http://maps.google.com/maps/api/geocode/xml?address=Memorial+University,+NL,+CA”
• Accessed and manipulated with standard HTTP GET/POST/PUT/DELETE
• Lightweight client requirements• Stateless (every request is self-contained)• WS- standards are less mature
![Page 39: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/39.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
“Put out an A.P.B. on a donut, believed sprinkled.”
!•Web Services Security Challenges
![Page 40: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/40.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
![Page 41: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/41.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web Services can communicate over many transport protocols
![Page 42: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/42.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web Services can communicate over many transport protocols• Commonly accessed over web protocols like HTTP
![Page 43: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/43.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web Services can communicate over many transport protocols• Commonly accessed over web protocols like HTTP• Easy for Web services to bypass traditional firewalls
![Page 44: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/44.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web Services can communicate over many transport protocols• Commonly accessed over web protocols like HTTP• Easy for Web services to bypass traditional firewalls
XMLHTTP
XML
![Page 45: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/45.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
![Page 46: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/46.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
![Page 47: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/47.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break
![Page 48: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/48.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break• Creates new XML threats and
vulnerabilities. E.g:
![Page 49: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/49.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break• Creates new XML threats and
vulnerabilities. E.g:• XML parameter tampering
![Page 50: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/50.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break• Creates new XML threats and
vulnerabilities. E.g:• XML parameter tampering• XDoS Attacks
![Page 51: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/51.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break• Creates new XML threats and
vulnerabilities. E.g:• XML parameter tampering• XDoS Attacks• Message Replay
![Page 52: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/52.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break• Creates new XML threats and
vulnerabilities. E.g:• XML parameter tampering• XDoS Attacks• Message Replay• Oversized/overdeep XML nodes
![Page 53: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/53.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• XML-based messages can be deliberately or inadvertently malformed
• Causes parser or applications to break• Creates new XML threats and
vulnerabilities. E.g:• XML parameter tampering• XDoS Attacks• Message Replay• Oversized/overdeep XML nodes• Code injection
![Page 54: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/54.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
![Page 55: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/55.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Transactions are principally machine-to-machine
![Page 56: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/56.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Transactions are principally machine-to-machine • New thinking around machine-to-machine credentialing
![Page 57: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/57.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Transactions are principally machine-to-machine • New thinking around machine-to-machine credentialing • Login pages won’t work
![Page 58: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/58.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
![Page 59: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/59.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Services and clients must agree on security parameters• crypto preferences• standards support
![Page 60: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/60.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Services and clients must agree on security parameters• crypto preferences• standards support
• Need for new kinds of policy coordination
![Page 61: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/61.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Services and clients must agree on security parameters• crypto preferences• standards support
• Need for new kinds of policy coordination• Incompatibilities have unforeseen consequences
![Page 62: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/62.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
![Page 63: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/63.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web services enable multi-hop composite applications
![Page 64: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/64.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web services enable multi-hop composite applications• Example: Student on boarding process
![Page 65: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/65.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
• Web services enable multi-hop composite applications• Example: Student on boarding process• Message level security and audit that can span multi-
hop SOA transactions end-to-end
![Page 66: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/66.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
![Page 67: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/67.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Web Services Security Challenges
Web services expose business functionality through open APIs, requiring new application-aware security measures.
![Page 68: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/68.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SecureSpan XML Gateway
![Page 69: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/69.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SecureSpan XML Gateway
• Enter the XML Gateway
![Page 70: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/70.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SecureSpan XML Gateway
![Page 71: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/71.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway - What it does
![Page 72: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/72.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway - What it does
• Parses all Inbound and outbound XML messages
![Page 73: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/73.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway - What it does
• Parses all Inbound and outbound XML messages• Inspection and modification of XML messages
![Page 74: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/74.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway - What it does
• Parses all Inbound and outbound XML messages• Inspection and modification of XML messages
• Replace “Username” value in inbound XML message with value extracted from client certificate• Prevent spoofing
![Page 75: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/75.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway - What it does
• Parses all Inbound and outbound XML messages• Inspection and modification of XML messages
• Replace “Username” value in inbound XML message with value extracted from client certificate• Prevent spoofing
• Blank-out Student Number value in outbound XML messages • Prevent accidental leakage of confidential info
![Page 76: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/76.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway
![Page 77: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/77.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway
• Thwart attacks
![Page 78: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/78.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway
• Thwart attacks• Prevent malicious and inadvertent XML attacks
![Page 79: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/79.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
XML Gateway
• Thwart attacks• Prevent malicious and inadvertent XML attacks• Prevent other not-so-obvious application-level
attacks - e.g. SQL injection. • Are you sure every one of your developers
sanitizes their inputs?
