SystemDownŽ SOX/COBIT/Section 404 Tools

Home

Downloadable Kits

SOX/COBIT Auditing

Penetration Testing

Complete SystemDown Kit

Remote Consulting

ISACA

ITIL

PCI

SECCHK

FORTIER Security Model

Recent News

RADIANT LOGIC AWARDED PATENT FOR CONTEXT-DRIVEN DIRECTORY VIRTUALIZATION

Announcement Coupled With New Context-based Version of RadiantOne

Novato, CA-May 10, 2005 - Radiant Logic, Inc., a leading provider of virtual directory products and services, today announced the approval of its patent on directory virtualization for database and object relationships (associations and metadata).

       Context-driven virtualization opens the door to the representation of digital contexts out of existing applications and automated business processes. Application and database silos throughout an enterprise become directory information publishers. Specific contexts from enterprise applications such as human resources, finance, ERP, CRM, and marketing can be published, aggregated for use throughout the enterprise and can be uniformly searchable using standards protocols and APIs such as LDAP, SAML, SPML, SQL and web services. Without this technology, information virtualized from a database or application is based only on one-to-one object mapping, mounted under static arbitrary categories such as organization / organization units. The result is that the context of the information as defined by the business application is lost. The technology allows for a global context-driven search and update mechanism for structured data from applications, databases and directories across an enterprise.

       With this patented technology, a search will find not only an object like an identity of a person based on some specific attribute, but also the specific context where the object is involved in an existing application, said Michel Prompt, CEO of Radiant Logic. For example, a global search for a customer will not only find that customer, but also the CRM context for the customer, the financial context of the customer and any other information on the customer within the enterprise. This is an essential enabler for security policies, roles and rules definition.

       Radiant Logic also announced an upgrade of its award-winning RadiantOne virtual directory. Version 4.2 supports a Virtual Identity Hub, which is a central piece of the Radiant Logic architecture. The Hub allows identity reconciliation between existing data sources with support for flexible and differentiated authoritative sources by attributes. By linking identity to application contexts, RadiantOne 4.2 provides a common, standards based infrastructure for IAM, federation and provisioning that support multiple protocols (including SAML, SPML, LDAP, SQL and web services).

       Both the patent awarded to Radiant Logic and the new version of Radiant One are focused on context as an essential element of the next generation of virtual directories, said Prompt. Context discovery is a necessary element for automating and simplifying policy design and deployment and is an essential tool for compliancea major issue for large corporations today. Context must be considered when deploying virtualization.

About Radiant Logic, Inc. 

       Radiant Logic, Inc. is the leading provider of virtual directory solutions for identity management and enterprise information integration. RadiantOne Virtual Directory Server is being utilized by Fortune 500 corporations to provide virtual LDAP access to any applications and data sources for authentication, authorization, profile and personalization data for security, provisioning, portals, and application integration projects. 

       Radiant Logics virtual directory solutions have been used to solve tough directory integration problems at companies around the world. Companies and organization such as Daimler Chrysler, Disney, DISA, Cummings Engine, Emerson, Federal Reserve Bank, FHLB, Fifth Third Bank, Freddie Mac, Lexmark, Telecom Italia, Symantec, USAF and Time Warner Telecom use the RadiantOne solution to speed deployment, solve directory integration challenges and cut costs for identity management projects. Partnerships with Identity Management Software vendors such as CA/ Netegrity, RSA/Cleartrust, professional services organizations Accenture, Booz Allen Hamilton, and PricewaterhouseCoopers demonstrate the broad impact of virtual directory technology on the market.

       Radiant Logic is based in Novato, CA. RadiantOne™ is a trademark of Radiant Logic, Inc. For more information, visit www.radiantlogic.com.

Web Services Security

  

Level: Advanced

Contributors: Various

05 Apr 2002
Updated 01 Mar 2004

WS-Security describes enhancements to SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies.

The Web Services Security specification (WS-Security) provides a set of mechanisms to help developers of Web Services secure SOAP message exchanges. Specifically, WS-Security describes enhancements to the existing SOAP messaging to provide quality of protection through the application of message integrity, message confidentiality, and single message authentication to SOAP messages. These basic mechanisms can be combined in various ways to accommodate building a wide variety of security models using a variety of cryptographic technologies.

WS-Security also provides a general-purpose mechanism for associating security tokens with messages. However, no specific type of security token is required by WS-Security. It is designed to be extensible (e.g. support multiple security token formats) to accommodate a variety of authentication and authorization mechanisms. For example, a requestor might provide proof of identity and a signed claim that they have a particular business certification. A Web service, receiving such a message could then determine what kind of trust they place in the claim.

Additionally, WS-Security describes how to encode binary security tokens and attach them to SOAP messages. Specifically, the WS-Security profile specifications describes how to encode Username Tokens, X.509 Tokens, SAML Tokens , REL Tokens and Kerberos Tokens as well as how to include opaque encrypted keys as a sample of different binary token types. With WS-Security, the domain of these mechanisms can be extended by carrying authentication information in Web services requests. WS-Security also includes extensibility mechanisms that can be used to further describe the credentials that are included with a message. WS-Security is a building block that can be used in conjunction with other Web service protocols to address a wide variety of application security requirements.

Message integrity is provided by leveraging XML Signature and security tokens to ensure that messages have originated from the appropriate sender and were not modified in transit. Similarly, message confidentiality leverages XML Encryption and security tokens to keep portions of a SOAP message confidential.

Get the specification

DescriptionDateAccess methodWS-Security specification (OASIS)
Current HTTP Web page

By using the SOAP extensibility model, SOAP-based specifications are designed to be composed with each other to provide a rich messaging environment. By itself, WS-Security does not ensure security nor does it provide a complete security solution. WS-Security is a building block that is used in conjunction with other Web service and application-specific protocols to accommodate a wide variety of security models and encryption technologies. Implementing WS-Security does not mean that an application cannot be attacked or that the security cannot be compromised.

You can still view the previous version of this specification by clicking on the following link:

  • WS-Security specification previous version (April 2002)

You may want to check out the Web Services Security Addendum:

  • Web Services Security Addendum.

Resources

  • Read the related Web Services Trust specification that explains how trust relationships are defined between Web services.

  • Web Services Addressing defines how to identify services across a network.

  • Web Services Federation defines mechanisms to allow different security realms to federate by allowing and brokering trust of identities, attributes, authentication between participating Web services.

  • Web Services Policy Framework defines how to apply policies to control individual services behavior.

  • WS-SecureConversation defines extensions that build on WS-Security to provide secure communication.

  • WS-SecurityPolicy is a building block that is used in conjunction with other Web service and application-specific protocols to accommodate a wide variety of security models.

  • SOAP 1.1 is the basic messaging transport for all Web services while SOAP 1.2 offers enhancements to the message framework.

  • WSDL 1.1 is the current standard language for services description.

  • XML Schema, Part 1 and Part 2 are specifications that explain how schemas are organized in XML documents.

  • Learn more about the OASIS Web Services Security Technical Committee.

  • Implementing WS-Security discuss the security-related requirements of Web services and how they are met using a combination of HTTPS/SSL, digital certificates, and digital signature technologies.

  • Best Practices for Web services: Web services security, Part 1 explains the mechanics of how WS-Security works and the options it affords in a service-oriented architecture.

  • Best Practices for Web services: Web services security, Part 2 outlines WS-Security capabilities leveraged in real-world customer solutions.

  • Security in a Web Services World: A Proposed Architecture and Roadmap describes a proposed strategy for addressing security within a Web service environment.

  • Web services standards roadmap.