![Page 1: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/1.jpg)
The Secured Enterprise: Leverage OpenID with Web
Services
OSCON July 20 – 24 , 2009 San Jose, California
..
Prabath SiriwardenaTechnical Lead & Product Manager
WSO2
![Page 2: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/2.jpg)
WSO2 is an innovative Open Source technology company devoted to building Web services middleware for your SOA. Offering leading products, support and other services, WSO2 was founded in August 2005. It is a global corporation with offices located in USA, UK and Sri Lanka.
![Page 3: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/3.jpg)
40,000,000credit card numbers stolen
![Page 4: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/4.jpg)
![Page 5: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/5.jpg)
Security needs to be by design
NOT an after thought
![Page 6: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/6.jpg)
What do we need to secure…
ROUND TABLE DISCUSSION
![Page 7: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/7.jpg)
We have a bunch of services
already developed and some under development….
ROUND TABLE DISCUSSION
![Page 8: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/8.jpg)
Yes…. we need to make sure all the data transferred are secured….
ROUND TABLE DISCUSSION
![Page 9: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/9.jpg)
How about securing data
transfer between service and the client through
HTTPS….
ROUND TABLE DISCUSSION
![Page 10: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/10.jpg)
HTTPS is not bad.. But still it
has certain limitations…
ROUND TABLE DISCUSSION
![Page 11: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/11.jpg)
Transport level encryption
Point to point
Entire message needs to be encrypted
Adds less weight on message payload
Applies only to HTTP
NOTES…… HTTPS
![Page 12: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/12.jpg)
How about message level
security?
ROUND TABLE DISCUSSION
![Page 13: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/13.jpg)
End to End
Parts of the message can be encrypted
Adds more weight on message payload
Transport Independent
NOTES…… MESSAGE LEVEL SECURITY
![Page 14: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/14.jpg)
Yes – let’s finalize on
Message level security….
ROUND TABLE DISCUSSION
![Page 15: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/15.jpg)
How can we use Message Level
Security to protect our services…
ROUND TABLE DISCUSSION
![Page 16: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/16.jpg)
Confidentiality
NOTES…… CIA
Integrity
Authentication
![Page 17: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/17.jpg)
The assurance that a message has not been read by anyone other than the intended reader
NOTES…… CONFIDENTIALITY
![Page 18: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/18.jpg)
The assurance that data is complete and accurate
NOTES…… INTEGRITY
![Page 19: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/19.jpg)
The verification of a claimed identity
NOTES…… AUTHENTICATION
![Page 20: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/20.jpg)
Can we make sure we
interoperate with the rest…
ROUND TABLE DISCUSSION
![Page 21: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/21.jpg)
Yes… we need not to re-implement the wheel… what is the standard to
achieve C-I-A with message
level security…?
ROUND TABLE DISCUSSION
![Page 22: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/22.jpg)
Defines how to achieve confidentiality, integrity and authentication with SOAP messages
NOTES…… WSSECURITY
Does not define a new security technology only focuses on applying existing security technologies to SOAP messages
![Page 23: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/23.jpg)
With UserNameToken defined in WS-
Security enables us to authenticate users
with username/password…
ROUND TABLE DISCUSSION
![Page 24: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/24.jpg)
NOTES…… USERNAMETOKEN <wsse:UsernameToken wsu:Id="Example-1">
<wsse:Username> ... </wsse:Username><wsse:Password
Type="..."> ... </wsse:Password><wsse:Nonce
EncodingType="..."> ... </wsse:Nonce><wsu:Created> ... </wsu:Created>
</wsse:UsernameToken>
![Page 25: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/25.jpg)
WS-Security brings XML Encryption to
enable confidentiality in SOAP Messages….