![Page 80: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/80.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
![Page 81: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/81.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:
![Page 82: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/82.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:• Do rate-control/throttling/queueing to enforce SLAs
![Page 83: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/83.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:• Do rate-control/throttling/queueing to enforce SLAs• Standardized logging of all access
![Page 84: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/84.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:• Do rate-control/throttling/queueing to enforce SLAs• Standardized logging of all access• Auditing
![Page 85: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/85.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:• Do rate-control/throttling/queueing to enforce SLAs• Standardized logging of all access• Auditing • Centrally enforced policies
![Page 86: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/86.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:• Do rate-control/throttling/queueing to enforce SLAs• Standardized logging of all access• Auditing • Centrally enforced policies • Reusable rich set of authentication mechanisms
![Page 87: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/87.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Benefits
• Single point-of-entry for Web Services means:• Do rate-control/throttling/queueing to enforce SLAs• Standardized logging of all access• Auditing • Centrally enforced policies • Reusable rich set of authentication mechanisms • Managed by the Infrastructure team on behalf of all
Web Services development groups
![Page 88: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/88.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Why We Chose Layer7
![Page 89: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/89.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Why We Chose Layer7
• Industry leader in this space
![Page 90: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/90.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Why We Chose Layer7
• Industry leader in this space• Very responsive
![Page 91: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/91.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Why We Chose Layer7
• Industry leader in this space• Very responsive• Available as either hard or soft appliance
![Page 92: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/92.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Why We Chose Layer7
• Industry leader in this space• Very responsive• Available as either hard or soft appliance • Extensible using Java. We have Java experts.
![Page 93: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/93.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Why We Chose Layer7
• Industry leader in this space• Very responsive• Available as either hard or soft appliance • Extensible using Java. We have Java experts.• Supports every standard known to Man
![Page 94: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/94.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Standards
![Page 95: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/95.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Standards
XML 1.0SOAP 1.2RESTAJAXXPath 1.0XSLT 1.0WSDL 1.1XML SchemaLDAP 3.0SAML 1.1/2.0PKCS #10X.509 v3 CertificatesFIPS 140-2Kerberos
W3C XML Signature 1.0W3C XML Encryption 1.0SSL/TLS 3.0/1.1SNMPSMTPPOP3IMAP4HTTP/HTTPSJMS 1.0MQ SeriesTibco EMSFTPWS-Security 1.1WS-Trust 1.0
WS-FederationWS-AddressingWSSecureConversationWS-MetadataExchangeWS-PolicyWS-SecurityPolicyWS-PolicyAttachmentWS-SecureExchangeWSILWS-IWS-I BSPUDDI 3.0XACML 2.0MTOM
![Page 96: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/96.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
The Gateway Changes Everything
![Page 97: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/97.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
![Page 98: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/98.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
![Page 99: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/99.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
![Page 100: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/100.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
![Page 101: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/101.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
![Page 102: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/102.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
![Page 103: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/103.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
![Page 104: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/104.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Cowboy Style
![Page 105: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/105.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
![Page 106: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/106.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
Definitely Not a Public Key Infrastructure (DNPKI)
![Page 107: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/107.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
Definitely Not a Public Key Infrastructure (DNPKI)• Named out of frustration with the phrase:
• “Cool we have PKI now”
![Page 108: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/108.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
Definitely Not a Public Key Infrastructure (DNPKI)• Named out of frustration with the phrase:
• “Cool we have PKI now”• Needed a way to manage X.509 certificates for:
• https client certificate authentication• WS-Security Signature Authentication
![Page 109: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/109.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
Definitely Not a Public Key Infrastructure (DNPKI)• Named out of frustration with the phrase:
• “Cool we have PKI now”• Needed a way to manage X.509 certificates for:
• https client certificate authentication• WS-Security Signature Authentication
• Store and push RSA public keys into LDAP
![Page 110: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/110.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
Definitely Not a Public Key Infrastructure (DNPKI)• Named out of frustration with the phrase:
• “Cool we have PKI now”• Needed a way to manage X.509 certificates for:
• https client certificate authentication• WS-Security Signature Authentication
• Store and push RSA public keys into LDAP• Ability to de-provision certificate access
![Page 111: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/111.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
Definitely Not a Public Key Infrastructure (DNPKI)• Named out of frustration with the phrase:
• “Cool we have PKI now”• Needed a way to manage X.509 certificates for:
• https client certificate authentication• WS-Security Signature Authentication
• Store and push RSA public keys into LDAP• Ability to de-provision certificate access • Leveraged existing IdM architecture
![Page 112: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/112.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
![Page 113: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/113.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
![Page 114: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/114.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
![Page 115: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/115.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
