《AccentureSlidesSoaWorkshopStarterKitWebServicesSecurityv2.0Jul》由会员分享,可在线阅读,更多相关《AccentureSlidesSoaWorkshopStarterKitWebServicesSecurityv2.0Jul(44页珍藏版)》请在金锄头文库上搜索。
1、Service Oriented ArchitectureSOA Workshop Starter KitWeb Services SecurityLast Updated: July, 2006SOA Workshop V2.0SOA Workshop Starter Kit Web Services SecuritySOA Workshop Starter Kit Sponsor:David L. NicholsLast Updated:July, 2006Version:2.0Intent of Section:This document lays describes key conce
2、pts and considerations for implementation of a web services security architectureIntended Audience:For internal and external use (Unless otherwise documented)Master Document:7-SOA_Workshop_WS-Security v0.2.ppt10/05/05https:/ for Senior IT Executives Workshop Securing Service Oriented Architectures A
3、nthony Robinson, London, February, 2006(no link provided)To Find Additional SOA content:https:/ 2006 Accenture All Rights Reserved.SOA Workshop V2.0ContentsSecurity and Web ServicesIndustry StandardsWS* In DetailPlatform SupportRecommendations3Copyright 2006 Accenture All Rights Reserved.SOA Worksho
4、p V2.0Business OpportunitiesNew business modelsService providers that provide Identity related servicesService providers that provide “traditional” value-added services (e.g., HR or payroll) which can be more easily integrated into a customers enterpriseDrive revenue growthImprove and streamline the
5、 process for identifying and acquiring new customersStreamline ability for collaboration with business partnersCost savingsReduce user administration costs through automationReduce application development/integration costs through reusabilityImprove user experienceHave a single identity that can be
6、used globallyImprove the overall security through the reduction of data sources and duplicate dataSignificant opportunities exist for organizations to drive revenue growth, create new business models, realize cost savings, and improve the user experience leveraging Security concepts4Copyright 2006 A
7、ccenture All Rights Reserved.SOA Workshop V2.0Security Concerns Limits Use(Source: “Web Services Security”, Mark ONeil, 2003)(Source: SC Magazine, January 2004)(Source: “Making Sense of Web Services Security Standards”, Gartner Aug 03)Security concerns have historically been one of the key reasons t
8、hat businesses have not taken advantage of the benefits that Web Services and Service Oriented Architectures have to offer:“the prospect of software from different companies communicating together, while powerful, is fraught with security concerns.”“.unless security and management issues are address
9、ed effectively they will hold Web Services back from becoming a truly mainstream technology within enterprise application integration projects.”“Conflicting standards make Web Services security decisions complex and difficult. (Companies should) begin with simple Web Services deployments that suppor
10、t only your current business needs.”This is not just a technology issue.5Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Business ChallengesMitigating risk and ensuring quality between parties in the circle of trust can be performed through: Definition of business standardsDefinition o
11、f minimum requirementsEnforcement through certification and auditsMutual Confidence (Trust)Pooled knowledge: sharing of customer/identity information (e.g. # of customers, customer names, etc.) between or within enterprises data privacy Revocation procedures: increased reliance on third parties for
12、authenticationFraud protection: broadened potential for fraud if an identity is ever compromisedSecurity incident procedures: coordinated effort for analysis and correlation of audit logs among parties involvedRiskWho is at fault if a critical transaction failed due to failure? To what extent?Defini
13、tion of liabilityDefinition of dispute resolution processLiabilityPrivacy legislation: ensure privacy terms are not violated when federating an identity between enterprisesWho initiated each transaction audit trail back to initiating user.ComplianceKey factors for widespread adoption of web services
14、 include the identification of sound business models and more experience with the contractual frameworks that define trust relationships. Most current implementations are internal though this is changing6Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0What are YOUR Security Requirement
15、s?Non-RepudiationConfidentialityIntegrityIdentification AuthenticationAdministrationAuthorizationAccountabilityThere are several new business challenges that must be addressed before Web Services can be securely deployedCan I ensure privacy of the transactions (sensitive business/client data regulat