ROUND TABLE DISCUSSION
![Page 26: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/26.jpg)
Shared Key
Key Wrapping
NOTES…… ENCRYPTION
![Page 27: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/27.jpg)
A shared key for both encryption and decryption
Can operate on large plain text messages
NOTES…… SHARED KEY
Uses public key encryption to manage shared key distribution securely
Fast
![Page 28: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/28.jpg)
Both the client & the service need not to have a certificate
A shared key is derived through the service’s certificate
NOTES…… KEY WRAPPING
Further communication being encrypted with the derived shared key
![Page 29: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/29.jpg)
Integrity comes through the XML
Signature….
ROUND TABLE DISCUSSION
![Page 30: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/30.jpg)
Integrity
Non repudiation
NOTES…… SIGNATURE
![Page 31: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/31.jpg)
NOTES……
XML SignatureXML
EncryptionUsername
Token ProfileX.509 Token
Profile
WS ‐ Security
![Page 32: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/32.jpg)
Okay… now all our services are
secured with ws-security… What is
next?
ROUND TABLE DISCUSSION
![Page 33: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/33.jpg)
We need to see who should be given access to our services….
ROUND TABLE DISCUSSION
![Page 34: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/34.jpg)
Definitely all the internal users…
ROUND TABLE DISCUSSION
![Page 35: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/35.jpg)
…also some of our partner
companies….
ROUND TABLE DISCUSSION
![Page 36: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/36.jpg)
Okay… we can easily
authenticate internal users
with UserNameToken - since we have their credentials
internally….
ROUND TABLE DISCUSSION
![Page 37: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/37.jpg)
But we don’t maintain
credentials of external users… coming from our
partner companies….
ROUND TABLE DISCUSSION
![Page 38: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/38.jpg)
We need not to maintain
external user credentials… we
only need to trust our partners….
ROUND TABLE DISCUSSION
![Page 39: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/39.jpg)
…and that is what WS-Trust
does….
ROUND TABLE DISCUSSION
![Page 40: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/40.jpg)
NOTES…… WSTRUST
![Page 41: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/41.jpg)
We need not to authenticate individual external users
NOTES…… TRUSTING PARTENERS
We only TRUST external partners
All the requests coming through external users need to be signed by the corresponding partner companies
Only the requests signed by TRUSTED partners will let in
![Page 42: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/42.jpg)
…also our users need access to
external systems.. Out of our domain….
ROUND TABLE DISCUSSION
![Page 43: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/43.jpg)
That is exactly the other side of
what we just discussed.. We
need to maintain an internal STS
ROUND TABLE DISCUSSION
![Page 44: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/44.jpg)
All the requests going out side from internal users need to have a security token issued by the internal STS
NOTES…… STS
Internal users should authenticate them selves with the internal STS – prior to obtaining a security token
External services need to trust our STS
![Page 45: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/45.jpg)
NOTES……
XML Signature
XML Encryption
Username Token Profile
X.509 Token Profile
WS ‐ Security
WS ‐ Trust
![Page 46: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/46.jpg)
Now… the question is how are we going to
communicate our security
requirements to the rest…
ROUND TABLE DISCUSSION
![Page 47: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/47.jpg)
Let’s first list the security
requirements…..
ROUND TABLE DISCUSSION
![Page 48: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/48.jpg)
SECURITY REQUIREMENTS Internal users should authenticate with
user name / password when accessing services directly
![Page 49: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/49.jpg)
SECURITY REQUIREMENTS External users should present a security
token from a trusted STS
![Page 50: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/50.jpg)
SECURITY REQUIREMENTS Email address should be present in the
security token comes with the external users.
![Page 51: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/51.jpg)
SECURITY REQUIREMENTS Only some parts of the message needs to be
encrypted.
![Page 52: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/52.jpg)
SECURITY REQUIREMENTS Encryption algorithm should be AES.
![Page 53: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/53.jpg)
SECURITY REQUIREMENTS Encryption key size needs to be 256.
![Page 54: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/54.jpg)
SECURITY REQUIREMENTS All the parts in the <Body> must be signed
![Page 55: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/55.jpg)
We need a way to express all
these in a standard way….
