% CVSId: $Id: adulau.tex,v 1.1 2003/02/07 17:51:53 adulau Exp adulau $ % % % Copyright (c) 2001,2002,2003 Alexandre Dulaunoy % Permission is granted to copy, distribute and/or modify this document % under the terms of the GNU Free Documentation License, Version 1.2 % or any later version published by the Free Software Foundation; % with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. % A copy of the license is included in the section entitled "GNU % Free Documentation License". \documentclass[% pdf, %nocolorBG, colorBG, slideColor, %slideBW, %draft, frames %azure %contemporain %nuancegris %troispoints %lignesbleues %darkblue %alienglow %autumn ]{prosper} \usepackage{amsmath} \usepackage[T1]{fontenc} \usepackage{pslatex} \usepackage[french,english]{babel} %\usepackage{listings} \begin{document} \title{Security in Software Engineering} \subtitle{Web Services \\ {\em Part 12 : UDDI and Advanced Web Services}} \author{Alexandre Dulaunoy} \email{adulau@foo.be} \maketitle \begin{slide}{Agenda} \begin{itemize} \item an introduction to UDDI, \item UDDI Security, \item Message Routing, \item Advanced topics in WS, \item Conclusion. \end{itemize} \end{slide} \begin{slide}{UDDI} \begin{itemize} \item Universal Description, Discovery and Integration (UDDI) , \item An industry specification (inside OASIS) for lookup, publishing and localization of WS, \item UDDI defines also an API to access UDDI information, \item UBR (UDDI Business Registry) - cataloging Web Services from companies, \item http://www.uddi.org/ - current (version 3) \end {itemize} \end{slide} \begin{slide}{UDDI Services} \begin{itemize} \item Provider (anything that can offer XML Web Services), \begin{itemize} \item Contact (contact point inside the provider), \item Service (a global representation of services available via the Web Services, for example a lookup for an ISBN), \begin {itemize} \item Binding (the access point : a specific url) \begin {itemize} \item Instance info (interface description or WSDL) \end {itemize} \end{itemize} \end{itemize} \item tModels - Technical models (to represent unique concepts or constructs) \end{itemize} \end{slide} \begin{slide}{UDDI and Security} \begin{itemize} \item Security authentication and authorization mechanisms and policies are represented via the tModels, \item Security Policy API Set to provide access control, \item XML-sig/enc could be used, \item UDDI only defines access/discovery (your SOAP interface doesn't move), \item UDDI relies on existing protocols (HTTP,SSL) \end{itemize} \end{slide} \begin{slide}{WS : Message Routing} \begin{itemize} \item Web Services describes a processing model but not a message path, \item Custom routing can be created via (SOAP 1.2) actor and mustUnderstand attributes, \item You can create custom routing specific receiver (in SOAP, \item Security and routing is quite difficult, \item WS-Routing specification is a simple stateless SOAP-based routing protocol, \item WS-Referral is a simple stateless for inserting and querying routing entries in SOAP. \end{itemize} \end{slide} \begin{slide}{Advanced WS} \begin{itemize} \item WS-Policy, WS-Trust, WS-Privacy, WS-Federation, ... \item WS-Inspection =/= UDDI (a simple way to know operation of a web services), \item Reliable Messaging (e.g. HTTPR), \item ... \end{itemize} \end{slide} \begin{slide}{Q\&R} \begin{itemize} \item adulau@foo.be \item http://www.foo.be/cours/securite-webservices/ \item 3B12 DCC2 82FA 2931 2F5B 709A 09E2 CD49 44E6 CBCD \end{itemize} \end{slide} \end{document} %%% Local Variables: %%% mode: latex %%% TeX-master: t%%% End: