95-702 oct master of information system management 95-702 oct week 10 securing web services xml...
Post on 21-Dec-2015
223 views
TRANSCRIPT
![Page 1: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/1.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
95-702 OCTWeek 10
Securing Web Services• XML Digital Signature• XML Encryption• Web Service Security
![Page 2: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/2.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
XML Web Services
Hot topicFoundation of Service Oriented ArchitecturesInteroperableRemote Method InvocationMessagingSupported by all the big playersNotes adpated from the required reading “Web Services Security”, Bilal Siddiqui
![Page 3: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/3.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Existing XML Web Services
GoogleEBayAmazonXIgnite (financial computations)Hundreds of othersSee www.xmethods.comBut remember, many are not public.An SOA would have many in house webservices.
![Page 4: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/4.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
XML Web Services & Cryptography
Bob and Alice want to exchange SOAP messages.
Eve and Mallory need to be taken
seriously.
![Page 5: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/5.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
What’s going on?
Web Services Security (WSS) specification from OASIS
Message confidentiality
Message authentication
End-to-end (not just point-to-point like SSL)
![Page 6: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/6.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
The WS Cryptography Stack
XML Web Services SecuritySAML (Security Assertion ML),XKMS (XML Key Management Specification),
XACML (eXtensible Access Control Markup Language)
XMLDSIG (W3C)XMLENC (W3C)
.NET Crypto API’s Java Security API’s
![Page 7: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/7.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
The Need For Web Services
Application integration within the enterpriseApplication integration across enterprise boundaries customers partners suppliersService Oriented Architecture is often built ona web service foundation
![Page 8: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/8.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
A Tourism Supply Chain
Tourists Tour Operator
Car Rental
HotelHotel
Car Rental
Hotel
RoomRentInfoForAll()
RoomRentInfoForPartnersOnly()
Without XML/WSS - message formats must be agreed to - coarse-grained protection provided by firewalls
With XML/WSS - SOAP is used for RPC or messaging - WSS provides fine grained security decisions
Anyone may call
Restricted callers
![Page 9: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/9.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Service Oriented Architecture
Hotel
RoomRentInfoForAll()
RoomRentInfoForPartnersOnly()
SOAP Server
SOAP (XML RPC) over HTTP
![Page 10: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/10.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Listing 1 SOAP RequestPOST /Vendors HTTP/1.1Host: www.myHotel.comContent-Type: text/xml;Charset=utf-8Content-Length: 350SOAPACtion:""
<?xml version='1.0'?> <SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/' > <SOAP-Env:Body> <s:GetSpecialDiscountedBookingForPartners xmlns:s='http://www.MyHotel.com/partnerservice/' > <!--Parameters passed with the method call--> </s:GetSpecialDiscountedBookingForPartners> </SOAP-Env:Body> </SOAP-Env:Envelope>
![Page 11: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/11.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Listing 2 SOAP Response
HTTP/1.0 200 OKContent-Type: text/xml; charset=utf-8Content-Length: 1474
<?xml version="1.0"><SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/' > <SOAP-ENV:Body> <m:GetSpecialDiscountedBookingForPartnersResponse xmlns:m="http://www.MyHotel.com/partnerservice/" > <!-- Booking confirmation details--> </m:GetSpecialDiscountedBookingForPartnersResponse> </SOAP-ENV:Body></SOAP-ENV:Envelope>
![Page 12: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/12.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
1st Generation Web Services
SOAP Client SOAPServer
Hotel Class
RDBMS
![Page 13: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/13.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
2ND Generation Web Services
SOAPServer
Hotel Class
RDBMS
SOAP Client SOAPServer
Tour Planning
Class
![Page 14: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/14.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
3RD Generation Web Services
SOAPServer
Hotel Class
RDBMS
SOAP Client SOAPServer
Tour Planning
Class
SOAPServer
Plane Class
RDBMS
SOAPServer
Tour Planning
Class
WS-Transaction
![Page 15: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/15.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
WS Security
SOAP Client SOAP
ServerHotel Class
RDBMS
SOAP Server (SOAP Aware Firewall)• inspect SOAP message• match user roles with access lists• XML Signature (not SOAP specific)• XML Encryption (not SOAP specific)• WSS (SOAP specific use of XMLEnc and XMLDsig)• Security Access Markup Language (SAML) for single sign on replacing HTTP cookies• XACML (extensible Access Control Markup Language) to express authorization and access policies
![Page 16: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/16.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
XML SignatureAn IETF/W3C Recommendation
![Page 17: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/17.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
XML Digital Signatures
Review Message Digest message + digest algorithm -> hash value transmit (message,hash value) pair useful for checking if errors occurred
Problem Mallory might replace the message, hash value
pair with her own message, hash value pair.