ROUND TABLE DISCUSSION
![Page 56: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/56.jpg)
Ws-security policy exactly addresses that…
ROUND TABLE DISCUSSION
![Page 57: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/57.jpg)
Used to express security requirements of a Web service according to, What needs to be protected… What tokens to use… Algorithms, reference types, etc….
NOTES…… WSSECURITY POLICY
Security policies can be defined at the binding level / operation level
![Page 58: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/58.jpg)
NOTES……
XML Signature
XML Encryption
Username Token Profile
X.509 Token Profile
WS ‐ Security
WS ‐ Trust
WS‐Policy
WS‐SecurityPo
licy
![Page 59: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/59.jpg)
Everything looks good…. Is there a way we could make sure we
strictly follow the security polices
defined…
ROUND TABLE DISCUSSION
![Page 60: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/60.jpg)
Okay – that means we need to validate each and
every service developed…
ROUND TABLE DISCUSSION
![Page 61: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/61.jpg)
Yes – validation needs to happen at two stages…
ROUND TABLE DISCUSSION
![Page 62: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/62.jpg)
Design time validations will make sure we
adhere to proper standards and polices at the
time we develop …
ROUND TABLE DISCUSSION
![Page 63: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/63.jpg)
Runtime validations will make sure we
evaluate all the requests coming in
against the defined security
policies….
ROUND TABLE DISCUSSION
![Page 64: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/64.jpg)
Design time governance
NOTES…… SOA GOVERNANCE
Runtime time governance
![Page 65: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/65.jpg)
NOTES…… DESIGN TIME GOVERNANCE
![Page 66: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/66.jpg)
NOTES…… DESIGN TIME GOVERNANCE
![Page 67: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/67.jpg)
NOTES…… DESIGN TIME GOVERNANCE
![Page 68: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/68.jpg)
NOTES…… DESIGN TIME GOVERNANCE
MONITORING
![Page 69: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/69.jpg)
Yet… we haven’t figure out how to enforce policies
on users – or the requests coming through to our
services…
ROUND TABLE DISCUSSION
![Page 70: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/70.jpg)
Yes… we need to make sure all the requests comply with the defined security polices….
ROUND TABLE DISCUSSION
![Page 71: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/71.jpg)
NOTES…… MESSAGE INTERCEPTOR
GATEWAY PATTERN
![Page 72: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/72.jpg)
Provides a single entry point and allows centralization of security enforcement for incoming and outgoing messages.
NOTES…… MESSAGE INTERCEPTOR
GATEWAY PATTERN
Helps to apply transport-level and message-level security mechanisms required for securely communicating with a Web services endpoint.
![Page 73: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/73.jpg)
All the services can be deployed inside WSO2 Web Services Application Server [WSAS] – not publicly accessible
NOTES…… MIG IMPLEMENTATION
An open source web services engine powered by Apache Axis2
![Page 74: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/74.jpg)
NOTES…… MIG IMPLEMENTATION
![Page 75: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/75.jpg)
NOTES…… MIG IMPLEMENTATION
Service C
Service B
Service A
![Page 76: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/76.jpg)
NOTES…… MIG IMPLEMENTATION
Service C
Service B
Service A
![Page 77: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/77.jpg)
NOTES…… MIG IMPLEMENTATION
Service C
Service B
Service A
Authentication Module
Authorization Module [PEP]
LDAP
![Page 78: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/78.jpg)
NOTES…… WSO2 ESB –SECURING PROXY
SERVICES
![Page 79: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/79.jpg)
NOTES…… WSO2 ESB –SECURING PROXY
SERVICES
![Page 80: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/80.jpg)
NOTES…… WSO2 ESB –SECURING PROXY
SERVICES
![Page 81: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/81.jpg)
NOTES…… MIG IMPLEMENTATION
Service C
Service B
Service A
Authentication Module
Authorization Module [PEP]
LDAP
PAP
PDP
STS
![Page 82: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/82.jpg)
Claim-based security token service -mapping user attributes to defined claims, which can be used to enable identity federation with claim aware web services.