16、ory compliance, etc.)?Can I guarantee that transactions are not tampered with?Can I ensure that only authorized transactions are being performed on the system?Can I ensure that there will be adequate controls/records to guarantee the results of a processed transaction?Can I quickly deploy new servic
17、es without compromising my internal business processes?Can I ensure that transactions are only being performed by trusted parties (send or receive)?7Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Overcoming the Security BarriersAccenture has proven that new standards and new products
18、are now able to provide customized solutions to overcome the security challengesNon-RepudiationConfidentialityIntegrityIdentification AuthenticationAdministrationAuthorizationAccountability8Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0What is Web Service Security?The W3C defines a W
19、eb Service as the following:“A Web service is a software system designed to support interoperable machine-to-machine interaction over a network. It has an interface described in a machine-processable format (specifically WSDL). Other systems interact with the Web service in a manner prescribed by it
20、s description using SOAP-messages, typically conveyed using HTTP with an XML serialization in conjunction with other Web-related standards.”Web Service Security encompasses the following areas:Transportation Layer Security: providing confidentiality and integrity in transit.Message Layer Security: e
21、nsuring that messages are according to specification.Identity and Access Management: providing authentication, authorization and identification.Security Administration of Web Services: enabling audit trails and security administration.Intrusion Detection and Prevention: protecting against common WS
22、threats.9Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Without Proper Controls Web Services can be VulnerableOne of the most enticing aspects of Web Services is that a large degree of complexity is abstracted away from the view of the developer, making the services very easy (and che
23、ap) to develop.Adding a WebMethod parameter to a method allows for almost instant publishing (.NET, similar possibilities in Java).Processing of HTTP requests, serialization of XML and parsing of SOAP message is totally invisible to the developer.SOAP layer will take care of data serialization and d
24、e-serialization.Easy is dangerous! Making a web service is so easy that you easily forget that security is not a part of the SOAP stack:No Authentication or Authorization. Out of the box anyone with access to your web server can execute your web methods!Input data not cleansed but neatly packed in c
25、omplex class structuresA lot of processing is done before reaching the developer. Protecting the underlying stack cannot be done from within the code.Rich functionality is once more provided for access from outside of the firewall.10Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0How T
26、o Secure Web ServicesTo secure web services we have to ensure thatonly properly authenticated and authorized users are allowed to execute our web methods.messages are protected both with regards to integrity and confidentiality, during transport and storage, so that third parties cannot alter messag
27、es or read confidential contents of messages.application servers are protected against the common threats to SOAP/XML stacks.web service applications are written with security in mind to prevent common security threats to network aware applications.To meet the above requirements we will have to depl
28、oy protection along two main axes:Technical SecurityFunctional Security 11Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Technical Security OverviewWhat do we mean by Technical Security for Web Services?Protection against malicious message formats that may lead to a compromise of secu
29、rity in the SOAP and XML layers of the application server.Protection against malicious contents that does not conform to the defined messaging standard for the web service. Protection against different forms of denial of service attacks.There are three main avenues of attack that can be used when at
30、tacking a web service application stack:Application any exposed business logic is prone to errors, either by design or by coding error. Web services are as vulnerable as other applications.SOAP the messaging protocol has ambiguities that can be challenged by an attacker.XML parsing of complex XML me