![Page 18: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/18.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
XML Digital Signatures
• Solution: get a symmetric key involved in the calculation of the hash.• Solution: Given a message m, compute a hash of m and encrypt the hash with an asymmetric private key.• Mallory doesn’t know the keys. So, she can’t forge the signature.• But how do we do this in XML?
![Page 19: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/19.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
XML Signature
• XML Signatures are digital signatures used in XML transactions
• May be used to sign only a portion of an XML document. The document might have
a long history with different parts holding different signatures
• The signature may apply to XML or non-XML data
![Page 20: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/20.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Referencing What is Signed
• The XML Signature may hold a URI
• The signature may be a sibling of what is signed.
• The signature may be a parent of what is signed.
• The signature may be a child of what is signed
![Page 21: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/21.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
XMLDsig General Form
The Components of an XML Signature
![Page 22: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/22.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
The <Reference> Element
• Each signed resource is specified with
a <Reference> element
• A typical <Reference> element will contain
- a pointer to what is signed
- a digest method (for example SHA1)
- and a digest value of the signed data in
base 64 notation
![Page 23: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/23.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
The <Reference> Element
<Reference URI = “http://.../po.xml”> <DigestMethod>….</DigestMethod> <DigestValue> calculated digest of po.xml </DigestValue> </Reference>
This is the locationof the document beingsigned.
![Page 24: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/24.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
We may have many references
<Reference>
pointer, digest method, digest value
</Reference>
:
<Reference>
pointer, digest method, digest value
</Reference>
![Page 25: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/25.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Place Within a SignedInfo Element
<SignedInfo> <CanonicalizationMethod> algorithm used on SignedInfo element <SignatureMethod> for example dsa-sha1 <Reference> pointer, digest method, digest value </Reference> <Reference> pointer, digest method, digest value </Reference>
</SignedInfo>
![Page 26: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/26.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Compute Digest of SignedInfo
<SignedInfo> <CanonicalizationMethod> algorithm used on
SignedInfo element
<SignatureMethod> for example dsa-sha1
<Reference>
pointer, digest method, digest value
</Reference>
<Reference>
pointer, digest method, digest value
</Reference>
</SignedInfo>
![Page 27: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/27.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Sign the digest and place value in a SignatureValue element…
<SignedInfo> <CanonicalizationMethod> algorithm used on SignedInfo element <SignatureMethod> for example dsa-sha1 <Reference> pointer, digest method, digest value </Reference> <Reference> pointer, digest method, digest value </Reference></SignedInfo>
<SignatureValue>Base 64 signature of the SignedInfo Element
</SignatureValue>
![Page 28: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/28.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Enclose in a Signature Element
<SignedInfo> <CanonicalizationMethod> algorithm used on SignedInfo element <SignatureMethod> for example dsa-sha1 <Reference> pointer, method, digest value </Reference> <Reference> pointer, method, digest value </Reference></SignedInfo><SignatureValue>Base 64 signature of the SignedInfo Element</SignatureValue>
<Signature>
</Signature>
![Page 29: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/29.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
We may include KeyInfo
<SignedInfo> <Canonicalization> <SignatureMethod> <Reference>… <Reference>…</SignedInfo><SignatureValue>Base 64 signature of the SignedInfo Element</SignatureValue>
<KeyInfo> <X509Data> <X509SubjectName>CN=Cristina McCarthy, O=CMU,… <X509Certificate> base 64 public key and identity signed by
a CA </X509Certificate> </X509Data></KeyInfo>
<Signature>
</Signature>
![Page 30: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/30.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
KeyInfo Element in XMLDsig
• Optional element
• Holds key information required to validate the signature or
• Points to that key information
• May have children such as
<PGPData> <SPKIData> <X509Data>
![Page 31: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/31.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
What Can Mallory Do?
Can she modify the CA signed certificate so that someone else appears to have signed the document?
Can she modify what is being pointed by the reference element?
Can she change the canonicalization method?
Can she change the contents of the signature method tag?
![Page 32: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/32.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Verification
1. Canonicalize the SignedInfo element.2. Compute the digest of the SignedInfo element using the method described within it3. Compare the above value with that value got from applying the signer’s public key to the value in the SignatureValue element4. Compute digests of referenced items (after any transformations) and compare those digests found within each reference tag
![Page 33: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/33.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Using IBM’s XML Security Suite
![Page 34: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/34.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Signing in Three Steps(1)
Prepare a Signature DOM tree
This an XML document holding the Signature element.
