【正文】 2020 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. 。 URI=39。 / ws:Algorithm Type=39。ws:AlgSignature39。 URI=39。 ws:Algorithm Type=39。 ws:TokenTypews:Kerberosv5TGT/ws:TokenType /ws:SecurityToken /wsp:ExactlyOne ws:Integrity wsp:Usage=39。139。 xmlns:ws=39。 ws:SecurityToken wsp:Preference=39。Required39。 C Microsoft Architects Forum 45 WSTrust ? Defines trust relationships ? Defines how to exchange security tokens ? Specification for a Security Token Service ? Trust service request message ? RequestSecurityToken ? Trust service response message ? RequestSecurityTokenResponse Microsoft Architects Forum 46 WSTrust Security Token Service Client Service ? Clientinitiated token request Microsoft Architects Forum 47 WSTrust Security Token Service Client Service ? ServerInitiated Token Verification ? ? Microsoft Architects Forum 48 WSSecureConversation WSSecurity WSSecure Conversation WSTrust WSSecurity Policy WSFederation Microsoft Architects Forum 49 Motivation ? WSSecurity provides per message security ? Exchanging more than one message ? New symmetric keys for each message Microsoft Architects Forum 50 WSSecureConversation ? Participants establish a shared context ? Contains keys and other information ? Identifier – used in subsequent messages ? Optionally has creation/expiry timestamps ? Context established in a variety of ways: ? WSTrust, negotiation Microsoft Architects Forum 51 Secure Conversation WSSecureConversation SecurityContext Token Service Client Service ? Clientinitiated SecurityContext token request ? Client amp。 count(wsp:GetHeader(.)/wsse:Security) = 1 /wsp:MessagePredicate Microsoft Architects Forum 35 Metadata WSDL WSPolicy WSPolicy Attachment WSPolicy Assertions WSMetadata Exchange Microsoft Architects Forum 36 Motivation ? How to get metadata for another endpoint? ? Extract from WSDL ? Query from discovery FIND (., UDDI) Microsoft Architects Forum 37 WSMetadataExchange ? Retrieving by a GET ? Applies to ? Policy ? WSDL ? Schema s:Envelope s:Header wsa:Action /wsa:Action /s:Header s:Body / /s:Envelope Microsoft Architects Forum 38 Metadata WSDL WSPolicy WSPolicy Attachment WSPolicy Assertions WSMetadata Exchange Microsoft Architects Forum 39 Security WSSecurity WSSecure Conversation WSTrust WSSecurity Policy WSFederation Microsoft Architects Forum 40 WSSecurity WSSecurity WSSecure Conversation WSTrust WSSecurity Policy WSFederation Microsoft Architects Forum 41 Motivation ? Pointtopoint security ? Endtoend security Requester Intermediary Web Service Requester Intermediary Web Service Microsoft Architects Forum 42 WSSecurity (OASIS) ? Framework for building security protocols ? Integrity (signature) ? Confidentiality (encryption) ? Propagation of security tokens ? Support for pluggable algorithms ? Encryption ? Digest ? Signature