31、ssages can create security vulnerabilities.12Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Application AttacksThe Open Web Application Security Project lists the top ten threats against web applications. Most are equally valid against Web Service applications. Four are specific to th
32、e application level:Unvalidated InputBuffer OverflowsInjection FlawsImproper Error HandlingSQL InjectionUnvalidated input used directly in an SQL query might lead to a compromise of security.Almost all web service applications are built on top of a database everyone is a potential target.XML provide
33、 means to obfuscate malicious characters. Path TraversalUnvalidated input used directly to access the file system might lead to a compromise of security.A very common attack strategy against IIS using URLs prefixed with ././ sequences.Sandboxing in Java and .NET provides a fair level of protection.I
34、mproper Error HandlingExposing internal application errors to users will enable attackers to gain more information about the underlying system.The more information about the underlying system you have the easier it is to craft a successful attack.13Copyright 2006 Accenture All Rights Reserved.SOA Wo
35、rkshop V2.0SOAP AttacksThe SOAP protocol which is the underlying protocol for most Web Services today has no built-in security:All method calls are unprotected.API is publicly available through dynamically created WSDL files.SOAP is stateless.Protocol weaknessesUnprotected WSDL enables easy harvesti
36、ng of information about a system, its accessible methods and potential design vulnerabilities.The protocol is poorly defined in some areas and implementations vary. SOAP HTTP headers are processed differently across different systems, and may be used to thwart handling of requests on the transport l
37、evel. Denial of Service Parsing large SOAP requests is processor and memory heavy. XML needs to be converted to object collections and the validity of the request must be verified.Poorly coded methods might accept arbitrarily large input parameters.SOAP headers can be added at will due to a flexible
38、 standard.An attacker can easily send multiple XML text file over an HTTP link, which will lead to a depletion of server resources.Replay AttacksThe SOAP protocol is stateless the developer has to implement statefullness separately, either using HTTP cookies or inline session IDs.If session IDs are
39、predictable it is vulnerable to session spoofing.Vulnerable to replay attacks. 14Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0XML AttacksXML is the basis of Web Services: Successful attacks on web services generally means crafting a valid XML file that is misinterpreted by either pa
40、rser or developer. Invalid XML dropped by parser early on.XML documents are validated against their published schema. Tampering with the schema is a common approach.External SchemaXML documents contain links to external schemas that are used to define namespace of elements, as well as to define the
41、structure of each element.Some XML parsers will try to download schema via a published URL to validate document.Enables tracking of schema usage. Will reveal if server performs schema validation. It will also allow the attacker to dictate the schema to validate against.ObfuscationThe CDATA-tag allow
42、s any data to be stored in an XML element. It can be used to thwart input validation.XML InjectionXML injection is based on inserting XML elements as part of user controllable input into an XML parser. This could possibly be used to override non-user controllable data in the same document.If a text
43、document is read using an XML stream design features of the XML parser might override information in the document.The lightweight SAX parser is known to be vulnerable.15Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Solution StrategyValidate your input!Most attacks against a web servi
44、ce are based on poorly validated input. Well controlled input will enable you to gain full control over the data that is passed onto the application layer.Due to the obfuscation possibilities it is highly recommended to validate using an XML aware validator.Enable strict schema validation, and utili
45、ze only schemas that are defined by you and that are stored locally on your device.XML schemas can define detailed requirements per field. This allows you to define allowed characters and field lengths.ChallengesSchema validation is processor intensive and requires a large amount of memory. Leaves a
46、pplication server vulnerable to denial of service attacks.Validation will become a part of the application server stack. Introduces manageability issues.16Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Solution ProductsXML Security GatewaysEither server deployed software or appliance.
