Академический Документы
Профессиональный Документы
Культура Документы
A WAP Gateway plays many roles in the scheme of turning the WAP model into
working services. A list of just some of the functions of a WAP gateway include the
following:
The protocol specifies how integrity and confidentiality can be enforced on messages and
allows the communication of various security token formats, such as SAML, Kerberos,
and X.509. Its main focus is the use of XML Signature and XML Encryption to provide
end-to-end security.
Features
• How to sign SOAP messages to assure integrity. Signed messages provide also
non-repudiation.
• How to encrypt SOAP messages to assure confidentiality.
• How to attach security tokens.
• X.509 certificates
• Kerberos tickets
• UserID/Password credentials
• SAML-Assertion
• Custom defined token
WebLogic Server:
WebLogic Server 7.0 offers a new, integrated approach to solving the overall security problem
for enterprise applications. With this framework, application security becomes a function of the
application infrastructure and is separate from the application itself. Any application deployed
on WebLogic Server (WLS) can be secured either through the security features included with the
server out of the box, by extending the open Security Service Provider Interface to a custom
security solution, or by plugging in other specialized security solutions from major security
vendors that the customer's enterprise standardizes on.
The change cipher spec Protocol:
• The change cipher spec message is sent by both the client and server to notify the
receiving party that subsequent records will be protected under the just-negotiated
CipherSpec and keys.
o It exists to update the cipher suite to be used in the connection.
o It permits a change in the SSL session occur without having to renegotiate
the connection.
o The message consists of a single byte of value 1.
• There are two states for the change cipher spec message.
o Read Current
o Read Pending
• The change cipher spec message is normally sent at the end of the SSL
handshake.
Roxie's:
History of SOAP:
SOAP once stood for 'Simple Object Access Protocol' but this acronym was dropped
with Version 1.2 of the standard.[1] Version 1.2 became a W3C recommendation on June
24, 2003. The acronym is sometimes confused with SOA, which stands for Service-
oriented architecture; however SOAP is different from SOA.
• The SOAP processing model defining the rules for processing a SOAP message
• The SOAP extensibility model defining the concepts of SOAP features and
SOAP modules
• The SOAP underlying protocol binding framework describing the rules for
defining a binding to an underlying protocol that can be used for exchanging
SOAP messages between SOAP nodes
• The SOAP message construct defining the structure of a SOAP message
[edit] SOAP processing model
The SOAP processing model describes a distributed processing model, its participants,
the SOAP nodes and how a SOAP receiver processes a SOAP message. The following
SOAP nodes are defined:
• SOAP sender
• SOAP receiver
The set of SOAP nodes through which a single SOAP message passes.
The SOAP sender that originates a SOAP message at the starting point of a SOAP
message path.
• SOAP intermediary
A SOAP intermediary is both a SOAP receiver and a SOAP sender and is targetable from
within a SOAP message. It processes the SOAP header blocks targeted at it and acts to
forward a SOAP message towards an ultimate SOAP receiver.
The SOAP receiver that is a final destination of a SOAP message. It is responsible for
processing the contents of the SOAP body and any SOAP header blocks targeted at it. In
some circumstances, a SOAP message might not reach an ultimate SOAP receiver, for
example because of a problem at a SOAP intermediary. An ultimate SOAP receiver
cannot also be a SOAP intermediary for the same SOAP message.
<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Header>
</soap:Header>
<soap:Body>
<m:GetStockPrice xmlns:m="http://www.example.org/stock">
<m:StockName>IBM</m:StockName>
</m:GetStockPrice>
</soap:Body>
</soap:Envelope>
Advantages
• SOAP is versatile enough to allow for the use of different transport protocols. The
standard stacks use HTTP as a transport protocol, but other protocols are also
usable (e.g., JMS[5], SMTP[6]).
• Since the SOAP model tunnels fine in the HTTP get/response model, it can tunnel
easily over existing firewalls and proxies, without modifications to the SOAP
protocol, and can use the existing infrastructure.
[edit] Disadvantages
• Because of the verbose XML format, SOAP can be considerably slower than
competing middleware technologies such as CORBA. This may not be an issue
when only small messages are sent.[7] To improve performance for the special
case of XML with embedded binary objects, the Message Transmission
Optimization Mechanism was introduced.
• When relying on HTTP as a transport protocol and not using WS-Addressing or
an ESB, the roles of the interacting parties are fixed. Only one party (the client)
can use the services of the other. Developers must use polling instead of
notification in these common cases.
UDDI
Purpose of UDDI
“A UDDI registry, either for use in the public domain or behind the firewall,
offers a standard mechanism to classify, catalog and manage Web services,
so
that they can be discovered and consumed. “ UDDI V3.0.2”