Whiteboard Discussion of WS-Fed and WS-Trust

Whiteboard Discussion of WS-Fed and WS-Trust
Slide Note
Embed
Share

WS-Fed and WS-Trust are metasystem protocols that involve client application identity, relying party interactions, and security token handling. The process includes requests for metadata, user authentication with credentials, token generation, and accessing resources securely. Browser-based protocols also play a role in authentication flows. Encrypted tokens may establish relationships between parties, and different approaches exist for token encryption based on key knowledge. CardSpace and proof tokens with symmetric keys are utilized for secure communication and verification.

  • Metasystem protocols
  • WS-Fed
  • WS-Trust
  • Security token
  • Token encryption
skyl_6
skyl_6 Follow

Uploaded on Feb 18, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Whiteboard discussion of WS-Fed and WS-Trust

  2. WS-* Metasystem Protocol Client Application Identity Selector Relying Party Identity Provider WS-MEX GetMetadata Request Policy 1 WS-MEX GetMetadata Response 2 WS-Security Policy GetToken(RP Policy) 3 Select Identity 4 WS-MEX GetMetadata Request 5 Identity needs credentials WS-MEX GetMetadata Response 6 WS-Trust RST Request (user credentials) 7 WS-Trust RSTR Response (security token) 8 Token Returnsecuritytoken 9 Access Resourcewithsecurity token (WS-Security) 10

  3. Browser Metasystem Protocol Client Browser Identity Selector Relying Party Identity Provider HTTP/GET to protected page 1a HTTP/redirect to login page 1b HTTPS/GET to login page 2a HTTPS login page 2c Policy 2b Click GetBrowserToken(RP Policy) 3 HTML information card tag Select Identity 4 WS-MEX GetMetadata Request 5 Identity needs credentials WS-MEX GetMetadata Response 6 WS-Trust RST Request (user credentials) 7 WS-Trust RSTR Response (security token) 8 Returnsecuritytoken Token 9 HTTPS/POSTwithsecurity token 10 HTTP/redirect with session cookie 11

  4. Token Encrypted to RP May have established a relationship out-of-band CardSpace Express desire to convey RP s identity to the IP Identity Provider Relying Party Include RP s identity in the request <tokenParameters> <xmlElement> <wsp:Policy> <ic:RequireAppliesTo /> </wsp:Policy> </xmlElement> </tokenParameters> RP s key is known to IP Generate a message IP encrypts the token with RP s key app.config Generate a response message Encrypt to the client

  5. Token not Encrypted to RP CardSpace Token requirements Identity Provider Relying Party Request security token RP s key is not known to IP Encrypt token with RP s key Token is not encrypted Generate message Generate a response message Encrypt to the client

  6. Proof Token: Symmetric Key Relying Party CardSpace verify signature token requirements keyType: Symmetric keySize: 128 tokenType: SAML1.1 Request for security token Identity Provider Generate a message Generate a key Generate a token include key in the token include key as part of proof token in the message Sign with the proof key Generate a response message encrypt to the client

  7. Proof Token: Asymmetric Key Relying Party CardSpace verify signature token requirements keyType: Asymmetric keySize: 2048 tokenType: SAML1.1 Request for security token Identity Provider Generate key-pair include the key in the request Generate a message include key in the token Generate a token (SAML) Sign with the other key Generate a response message Encrypt to the client

  8. ADFS WS-Fed Browser Client FS-A STS Web Server FS-R STS GETappURL 302fs-rURL?wa= &wreply=AppURL&wctx=appURL Detect user s home realm 302 fs-aURL?wa=...&wtrealm=fs-rURI&wctx=AppURL/appURL Authenticate User 200<FORM ACTION=fs-rURLMETHOD=POST <INPUT NAME=wresult VALUE=[fs-a token]> > 200<FORM ACTION=AppURLMETHOD=POST <INPUT NAME=wresult VALUE=[fs-r token]> > 302 appURL [HttpResponseHeader=SetCookie]

  9. Requestor Client Identity Provider STS Target Service Relying Party STS HTTPS GET HTTPS 302 Redirect to RP STS HTTPS GET Home Realm Discovery Page HTTPS 200 (CardSpace Icon) CardSpace Selection WS-Trust RST WS-Fed WS-Trust RSTR HTTPS POST Security Token Authenticat e token. extract claims, create, encrypt and sign new token HTTP 200 (javascript to send token to Target Service) HTTPS POST Security Token

Related


BOPP Wrap Around Labels Manufacturer in India

BOPP Wrap Around Labels Manufacturer in India

vintechpoly
BOPP Wrap Around Labels Manufacturer in India

BOPP Wrap Around Labels Manufacturer in India

vintechpoly
MANUFACTURERS OF SHRINK & & BOPP WRAP AROUND LABELS

MANUFACTURERS OF SHRINK & & BOPP WRAP AROUND LABELS

vintechpoly
Principles of Fed-Batch Fermentation in Biotechnology

Principles of Fed-Batch Fermentation in Biotechnology

ermias
Innovative Whiteboard Eraser Prototype for Efficient and Affordable Use

Innovative Whiteboard Eraser Prototype for Efficient and Affordable Use

yusra
Leadership, Trust, and Crisis: Lessons from Central Europe Project

Leadership, Trust, and Crisis: Lessons from Central Europe Project

rihanna
Trust Dynamics in AI-Powered Pharmaceutical Business: A Critical Analysis

Trust Dynamics in AI-Powered Pharmaceutical Business: A Critical Analysis

desdemona
LSST Next-gen Day 2 - Exploration of Alternative Technologies for LSST

LSST Next-gen Day 2 - Exploration of Alternative Technologies for LSST

sjos
Trust and Equitable Charges in Property Law

Trust and Equitable Charges in Property Law

emag
Trust-Based Anonymous Communication Models and Routing Algorithms

Trust-Based Anonymous Communication Models and Routing Algorithms

real885
Building the St. Louis Vertical Earc End-Fed Antenna - K8KIZ

Building the St. Louis Vertical Earc End-Fed Antenna - K8KIZ

dgorl
Overview of Different Types of Fermentation Processes

Overview of Different Types of Fermentation Processes

oph_mac
Enhancing Zoom Meetings with Polling and Whiteboard Features

Enhancing Zoom Meetings with Polling and Whiteboard Features

rmir
Metamaterial-Based Series Connected Rectangular Patch Antenna Array for UHF RFID Readers

Metamaterial-Based Series Connected Rectangular Patch Antenna Array for UHF RFID Readers

hshri
Trust Metric Estimator: Computational Model for Trustworthiness Assessment

Trust Metric Estimator: Computational Model for Trustworthiness Assessment

shrt946
Trust-Based Data Governance Models and Their Impact on Personal Data Regulation

Trust-Based Data Governance Models and Their Impact on Personal Data Regulation

kkwi
Trust Evaluation Process in Tribal Compacts and Trust Funds Administration

Trust Evaluation Process in Tribal Compacts and Trust Funds Administration

jam_zuk
Trust Dynamics in Political Relationships: Evidence and Implications

Trust Dynamics in Political Relationships: Evidence and Implications

kell_161
Caterpillar Cat 322C and 322C L 322CL Excavator (Prefix FED) Service Repair Manual Instant Download

Caterpillar Cat 322C and 322C L 322CL Excavator (Prefix FED) Service Repair Manual Instant Download

fusozzddktvdmsmk

More Related Content