47、Functions as a SOAP proxy/firewall between client and application server.Main features include:XML Schema ValidationSSL Connection TerminationState aware routing of XML messages.Denial of service protection.Centralized security auditing for web services.Most products support being clustered for incr
48、ease performance.Some products include hardware security modules for improved SSL and WS-Security performance.SOAP Stack EnhancementsVendors provide some of the same functionality as extensions to their basic SOAP stack.17Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Functional Secur
49、ity OverviewWe have talked about security threats against an unprotected SOAP web service.Protecting against SOAP attacks with an XML gateway or similar products will protect against malicious messages and denial of service attacks.It will not give you access control, confidentiality or message inte
50、grity.It will not give you easy security administration of your web services.What are the challenges?Native SOAP does not include any security features.Early adopters used transportation layer protection mechanisms, either HTTP or SSL. This does not protect messages when transported over other mediu
51、ms (e.g. SMTP).18Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Solution Availability MatrixTransport LayerMessage LayerIdentification / AuthenticationHTTP AuthenticationSSL/TLS AuthenticationWS-SecuritySAML / XKMSAuthorization(using authenticated identity against directory or similar
52、)WS-Authorization SAML / XACMLConfidentialitySSL/TLS EncryptionXML-EncryptionIntegritySSL/TLS EncryptionXML-SignatureXML Schema ValidationAccountability / Non-repudiationXML-SignatureWS-Security / XKMSAdministrationTransport Layer SecurityWorks only peer-to-peer. Will have to be re-established if me
53、ssage is relayed.Protects entire conversation session awareness available.Message Layer SecurityProtects message and contents of message. Protection persists across multiple hops no session awareness19Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Security RecommendationsWeb Services
54、Standards are still emerging, however preparation and implementation of basic federated building blocks should be considered nowAccess control - Identify who you want in your circle of trust and how much you trust them.Maintain identity who initiated the transaction.Audit connected trail of activiti
55、es - important for compliance efforts.Identity and Access Management (I&AM) integrated into your Service Oriented Architecture to support the above.Other technology controls integrity and confidentiality as required.PreparationConsumer portals should look to areas like Liberty and SAML to see if the
56、re are gains to be achieved from supporting some of the existing federated solutionsIn areas where portal-to-portal single sign-on has already been custom-built, replace these with point to point SAML solutionsUse SAML for all new single sign-on initiatives that cross organizational boundariesImplem
57、entation20Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0ContentsSecurity and Web ServicesIndustry StandardsWS* In DetailPlatform SupportRecommendations21Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0WS* vs. Liberty AllianceWS*More generic frameworkDeveloped by Microso
58、ft, IBM and selected vendors (e.g. Verisign, Oblix (now Oracle), SAP, RSA, etc)Subject to a somewhat ambiguous Royalty Free (RF) processLiberty AllianceMore purpose-specific solutions (identity federation) instead of a generic frameworkDeveloped by Industry, less vendor-centric: SUN, Vodaphone, IBM,
59、 Fidelity Investments America Online, Nokia, EricsonMore open process? Competing and somewhat overlapping standards? Expect dust to settle in OASIS and WS-I22Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Standards: WS-SecurityThe WS-Security initiative is driven by the OASIS standard
60、s organization, and led by Microsoft, IBM and Verisign. The goal of WS-Security is to construct secure SOAP message exchangesInitial SpecificationsFollow-on SpecificationsWS-SecurityHow to attach signature and encryption headers to SOAP messages. How to attach security tokens, including binary secur
61、ity tokens such as X.509 certificates and Kerberos tickets, to messages. WS-PolicyThe capabilities and constraints of the security (and other business) policies on intermediaries and endpoints (e.g. required security tokens, supported encryption algorithms, privacy rules). WS-TrustFramework for trus
62、t models that enables Web services to securely interoperate. WS-PrivacyModel for how Web services and requesters state privacy preferences and organizational privacy practice statements. WS-Secure ConversationHow to manage and authenticate message exchanges between parties including security context