This may be done with an XSS4J TemplateGenerator or with an existing template document
![Page 35: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/35.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Signing in Three Steps(2)
2. Create an XSS4J SignatureContext instance
-- may be used to fetch resource to be signed using URLConnection -- may used to find an element being referred to within the same
document -- has a sign() method
![Page 36: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/36.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Signing in Three Steps(3)3. Sign with the sign method of the XSS4J SignatureContext object
Prepare a key object (holding the private key in DSS or RSA) used to sign
Prepare a KeyInfo object with an X509 certificate
Insert the KeyInfo into the Signature element
sigContext.sign(sigElement, key)
![Page 37: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/37.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Sign a grade book
Gradebook.xml
<?xml version="1.0" encoding="UTF-8"?><GradeBook> <Student> <Score>100</Score> <Score>89</Score> </Student></GradeBook>
![Page 38: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/38.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
We need keys…
D:\..\95-804\IBMXMLSecuritySuite\SampleSign2>
keytool -genkey -keyalg RSA -keystore test.keystore
-dname "CN=Mike McCarthy, OU=Heinz School,
O=CMU, L=Pgh, S=PA, C=US" -alias mjm
-storepass sesame -keypass sesame
Creates test.keystore holding keys and a self-signed certificate
![Page 39: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/39.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Run XSS4J’s SampleSign2
D:\...\95-804\IBMXMLSecuritySuite\
SampleSign2>java SampleSign2 mjm
sesame sesame
-embxml gradebook.xml > signature.xml
Key store: test.keystore
Sign: 851ms
![Page 40: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/40.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Examine Signature.xml<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
![Page 41: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/41.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
<Reference URI="#Res0"> <Transforms> <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-
c14n-20010315"> </Transform> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"> </DigestMethod> <DigestValue>m6f9xhOc4iEXokD/29V9EsdY3yI= </DigestValue> </Reference>
We are signing resource 0
Transforms
Prior to hashing
![Page 42: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/42.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
</SignedInfo> <SignatureValue>
Gll1H/uplOwfaX3j7ST6UqQlc92Hx2nsCdN2KWz32CW0D4hH64n32v/InkGux1dYgTya6S4s55iHqZEjDpH2I359H4PAxBYYXJj4LUBNxAFxUcDy6xrEUbLnKeutT5pf1DBSmxg9Cp3PO5Rs36nVN8GVfnFl1M86WQd19/RsAnA=
</SignatureValue>
![Page 43: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/43.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
<KeyInfo> <KeyValue> <RSAKeyValue> <Modulus>
7V5eyhVaw0clED11H6PTPoKQA1VxrLAugU3QxKA0hbbUOiavFbqCdc6Z+Fe9JZFMkS
Iqdl+khwWwd+AIsRyrN4V2DWm1f+xyYQf6bdZgCaVVgkST1BpQxBTgNKRcS5VbLrXf
4MXb5TbhA+eo1Qbr2IjlV10aLbVhUk/g+ylag+k= </Modulus> <Exponent>AQAB</Exponent> </RSAKeyValue> </KeyValue>
![Page 44: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/44.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
<X509Data> <X509IssuerSerial> <X509IssuerName>CN=Mike McCarthy,OU=Heinz School,O=CMU,L=Pgh,ST=PA,C=US </X509IssuerName> <X509SerialNumber>1049138061 </X509SerialNumber> </X509IssuerSerial> <X509SubjectName>CN=Mike McCarthy,OU=Heinz School,O=CMU,L=Pgh,ST=PA,C=US </X509SubjectName> <X509Certificate>
![Page 45: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/45.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
MIICPDCCAaUCBD6Ik40wDQYJKoZIhvcNAQEEBQAwZTELMAkGAUEBhMCVVMxCzAJBgNVBAgTAlBBMQwwCgYDVQQHEwNQZ2gxDAKBgNVBAoTA0NNVTEVMBMGA1UECxMMSGVpbnogU2Nob29sRYwFAYDVQQDEw1NaWtlIE1jQ2FydGh5MB4XDTAzMDMzMTE5MQyMVoXDTAzMDYyOTE5MTQyMVowZTELMAkGA1UEBhMCVVMxzAJBgNVBAgTAlBBMQwwCgYDVQQHEwNQZ2gxDDAKBgNVBAoT0NNVTEVMBMGA1UECxMMSGVpbnogU2Nob29sMRYwFAYDVQQEw1NaWtlIE1jQ2FydGh5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDtXl7KFVrDRyUQPXUfo9M+gpADVXGssC6BTDEoDSFttQ6Jq8VuoJ1zpn4V70lkUyRIip2X6SHBbB34AixHKs3hXYNbV/7HJhB/pt1mAJpVWCRJPUGlDEFOA0pFxLlVsutd/gxdvlNuED56jVBuvYiOVXXRottWFST+D7KVqD6QIDAQABMA0GCSqG3DQEBBAUAA4GBAMpUaA8Cw8mKQn408KuV4xrTciEEcTLNniDGn8d9W1fR4veqhKz8L8+886+4bNS5Wih+1oEC5k/da23QicpTdXfUyA1c9Zu3cGU4ulUfhFPWv0IgdpI63KQt9QwsuTxWck5dAta2+KWWTv85IByHXgoaDlvJ65JjT87nAPAI3
![Page 46: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/46.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
</X509Certificate> </X509Data> </KeyInfo> <dsig:Object xmlns="" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="Res0">
<GradeBook> <Student> <Score>100</Score> <Score>89</Score> </Student> </GradeBook> </dsig:Object></Signature>
The resource 0 object
![Page 47: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/47.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Let’s change the low grade!
