Downloaded 27 times
Uploaded byMd. Hasan Basri (Angel)
XML Key Management Protocol for Secure Web Service
The document discusses how XML Key Management Services (XKMS) provides a standard for managing public keys and certificates through web services, allowing for simpler and more interoperable security such as XML signatures and encryption for web services. XKMS acts as a central repository for public keys that can be accessed through web methods, reducing the complexity and cost of traditional PKI solutions while still enabling secure authentication, encryption, and validation of signatures. The paper argues that XKMS provides the foundation for secure data exchanges by integrating public key management into a network's authentication and authorization systems.
More Related Content
Similar to XML Key Management Protocol for Secure Web Service
![5.[29 38]a practical approach for implementation of public key infrastructure...](https://cdn.slidesharecdn.com/ss_thumbnails/5-29-38apracticalapproachforimplementationofpublickeyinfrastructurefordigitalsignatures-111125091151-phpapp01-thumbnail.jpg?width=640&height=640&fit=bounds)
![5.[29 38]a practical approach for implementation of public key infrastructure...](https://cdn.slidesharecdn.com/ss_thumbnails/5-29-38apracticalapproachforimplementationofpublickeyinfrastructurefordigitalsignatures-111203185115-phpapp01-thumbnail.jpg?width=640&height=640&fit=bounds)
![Vibe Coding vs. Spec-Driven Development [Free Meetup]](https://cdn.slidesharecdn.com/ss_thumbnails/vibecodingvsspecdrivendevelopment-251209105622-43f455e7-thumbnail.jpg?width=640&height=640&fit=bounds)
XML Key Management Protocol for Secure Web Service
- 1. Submitted By : Md. Hasan Basri Reg. No. : 1010048, Roll: 700030, Session: 2006 -2007 Department of Computer Science, IST. National University Bangladesh. Supervised By: A.N.M Khaleqdad Khan Assistant Professor, Department of Computer Science, Institute of Science and Technology (IST). National University Bangladesh.
- 2. “Without Trustand Security, Web Services are Dead on Arrival.” - Phillip Hallam-Baker
- 3. Providing akey management specification for secure web service communication considering the principal of symmetric key cryptography.
- 4. • Security Requirements •Public Key Infrastructure (PKI) Challenge • What is XML Key Management Services (XKMS) • XKMS Basic Services (Advantages, PKI Essentials) • XML Signature using XKMS • XML Encryption using XKMS • Authentication using XKMS • Interaction with XKMS • Conclusion
- 5. • Secure Authentication Requirement: Password-based authentication is weak, costly, and difficult to manage • Message Security: Message-level confidentiality and non- repudiation needed • Payload Security: Confidential business information (CBI) may require submissions to be signed and encrypted
- 6. • Very complicated technology with some proprietary implementations • Non-standard interface, difficult to use, deploy, and maintain • Very high cost of acquisition, support, and operation • Very low interoperability (No PKI standard interfaces) • Certificate validation is very challenging
- 8. • A World Wide Web Consortium (W3C) standard, XKMS 2.0, is finalized • A central key depository with Web service interface to PKI • Vendor-neutral PKI solution for public key and certificate management • A very simple access model • Foundation for secure Web services (XML signature, XML encryption, XKMS) • XKMS will be the PKI solution to the Exchange Network, and the key element to a strong security model.
- 10. • XKMS Advantages – A Web service interface to PKI technologies, accessible to any applications on the Internet – Vendor-neutral PKI solution for public keys and certificates management – Dramatically reduces cost of PKI. Key can be generated and registered at anytime on any machine – Online real-time key/certificate validation using a simple Web method
- 11. • PKI Essentials – A key is generated and broken up into two pieces – Public Key and Private Key – Private Key never goes out of your machine, but share Public Key with anyone – When a data is encrypted using one key, it could only be decrypted using another – Encryption: Encrypt data using the receiver’s Public Key – Signature: Encrypt data using your Private Key
- 12. • XML Key Information Services (XKISS) – Locate and validate Public Keys • XML Key Registration Services (XKRSS) – Register, revoke, recover, and reissue public keys or X.509 certificates • Secure key exchange with XML encryption and signature • All operations are defined as Web service methods
- 13. • A document is signed using the Private Key and key information (KeyName, KeyValue) • The receiver locates / validates the Public Key used for the signature from an XKMS server • The receiver verifies the signature using the valid key
- 14. • The sender locates the receiver’s Public Key from an XKMS server • The sender encrypts a document using the receiver’s Public Key • The receiver decrypts the document using the Private Key
- 15. • A user registers Public Key in XKMS • The user creates an Authenticate message and signs the message using the Private Key • Network Authentication and Authorization Server (NAAS) locates / validates the user’s Public Key from XKMS • NAAS verifies the signature. The user is authenticated if the signature is valid – the holder of the Private Key
- 16. • XKMS isthe foundation for secure exchanges in the network – basic component for XML encryption and signature • XKMS provides a simple standard interface to PKI • Network XKMS services will be available to all network nodes and node clients • XKMS will be integrated into NAAS for key-based authentication • XKMS is the PKI solution without the PKI complexity and cost