63、 exchange and establishing and deriving session keys. WS-FederationHow to manage and broker the trust relationships in a heterogeneous federated environment including support for federated identities. WS-AuthorizationHow to manage authorization data and authorization policies. 23Copyright 2006 Accen
64、ture All Rights Reserved.SOA Workshop V2.0Liberty Alliance ProjectFederated Network Identity and Identity-based ServicesID FF 1.2 (Final:November 2003)Cross-Domain Single Sign-OnAccount LinkingMainly Browser Based InteractionsID- WSF 1.1 (Final: May 2004)Discovery ServiceInteraction ServiceAuthentic
65、ation ServiceID-SIS 1.1Personal ProfileEmployee ProfileContact BookGeoLocation ServicePresence Service? Purpose-specific, deeply defined specifications24Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Standards lifecycleDeveloping(Not a Standard)Early AdoptersMatureSSL/TLSSAML 2.0March
66、 2005*SAML 1.1August 2003*WS-SecurityMarch 2004*XML-EncryptionXML-SignatureDec 2002*WS-Security Extensions* Indicates the date that a Specification became an official Standard.UsageAcceptance25Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0ContentsSecurity and Web ServicesIndustry Sta
67、ndardsWS* In DetailPlatform SupportRecommendations26Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Interaction Model 2001-2002 International Business Machines Corporation, Microsoft Corporation. 27Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Standards: WS*SOAPWS-Secur
68、ityWS-Secure ConversationWS-FederationWS-AuthorizationWS-PolicyWS-TrustWS-PrivacyW3C Foundation StandardWidely SupportedOASIS StandardWidely SupportedRoyalty Free specs under developmentPossible move to OASIS in the futureUndeveloped and Unpublished28Copyright 2006 Accenture All Rights Reserved.SOA
69、Workshop V2.0Standards: WS-SecuritySOAPWS-SecurityWS-Secure ConversationWS-FederationWS-PolicyWS-Trustq SOAP Security Envelopeq Message Integrity, Confidentiality, q Authentication of end points at message levelq Multiple tokens supported: X509 Certs, SAML, Kerberos, etc29Copyright 2006 Accenture Al
70、l Rights Reserved.SOA Workshop V2.0Standards: WS-Secure ConversationSOAPWS-SecurityWS-Secure ConversationWS-FederationWS-PolicyWS-Trustq Provides Security Context for Series of SOAP msgsq Security Context establishmentq Session Key Negotiation30Copyright 2006 Accenture All Rights Reserved.SOA Worksh
71、op V2.0Standards: WS-PolicySOAPWS-SecurityWS-Secure ConversationWS-FederationWS-PolicyWS-Trustq Provides mechanisms for communicating policy requirements (confidentiality, authentication, etc)31Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Standards: WS-TrustSOAPWS-SecurityWS-Secure
72、ConversationWS-FederationWS-PolicyWS-Trustq Provides methods for issuing and exchanging security tokensq Supports ability to issue, renew, validate and delegate tokensq Independent of token format32Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Standards: WS-FederationSOAPWS-SecurityW
73、S-Secure ConversationWS-FederationWS-PolicyWS-Trustq leverages WS-Trust, enabling SSOq Includes own single log-out messageq Profiles for front channel (Browser) and back channel (WS) useq Attribute and Pseudonym services33Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Web Services Sec
74、urity StandardsAuthorization - verify that an entity is allowed to perform a requested action. Authentication - verify that an entity is who they claim that they are.Integrity - verify that the contents of a message have not been tampered with.Confidentiality - hide the content of a message from eve
75、ryone except the intended recipient.Non-repudiation - the ability to correlate a message back to a specific person or entity without deniability.Administration and Management - the ability to centrally manage security services for users and applications. Technology / StandardSecurity BenefitDescript
76、ionExpected UsageSSL / HTTPSConfidentiality Integrity Authentication Non-repudiationSSL is an existing TCP/IP security protocol used to secure web communication at the transport layer. SSL can be used to encapsulate and protect Web Services communications from point to point.XML-EncryptionConfidenti
77、ality IntegrityStandard for encrypting the payload of XML SOAP messages.Parts of an XML document can be encrypted.XML-SignatureIntegrity Authentication Non-RepudiationStandard that for generating a hash and signing XML SOAP messages.Parts of an XML document can be digitally signed.XKMSManagementXML
78、Key Management Standard a specification that enables Web services to register and manage cryptographic keys used for digital signatures and encryption.Thin clients (can obtain key information (values, certs) to enable secure end-to- end communications.SAMLAuthentication AuthorizationSAML (Security A