<dsig:Object xmlns="" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="Res0">
<GradeBook> <Student> <Score>100</Score> <Score>100</Score> </Student></GradeBook></dsig:Object>
![Page 48: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/48.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
And run verify…D:\McCarthy\www\95-804\IBMXMLSecuritySuite\SampleSign2>java VerifyCUI <
signature.xml
The signature has a KeyValue element.The signature has one or more X509Data elements.Checks an X509Data:1 certificate(s).
Certificate Information: Version: 1 Validity: OK SubjectDN: CN=Mike McCarthy, OU=Heinz School, O=CMU, L=Pgh, ST=PA, C=US IssuerDN: CN=Mike McCarthy, OU=Heinz School, O=CMU, L=Pgh, ST=PA, C=US Serial#: 0x3e88938dTime to verify: 521 [msec]Core Validity: NGSignature Validity: OK[0] "#Res0" NG: Digest value mismatch: calculated: tfVyHns8wRB6l/HDU2dXZkzf+7Q=Exception in thread "main" java.lang.RuntimeException: Core Validity: NG at dsig.VerifyCUI.main(VerifyCUI.java:137)
![Page 49: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/49.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Another Example PO.XML
<?xml version="1.0" encoding="UTF-8"?><PurchaseOrder xmlns="urn:purchase-order"> <Customer> <Name>Robert Smith</Name> <CustomerId>788335</CustomerId> </Customer> <Item partNum="C763"> <ProductId>6883-JF3</ProductId> <Quantity>3</Quantity> <ShipDate>2002-09-03</ShipDate> <Name>ThinkPad X20</Name> </Item></PurchaseOrder>
![Page 50: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/50.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
PO After Signing<?xml version='1.0' encoding='UTF-8'?><SignedPurchaseOrder>
<PurchaseOrder id="id0" xmlns="urn:purchase-order"> <Customer> <Name>Robert Smith</Name> <CustomerId>788335</CustomerId> </Customer> <Item partNum="C763"> <ProductId>6883-JF3</ProductId> <Quantity>3</Quantity> <ShipDate>2002-09-03</ShipDate> <Name>ThinkPad X20</Name> </Item> </PurchaseOrder>
![Page 51: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/51.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI="#id0"> <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>UfeiscUCL7QkhZtRDLWDPWLpVlA=</DigestValue> </Reference> </SignedInfo>
![Page 52: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/52.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
<SignatureValue>
Ptysg8WdHI2mxwryOOt5I9r9qZm/2gNFNOJyH1Wak4nCUegRpe72tWnsigAKZyopmgUSH3TG
aGGQF1BTSvk3JUUY/ljrw+5FpTpf3hgZBi7GSWf6WtXqZvMYGUKIlvR/421MZg7P9XRUyy37
ZUzQHtmCYkBorEkEx1J4CYB0G2c=
</SignatureValue>
![Page 53: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/53.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
<KeyInfo>
<X509Data> <X509Certificate> MIIDGjCCAoOgAwIBAgICAQAwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCSlAxETAPBgNVBAgT CEthbmFnYXdhMQ8wDQYDVQQHEwZZYW1hdG8xDDAKBgNVBAoTA0lCTTEMMAoGA1UECxMDVFJMMRAw
DgYDVQQDEwdUZXN0IENBMB4XDTAxMTAwMTA3MTYxMFoXDTExMTAwMTA3MTYxMFowUDELMAkGA1UE
BhMCSlAxETAPBgNVBAgTCEthbmFnYXdhMQwwCgYDVQQKEwNJQk0xDDAKBgNVBAsTA1RSTDESMBAG A1UEAxMJU2lnbmF0dXJlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvnFQiPEJnUZnkmzoc MjsseD8ms9HBgasZR0VOAvsby5aajsm9CtB18dDCemDXZ2YjBdprX+epfF4SLNP5ankfphhr9QXA NJdCKpyF3jPoydckle7E7gI9w3Q4NDa4ryVOuIS2qev6jlE7OVPqiXIDVlCH4u6GbIoJEpJ57yzx
dQIDAQABo4HzMIHwMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMCwGCWCGSAGG+EIBDQQfFh1PcGVu
U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUYapFv9MvQ9NNn1Q7zgzqka4XORsw gYgGA1UdIwSBgDB+gBR7FuT9bLBj3vVsgAzIeYa4hBUZBaFjpGEwXzELMAkGA1UEBhMCSlAxETAP BgNVBAgTCEthbmFnYXdhMQ8wDQYDVQQHEwZZYW1hdG8xDDAKBgNVBAoTA0lCTTEMMAoGA1UECxMD VFJMMRAwDgYDVQQDEwdUZXN0IENBggEAMA0GCSqGSIb3DQEBBQUAA4GBALFzGDXMzxJvOnCdJCMZ 2NsZdz1+wmoYyejB5J6Ch2ygdPeibMnW/CiYKCTWBhpEgxEqr1BNlgSVqA6nyvjHsVIvgBfwx37D hJ5hz4azpWu1X22XqyU9fUqoQUtEAdM/MlLekBkprkJVb9uJXTFzzvm/3DoEiBkX/BT78YdM8eq0 </X509Certificate> </X509Data>
</KeyInfo></Signature>
</SignedPurchaseOrder>
![Page 54: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/54.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
WSS XMLDSig Listing 1
<?xml version=”1.0”?><SOAP-ENV:Envelope xmlns:SOAP-ENV=”http://schemas.xmlsoap.org/soap/envelope/”> <SOAP-ENV:Body> <s:GetSpecialDiscountedBookingForPartners xmlns:s=“http://www.MyHotel.com/partnerservice/”> <!--Parameters passed with the method call--> </s:GetSpecialDiscountedBookingForPartners> </SOAP-ENV:Body></SOAP-ENV:Envelope>
From “Web Services Security”, Bilal SiddiquiThere is no XMLDS in this example.
![Page 55: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/55.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Sign The SOAP Request <?xml version=”1.0”?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV=”http://schemas.xmlsoap.org/soap/envelope/” xmlns:ds=”http://www.w3.org/2000/09/xmldsig#”>
<SOAP-ENV:Header> <ds:Signature> <!– wraps all other XMLDS elements <ds:SignedInfo> <!– note the ds prefix </ds:SignedInfo> <!– note three children of Signature <ds:SignatureValue> </ds:SignatureValue> <ds:KeyInfo> </ds:KeyInfo> </ds:Signature> </SOAP-ENV:Header>
<SOAP-ENV:Body> <s:GetSpecialDiscountedBookingForPartners xmlns:s=“http://www.MyHotel.com/partnerservice/”> <!--Parameters passed with the method call--> </s:GetSpecialDiscountedBookingForPartners> </SOAP-ENV:Body></SOAP-ENV:Envelope>
![Page 56: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/56.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
<?xml version=”1.0”?><SOAP-ENV:Envelope xmlns:SOAP-ENV=”http://schemas.xmlsoap.org/soap/envelope/” xmlns:ds=”http://www.w3.org/2000/09/xmldsig#”>
<SOAP-ENV:Header> <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#GetSpecialDiscountedBookingForPartners"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms>
After Signing (1)
![Page 57: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/57.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue> BIUddkjKKo2... </ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> halHJghyf765.... </ds:SignatureValue> <ds:KeyInfo> <!– the key name for signature verification <ds:KeyName>MyKeyIdentifier</ds:KeyName> </ds:KeyInfo> <!– application dependent, perhaps a symmetric key ID </ds:Signature> </SOAP-ENV:Header>
After Signing (2)
![Page 58: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/58.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
<SOAP-ENV:Body> <s:GetSpecialDiscountedBookingForPartners xmlns:s=“http://www.MyHotel.com/partnerservice/” ID="GetSpecialDiscountedBookingForPartners"> <!--Parameters passed with the method call--> </s:GetSpecialDiscountedBookingForPartners> </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
After Signing (3)
![Page 59: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/59.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Validation Procedure
(1) Canonicalize the SignedInfo element.
