WebService官方文档WebServicesFederationLanguage(WS-Federation)资源-CSDN文库

共1个文件

pdf：1个

需积分: 10 56 浏览量 2009-05-09 20:17:13 上传评论收藏 1.1MB RAR 举报

**Web服务联邦语言（WS-Federation）详解** Web服务是一种基于开放标准的互联网通信协议，允许不同系统间的软件应用程序相互通信。WS-Federation是Web服务安全框架的一部分，旨在促进跨组织的身份验证和授权。本官方文档深入探讨了WS-Federation的原理、结构和实施细节，为开发者提供了一个全面理解这一协议的平台。 **1. WS-Federation概述** WS-Federation的核心目标是消除身份验证和授权的障碍，使得用户可以在多个信任域之间无缝地移动，而无需重新登录。它通过定义一种标准化的方式来处理身份令牌，这些令牌携带了关于用户身份和权限的信息。这种跨域身份管理的能力对于构建分布式和云环境中的应用程序至关重要。 **2. 协议组件** WS-Federation包括几个关键组件： - **身份提供者（Identity Provider, IdP）**：负责验证用户身份并发放身份令牌。 - **服务提供者（Service Provider, SP）**：需要验证用户身份才能提供服务的应用程序。 - **信任关系（Trust Relationships）**：定义IdP和服务提供者之间的相互信任。 - **令牌（Tokens）**：安全地传输用户身份信息的载体。 - **安全令牌服务（Security Token Service, STS）**：作为中介，可以将一个域的令牌转换为另一个域接受的令牌。 **3. WS-Federation协议流程** 典型的WS-Federation流程包括以下步骤： 1. 用户尝试访问服务提供者资源。 2. 服务提供者发现用户没有有效的令牌，重定向用户到IdP进行身份验证。 3. 用户在IdP上输入凭证，IdP验证后发放身份令牌。 4. 用户被重定向回服务提供者，携带IdP颁发的令牌。 5. 服务提供者验证令牌，并基于令牌内容决定是否授权用户访问资源。 **4. WS-Federation与WS-Trust的关系** WS-Trust是另一个Web服务安全协议，它定义了如何请求、验证和交换安全令牌。WS-Federation经常与WS-Trust结合使用，因为后者提供了令牌获取和验证的机制。 **5. 安全与隐私考虑** WS-Federation设计时充分考虑了安全性和隐私保护。例如，使用HTTPS进行传输以确保通信的机密性和完整性，支持不同级别的安全令牌（如SAML令牌），以及对令牌的加密和签名来防止篡改。 **6. 实施与兼容性** WS-Federation标准已被许多厂商和开源项目采纳，如Microsoft的Active Directory Federation Services (ADFS) 和OAuth 2.0的某些实现。这确保了跨平台和跨系统的互操作性。 **7. 文件“WS-Federation-V1-1B.pdf”** 这个PDF文档详细介绍了WS-Federation的版本1.1，包括规范、用例和实现指南。通过阅读这份文档，开发者能够深入理解WS-Federation的工作原理，从而在实际项目中有效应用。 WS-Federation是Web服务领域中解决跨域身份验证和授权问题的关键协议，它为构建安全、可扩展的分布式系统提供了强大的工具。通过深入研究官方文档，开发者可以更好地理解和利用这一协议，提升其应用的安全性和用户体验。

资源详情

资源评论

资源推荐

收起资源包目录

WS-Federation-V1-1B.rar （1个子文件）

WS-Federation-V1-1B.pdf 1.25MB

Web Services Federation Language (WS-

Federation)

Version 1.1

December 2006

Authors

Hal Lockhart, BEA

Steve Andersen, BMC Software

Jeff Bohren, BMC Software

Yakov Sverdlov, CA Inc.

Maryann Hondo, IBM

Hiroshi Maruyama, IBM

Anthony Nadalin (Editor), IBM

Nataraj Nagaratnam, IBM

Toufic Boubez, Layer 7 Technologies, Inc.

K Scott Morrison, Layer 7 Technologies, Inc.

Chris Kaler (Editor), Microsoft

Arun Nanda, Microsoft

Don Schmidt, Microsoft

Doug Walters, Microsoft

Hervey Wilson, Microsoft

Lloyd Burch, Novell, Inc.

Doug Earl, Novell, Inc.

Siddharth Baja, VeriSign

Hemma Prafullchandra, VeriSign

Corporation, Layer 7 Technologies, Microsoft Corporation, Inc., Novell, Inc. and VeriSign,

Permission to copy and display the WS-Federation Specification (the "Specification", which

includes WSDL and schema documents), in any medium without fee or royalty is hereby

granted, provided that you include the following on ALL copies of the Specification, that you

make:

1. A link or URL to the Specification at one of the Authors’ websites

2. The copyright notice as shown in the Specification.

BEA Systems, BMC Software, CA Inc., IBM, Layer 7 Technologies, Microsoft, Novell and

VeriSign (collectively, the "Authors") each agree to grant you a license, under royalty-free

and otherwise reasonable, non-discriminatory terms and conditions, to their respective

essential patent claims that they deem necessary to implement the Specification.