79、ssertion Markup Language) is a standard for that enables the exchange of authentication and authorization information.SAML defines assertions that authorize an entity to perform actions on part of documents.XACMLAuthorizationXACML ( Access Control Markup Language) is a developing standard for defini
80、ng Authorization Policy processing for SOAP Web Services request.XACML defines extensions to SAML that allow complex authorization rules.WS-SecurityConfidentiality Integrity Authentication Non-RepudiationWeb Services Security is a burgeoning standard developed by major industry players that defines
81、how to use XML-encryption and XML-Signature standards with Web Services SOAP messages.WS-Security defines a standard for including signature,WS-Security Extensions:AllWS-Security extensions are being developed to add improved security functionality to the WS-security standardKey Security Concepts:34
82、Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Web Services Security ArchitectureInternal Administration and ProvisioningExternally Managed ServicesPolicy StoreStores Web Browser ApplicationsWireless AppsEnterprise ASPWeb Services ConsumersClient AppsAuthorizationStores Business Partn
83、ersSHA 1HMACAuthenticationStores RSA Web Services Security LayersSupporting ServicesWeb service communications can be secured at the transport layer using SSL .WS-security leverages XML-SIG and XML-ENC to sign and encrypt part of the SOAP messages.XKMS is used to distribute keys to thin client appli
84、cations.SAML and XACML are use to define authorization rules for the processing of SOAP messagesManagement systems are used to control the data that is used by the Web Service Security standards. These management systems may be in-house or out-sourced.Security Architecture Layer: How might all of th
85、e available security features fit together35Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Web Services Security ArchitectureInternal policy enforcement and access controlProtected EnterpriseDataEnterprise application serversTransport layer security through WS-security (extensions) an
86、d SSLTransport layer security through SSLLightweight PKI and Key distribution to a mobile userManagement and administrationEnterprise Security Architecture: A sample diagram of how security would fit into a typical web services application architecture36Copyright 2006 Accenture All Rights Reserved.S
87、OA Workshop V2.0ContentsSecurity and Web ServicesIndustry StandardsWS* In DetailPlatform SupportRecommendations37Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Vendor LandscapeHardware AppliancesWeb Access ManagementWeb Services Development ToolsProducts from different categories can
88、overlap in functionalityProducts can be combined to provide more complete security solutionsAccenture has divided vendors into three product categories38Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Vendor SupportWSS - UsernameWSS -X509WSS - SAMLWSS - KerberosWS-TrustWS-SCHardware Ap
89、pliancesWeb Access ManagementWeb Services Development PlatformsWSE 2WSE 2Tivoli FIM39Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0ContentsSecurity and Web ServicesIndustry StandardsWS* In DetailPlatform SupportRecommendations40Copyright 2006 Accenture All Rights Reserved.SOA Worksho
90、p V2.0Security Recommendations 1/2Check your requirements; Do not over-engineerCheck WS-I recommendations in thisStick with well-defined specifications:ratified in OASIS, with profiling done in WS-I (e.g. WS-Security Username, X509, SAML)Large vendor supportChoose your token wellUsername: requires d
91、irectoryX509: requires PKI; organizational authenticationSAML: rich token, statements about individual usersKerberos: generally not suitable for cross-organizational authentication41Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0Recommendations 2/2Check and Double Check Vendor ClaimsT
92、here is great promise in the WS* specs that are still to be handed over to OASIS, but they can currently only be considered in closed PoC deployment scenariosTake an incremental approach to securing web services: do what is cost-effective and possible now: WS-Securityadd other features later when th
93、e dust has settled: WS-Trust, WS-Policy, etc.42Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0ResourcesAccenture OfferingsSecurity Solutions home page http:/ Services Offering https:/ BodiesWeb Service Interoperability Organization http:/www.ws-i.orgOrganization for the Advancement of
94、 Structured Information Standards - http:/www.oasis-open.orgWorld Wide Consortium http:/www.w3.orgVendorsReactivity http:/Netegrity http:/Datapower Technology http:/Layer 7 Technology http:/43Copyright 2006 Accenture All Rights Reserved.SOA Workshop V2.0ContactsSecurity Practice LeadershipAlastair MacWillsonStephen A. B+44 20 7844 6131+1 650 213 2135Global LeadU.S. LeadSecuring Web Services OfferingDillon BoyerChristopher P. M+1 312 693 9162+1 312 693 007744Copyright 2006 Accenture All Rights Reserved.