(2) Check message integrity. We’ll need
a. the data to be digested
b. any transforms to perform first
c. the digest algorithm
(3) If the digests compare equal verify the
signature (continued)
![Page 60: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/60.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Validation Procedure
(3) If the digests compare equal verify the signature a. get the signer’s key (public key or shared secret) perhaps by consulting the <keyInfo> element. b. read the signature method used to compute the signature c. Attempt to verify and if we have a match call GetSpecialDiscountedBookingForPartners
![Page 61: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/61.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
XML Encryption
• W3C Recommendation 10 December 2002
• Notes from http://www-106.ibm.com/developerworks/library/x-encrypt/index.html
by Bilal Siddiqui
And “Secure XML” by Eastlake and Niles Addison Wesley
![Page 62: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/62.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
General Form 1
<EncryptedData>
<CipherData>
<CipherValue>
cipher text in Base 64
</CipherValue>
</CipherData>
</EncryptedData>
![Page 63: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/63.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
General Form 2
<EncryptedData>
<CipherData>
<CipherReference>
pointer (URL) to cipher text
</CipherReference>
</CipherData>
</EncryptedData>
![Page 64: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/64.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Replaces the encrypted element or
Serves as the new document root
May contain a KeyInfo element that describes the key needed for decryption (borrowed from XML Digital Signature) or
signature verification
EncryptedData is the core element
![Page 65: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/65.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
General Example (1)
<MedInfo> <ID> <Name> <Address> </ID> <Medical>…</Medical> <Financial>…</Financial></MedInfo>
![Page 66: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/66.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
General Example (2)
<MedInfo> <ID>….</ID> <EncryptedData> <KeyInfo> <KeyName>Medical </KeyInfo> <CipherData> <CipherValue> cipher text </EncryptedData>
![Page 67: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/67.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
General Example (3)
<Financial> <EncryptedData> <KeyInfo> <KeyName>Pay </KeyInfo> <CipherData> <CipherValue> cipher text
</EncryptedData></Finacial>
</MedInfo>
![Page 68: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/68.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Detailed Example (Listing 1)
<purchaseOrder>
<Order>
<Item>book</Item>
<Id>123-958-74598</Id>
<Quantity>12</Quantity>
</Order>
<Payment>
<CardId>123654-8988889-9996874</CardId>
<CardName>visa</CardName>
<ValidDate>12-10-2004</ValidDate>
</Payment>
</purchaseOrder>
![Page 69: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/69.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Encrypting the Entire File (Listing 2)
<?xml version='1.0' ?>
<EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#' Type='http://www.isi.edu/in-notes/iana/assignments/media-types/text/xml'>
<CipherData>
<CipherValue>A23B45C56…</CipherValue>
</CipherData>
</EncryptedData>
IANA = Internet Assigned Numbers Authority a function of The Internet Corporationfor Assigned Names and Numbers
![Page 70: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/70.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Encrypting The Payment (Listing 3)
<?xml version='1.0' ?> <PurchaseOrder> <Order> <Item>book</Item> <Id>123-958-74598</Id> <Quantity>12</Quantity> </Order> <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <CipherData> <CipherValue>A23B45C564587…</CipherValue> </CipherData> </EncryptedData> </PurchaseOrder>
One element
![Page 71: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/71.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Encrypting Only the CardId (Listing 4)
<?xml version='1.0' ?> <PurchaseOrder> <Order> <Item>book</Item> <Id>123-958-74598</Id> <Quantity>12</Quantity> </Order> <Payment> <CardId> <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Content' xmlns='http://www.w3.org/2001/04/xmlenc#'> <CipherData> <CipherValue>A23B45C564587</CipherValue> </CipherData> </EncryptedData> </CardId> <CardName>visa</CardName> <ValidDate>12-10-2004</CardName> </Payment> </PurchaseOrder>
Element content
![Page 72: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/72.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Encrypting Non-XML Data (Listing 5)
<?xml version='1.0' ?>
<EncryptedData xmlns='http://www.w3.org/2001/04/xmlen#'
Type='http://www.isi.edu/in-notes/iana/assignments/media-types/jpeg' >
<CipherData>
<CipherValue>A23B45C56…</CipherValue>
</CipherData>
</EncryptedData>
![Page 73: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/73.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Sending a public key (listing 6)<?xml version='1.0' ?> <SecureCommunicationDemonstration> <EncryptedKey CarriedKeyName="Muhammad Imran" xmlns='http://www.w3.org/2001/04/xmlenc#'> <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> <ds:KeyValue>1asd25fsdf2dfdsfsdfds2f1sd23 </ds:KeyValue> </ds:KeyInfo> </EncryptedKey></SecureCommunicationDemonstration>
This key is in the clear.