NOTES…… WSO2 IDENTITY SERVER
XACML Policy Administration Point & Policy Decision Point
![Page 83: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/83.jpg)
NOTES…… WSO2 IDENTITY SERVER STS
![Page 84: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/84.jpg)
NOTES…… WSO2 IDENTITY SERVER STS
![Page 85: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/85.jpg)
NOTES…… WSO2 IDENTITY SERVER –
PAP/PDP
![Page 86: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/86.jpg)
NOTES…… WSO2 IDENTITY SERVER –
PAP/PDP
![Page 87: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/87.jpg)
NOTES…… WSO2 IDENTITY SERVER
PAP
PDP
STS
![Page 88: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/88.jpg)
WS-Security / WS-Trust / WS-Security Policy
Message Interceptor Gateway Pattern
NOTES…… SUMMARY
WSO2 Governance Registry / WSO2 WSAS / WSO2 ESB / WSO2 Identity Server
![Page 89: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/89.jpg)
We have secured access to all our
backend services…
ROUND TABLE DISCUSSION
![Page 90: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/90.jpg)
Let’s think of securing the front
end….
ROUND TABLE DISCUSSION
![Page 91: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/91.jpg)
Yes… our backend services can be
accessed through either with a
direct client or with our web
portal….
ROUND TABLE DISCUSSION
![Page 92: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/92.jpg)
Also we already have different
web applications managed
internally…
ROUND TABLE DISCUSSION
![Page 93: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/93.jpg)
And it’s hard to have different credentials to
each web application….
ROUND TABLE DISCUSSION
![Page 94: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/94.jpg)
Let’s redesign authentication for all our web applications….
ROUND TABLE DISCUSSION
![Page 95: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/95.jpg)
One more thing… we also need to give access to
external users to the web portal as
well…
ROUND TABLE DISCUSSION
![Page 96: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/96.jpg)
Too many passwords
NOTES…… PROBLEMS TO BE
ADDRESSED Single Sign On
Giving access to external domain users
![Page 97: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/97.jpg)
Decentralized Single Sign On
NOTES…… OPENID
Single User Profile
Identity Federation
![Page 98: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/98.jpg)
NOTES…… OPENID LOGIN FOR WEB PORTAL
OP
BROWSER
WEB PORTAL
![Page 99: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/99.jpg)
WEB PORTAL
NOTES…… OPENID LOGIN FOR WEB PORTAL
OP
BROWSER
![Page 100: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/100.jpg)
NOTES…… OPENID LOGIN FOR WEB PORTAL
OP
BROWSER
WEB PORTAL
![Page 101: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/101.jpg)
NOTES…… OPENID LOGIN FOR WEB PORTAL
OP
BROWSER
WEB PORTAL
![Page 102: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/102.jpg)
NOTES…… OPENID LOGIN FOR WEB PORTAL
WEB PORTAL
OP
BROWSER
![Page 103: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/103.jpg)
NOTES…… OPENID + INFORMATION CARDS
OP
![Page 104: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/104.jpg)
NOTES…… WSO2 IDENTITY SERVER
OPOpenID Provider
InfoCard Provider
![Page 105: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/105.jpg)
NOTES…… TRUSTED SUB SYSTEM WEB PORTAL
![Page 106: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/106.jpg)
NOTES…… TRUSTED SUB SYSTEM
OPWEB PORTAL
![Page 107: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/107.jpg)
WS-Security / WS-Trust / WS-Security Policy
Message Interceptor Gateway Pattern
NOTES…… SUMMARY
WSO2 Governance Registry / WSO2 WSAS / WSO2 ESB / WSO2 Identity Server
OpenID + InfoCard
Trusted Sub System Pattern
![Page 109: The Secured Enterprise: Leverage OpenID with Web …assets.en.oreilly.com/1/event/27/The Secured Enterprise_ Leverage... · WSO2 is an innovative Open Source technology company devoted](https://reader031.vdocuments.net/reader031/viewer/2022030416/5aa1f5ec7f8b9ac67a8c7d00/html5/thumbnails/109.jpg)
Thank You…!!!