![Page 116: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/116.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
![Page 117: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/117.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
![Page 118: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/118.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
![Page 119: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/119.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
![Page 120: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/120.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
About DNPKI
![Page 121: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/121.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
![Page 122: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/122.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
![Page 123: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/123.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
![Page 124: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/124.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
![Page 125: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/125.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
![Page 126: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/126.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
![Page 127: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/127.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
![Page 128: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/128.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
![Page 129: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/129.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
![Page 130: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/130.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
![Page 131: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/131.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
![Page 132: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/132.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
![Page 133: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/133.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
SOAP Security - Best Practices
![Page 134: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/134.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
![Page 135: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/135.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
![Page 136: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/136.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
![Page 137: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/137.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
![Page 138: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/138.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
![Page 139: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/139.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
![Page 140: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/140.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway SOAP Assertions
![Page 141: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/141.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
![Page 142: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/142.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
![Page 143: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/143.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
![Page 144: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/144.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
.../courses?user=me
![Page 145: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/145.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
.../courses?user=me
![Page 146: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/146.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
.../courses?user=notme
![Page 147: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/147.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
The Zimbra Conundrum
.../courses?user=notme
![Page 148: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/148.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
![Page 149: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/149.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
![Page 150: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/150.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
![Page 151: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/151.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
![Page 152: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/152.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
![Page 153: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/153.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
![Page 154: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/154.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
![Page 155: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/155.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
![Page 156: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/156.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
REST Security that Never Rests
![Page 157: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/157.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
![Page 158: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/158.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
![Page 159: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/159.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
![Page 160: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/160.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
![Page 161: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/161.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
![Page 162: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/162.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
![Page 163: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/163.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Gateway REST Assertions
![Page 164: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/164.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Lessons Learned
![Page 165: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/165.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Lessons Learned
• Security is an enabler
![Page 166: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/166.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Lessons Learned
• Security is an enabler• Stick to standards where possible
![Page 167: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/167.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Lessons Learned
• Security is an enabler• Stick to standards where possible• A good vendor is huge
![Page 168: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/168.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Lessons Learned
• Security is an enabler• Stick to standards where possible• A good vendor is huge• Start small
• Control the service and consumer
![Page 169: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/169.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
Lessons Learned
• Security is an enabler• Stick to standards where possible• A good vendor is huge• Start small
• Control the service and consumer• Security can be fun!
![Page 170: Securing Web Services with CAS Proxy Tickets](https://reader033.fdocuments.net/reader033/viewer/2022060107/554ab577b4c905ec668b59f5/html5/thumbnails/170.jpg)
IT Services - Jeremy Rosenberg / Steve Hillman
THANK YOU
Thank You !
[email protected][email protected]
!