![Page 74: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/74.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Receiving a Secret Key Encrypted with a Public Key (listing 7)
<?xml version='1.0' ?> <SecureCommunicationDemonstration> <EncryptedKey CarriedKeyName="Imran Ali" xmlns='http://www.w3.org/2001/04/xmlenc#'> <EncryptionMethod Algorithm= "http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <CipherData> <CipherValue>xyza21212sdfdsfs7989fsdbc </CipherValue> </CipherData> </EncryptedKey></SecureCommunicationDemonstration>
This key is encrypted.It’s name is Imran Ali.
![Page 75: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/75.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Data Encrypted to Secret Key (Listing 8)
<?xml version='1.0' ?> <<SecureCommunicationDemonstration> <Order> <Item>book</Item> <Id>123-958-74598</Id> <Quantity>12</Quantity> <CardName>Visa</CardName> <ExpDate>10-10-2005</ExpDate> <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#tripledes-cbc '/> <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> <ds:KeyName>Imran ali</ds:KeyName> </ds:KeyInfo> <CipherData> <CipherValue>A23B45C564587</CipherValue> </CipherData> </EncryptedData> </Order> </SecureCommunicationDemonstration>
An element is encryptedwith the Imran Ali key.
![Page 76: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/76.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Pointing to encrypted data (listing 9)
<?xml version='1.0' ?> <EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#' Type= 'http://www.w3.org/2001/04/xmlenc#Element'> <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> <ds:KeyName>Imran ali</ds:KeyName </ds:KeyInfo> <CipherData> <CipherReference URI="www.waxsys.com/secureData/waxFile.txt"/> </CipherData> </EncryptedData> The external source is encrypted
with the Imran Ali key.
![Page 77: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/77.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Point to a distant encrypted element (Listing 10)
<?xml version='1.0' ?> <EncryptedData ID="Enc-Data" xmlns='http://www.w3.org/2001/04/xmlenc#'
Type='http://www.w3.org/2001/04/xmlenc#Element' > <CipherReference URI="http://www.waxsys.com/EncFile.xml" > <Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#" > <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC- xpath-19991116"> <wax:XPath xmlns:wax="http://www.waxsys.com/xpathNS"> PruchaseOrder/EncryptedData [@Id="Imran-Enc-Data"] </wax:XPath> </ds:Transform> </Transforms> </CipherReference> </EncryptedData>
XPath is being used to point to the exact element that is encrypted.
![Page 78: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/78.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
SOAP Response <?xml version="1.0" encoding="UTF-8"?> <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://xmlsoap.org/Ping" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <env:Header> <wsse:Security xmlns:wsse= "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1"> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="Id-2811617958072086928">MIIDWTCCAsKgAwIBAgIBATANBgkqhki G9w0BAQQFADB0MQswCQYDVQQGEw TkExCzAJBgNVBAcTAk5BMQswCQYDV Truncated for slides </wsse:BinarySecurityToken>
![Page 79: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/79.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#Id-2759303837586178391"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>+wIvYh7do417KoMegTdIsceVwa4=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Id-6781605803276963"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>LmLfuY64iaJ1GNm2tYFVxbGrFO8=</ds:DigestValue> </ds:Reference> </ds:SignedInfo>
![Page 80: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/80.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
<ds:SignatureValue> kSzWeh29OTfPhYl1/+8RM2z2puuWXrfJLU6k+8MlC0PRYljt279NzSVgWUuKsCjYEggAtY6OEKIC hvNp18NQ3Im2NOb35vsFCzc4GQkIm8jn70TF9YF+vEYx5xX39f7mV96YMuwWfebYAAS/AEOnx/zh /YNfPT6l5oSdd2l5OzI= </ds:SignatureValue> <ds:KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference URI="#Id-2811617958072086928" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-6781605803276963"> <wsu:Created>2005-04-09T15:27:44Z</wsu:Created> <wsu:Expires>2005-04-09T15:32:44Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </env:Header>
![Page 81: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/81.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
<env:Body xmlns:wsu= "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-2759303837586178391"> <ns0:PingResponse> <ns0:text>Hello! Mike!</ns0:text> </ns0:PingResponse> </env:Body> </env:Envelope>
![Page 82: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/82.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Tell The Client to Encrypt<xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:Service> <xwss:SecurityConfiguration dumpMessages="true"> <!-- Since no targets have been specified below, the contents of the soap body would be encrypted by default. --> <xwss:Encrypt> <xwss:X509Token certificateAlias="s1as"/> </xwss:Encrypt> </xwss:SecurityConfiguration> </xwss:Service>
<xwss:SecurityEnvironmentHandler> com.sun.xml.wss.sample.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler>
</xwss:JAXRPCSecurity>
![Page 83: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/83.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Tell the server to require encryption
<xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:Service> <xwss:SecurityConfiguration dumpMessages="true"> <!-- Encryption requirement. As no target is specified, the contents of the soap body of the request are expected to be encrypted. --> <xwss:RequireEncryption/> </xwss:SecurityConfiguration> </xwss:Service>
<xwss:SecurityEnvironmentHandler> com.sun.xml.wss.sample.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler>
</xwss:JAXRPCSecurity>
![Page 84: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/84.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Encrypted Request <?xml version="1.0" encoding="UTF-8"?> <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://xmlsoap.org/Ping" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <env:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1"> <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="Id-6842673312555922560">MIIDWTCCAsKgAwIBAgIBATANBgkqhki G9w0BAQQFADB0MQswCQYDVQQGEw Large truncation for slides
![Page 85: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/85.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
</wsse:BinarySecurityToken> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference> <wsse:Reference URI="#Id-6842673312555922560" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>KB79tvoF6Bu7JeL2Re6iGG8 BhdhOFcZiNDJrJNe8lV3GE6 Sk+s453IF3GFpmkmQttPhzH1D HKQ+2nFjIWPdyZObK3cVyDf rox7Ysjbfuo4TNwElHvKtnGVNb cQIGWiwyxHIZCjqCdF8LM8E1 gCZgYSaRh3V48VMlOsfZ8RCR Vjw= </xenc:CipherValue> </xenc:CipherData>
![Page 86: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/86.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
<xenc:ReferenceList> <xenc:DataReference URI="#Id7870285788177789579"/> </xenc:ReferenceList> </xenc:EncryptedKey> </wsse:Security> </env:Header> <env:Body> <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="Id7870285788177789579" Type="http://www.w3.org/2001/04/xmlenc#Content"> <xenc:EncryptionMethod Algorithm= "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <xenc:CipherData> <xenc:CipherValue> SL1G08+bGFaqEOefJWtBpOipgkvs8i7JWNwoGum5TO EyZkStSKav/lYygoC5/ji11rccnQWNq/Tg1eYX52UTalAS Large truncation for slides </xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </env:Body> </env:Envelope>
![Page 87: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/87.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
SOAP Response <?xml version="1.0" encoding="UTF-8"?> <env:Envelope xmlns:env= "http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://xmlsoap.org/Ping" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <env:Body> <ns0:PingResponse> <ns0:text>Hello! Mike!</ns0:text> </ns0:PingResponse> </env:Body> </env:Envelope>
![Page 88: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/88.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Tell the client to send a username/password
<xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:Service> <xwss:SecurityConfiguration dumpMessages="true"> <!-- Default: Digested password will be sent. --> <xwss:UsernameToken name="Ron" password="noR"/> </xwss:SecurityConfiguration> </xwss:Service>
<xwss:SecurityEnvironmentHandler> com.sun.xml.wss.sample.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler>
</xwss:JAXRPCSecurity>
![Page 89: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/89.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
Username/Password Request<?xml version="1.0" encoding="UTF-8"?> <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://xmlsoap.org/Ping" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <env:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
![Page 90: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/90.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
<wsse:UsernameToken> <wsse:Username>Ron</wsse:Username> <wsse:Password>****</wsse:Password> <wsse:Nonce EncodingType= "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"> yk/r/wJ0Ny/vbkm9OKpZwR6s </wsse:Nonce> <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> 2005-04-09T20:48:40Z </wsu:Created> </wsse:UsernameToken> </wsse:Security> </env:Header> <env:Body> <ns0:Ping> <ns0:ticket>SUNW</ns0:ticket> <ns0:text>Hello!</ns0:text> </ns0:Ping> </env:Body> </env:Envelope>
![Page 91: 95-702 OCT Master of Information System Management 95-702 OCT Week 10 Securing Web Services XML Digital Signature XML Encryption Web Service Security](https://reader030.vdocuments.net/reader030/viewer/2022032704/56649d5f5503460f94a3f8c1/html5/thumbnails/91.jpg)
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
95-702 OCTMaster of Information System
Management
SOAP Response <?xml version="1.0" encoding="UTF-8"?> <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://xmlsoap.org/Ping" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <env:Body> <ns0:PingResponse> <ns0:text>Hello! Mike!</ns0:text> </ns0:PingResponse> </env:Body> </env:Envelope>