THE SPECIFICATION IS PROVIDED "AS IS," AND THE AUTHORS MAKE NO

REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT

LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,

NON-INFRINGEMENT, OR TITLE; THAT THE CONTENTS OF THE SPECIFICATION ARE

SUITABLE FOR ANY PURPOSE; NOR THAT THE IMPLEMENTATION OF SUCH CONTENTS WILL

NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER

RIGHTS.

THE AUTHORS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR

CONSEQUENTIAL DAMAGES ARISING OUT OF OR RELATING TO ANY USE OR DISTRIBUTION

OF THE SPECIFICATION.

The name and trademarks of the Authors may NOT be used in any manner, including

advertising or publicity pertaining to the Specification or its contents without specific,

written prior permission. Title to copyright in the Specification will at

all times remain with the Authors.

No other rights are granted by implication, estoppel or otherwise.

Abstract

This specification defines mechanisms to allow different security realms to federate, such

that authorized access to resources managed in one realm can be provided to security

principals whose identities and attributes are managed in other realms. This includes

mechanisms for brokering of identity, attribute, authentication and authorization assertions

between realms, and privacy of federated claims.

Modular Architecture

By using the XML, SOAP and WSDL extensibility models, the WS-* specifications are

designed to be composed with each other to provide a rich Web services environment. WS-

Federation by itself does not provide a complete security solution for Web services. WS-

Federation is a building block that is used in conjunction with other Web service, transport,

and application-specific protocols to accommodate a wide variety of security models.

Status

This WS-Federation Specification is a public draft release and is provided for review and

evaluation only. The Authors hope to solicit your contributions and suggestions in the near

future. The Authors make no warrantees or representations regarding the specifications in

any manner whatsoever.

Table of Contents

1. Introduction

1.1. Document Roadmap

1.2. Goals and Requirements

1.2.1 Requirements

1.2.2 Non-Goals

1.3. Notational Conventions

1.4. Namespaces

1.5. Schema and WSDL Files

1.6. Terminology

1.7. Compliance

2. Model

2.1. Federation Basics

2.2. Metadata Model

2.3. Security Model

2.4. Trust Topologies and Security Token Issuance

2.5. Identity Providers

2.6. Attributes and Pseudonyms

2.7. Attributes, Pseudonyms, and IP/STS Services

3. Federation Metadata

3.1 Federation Metadata Document

3.1.1. Referencing Other Metadata Documents

3.1.2 TokenSigningKeyInfo Element

3.1.3 TokenKeyTransferKeyInfo Element

3.1.4 IssuerNamesOffered Element

3.1.5 TokenIssuerName Element

3.1.6 TokenIssuerEndpoint Element

3.1.7 PseudonymServiceEndpoint Element

3.1.8 AttributeServiceEndpoint Element

3.1.9 SingleSignOutSubscripionEndpoint Element

3.1.10 SingleSignOutNotificationEndpoint Element

3.1.11 TokenTypesOffered Element

3.1.12 UriNamedClaimTypesOffered Element

3.1.13 AutomaticPseudonyms Element

3.1.14 [Signature] Property

3.1.15 Example Federation Metadata Document

3.2. Acquiring the Federation Metadata Document

3.2.1 WSDL

3.2.2 The Federation Metadata Path

3.2.3 Retrieval Mechanisms

3.2.4 FederatedMetadataHandler Header

3.2.5 Metadata Exchange Dialect

3.2.6 Publishing Federation Metadata Location

3.2.7 Federation Metadata Acquisition Security

4. Sign-Out

4.1. Sign-Out Message

4.2. Federating Sign-Out Messages

5. Attribute Service

6. Pseudonym Service

6.1. Filtering Pseudonyms

6.2. Getting Pseudonyms

6.3. Setting Pseudonyms

6.4. Deleting Pseudonyms

6.5. Creating Pseudonyms

7. Security Tokens and Pseudonyms

7.1. RST and RSTR Extensions

7.2. Usernames and Passwords

7.3. Public Keys

7.4. Symmetric Keys

8. Additional WS-Trust Extensions

8.1. Reference Tokens

8.2. Indicating Federations

8.3. Obtaining Proof Tokens from Validation

8.4. Client-Based Pseudonyms

8.5. Indicating Freshness Requirements

9. Authorization

9.1. Authorization Model

9.2 Indicating Authorization Context

9.3 Common Claim Dialect

9.4. Authorization Requirements

10. Indicating Specific Policy/Metadata

11. Authentication Types

12. Privacy

12.1 Confidential Tokens

12.2 Parameter Confirmation

12.3 Privacy Statements

13. Web (Passive) Requestors

13.1. Approach

13.1.1. Sign-On

13.1.2. Sign-Out

13.1.3. Attributes

13.1.4. Pseudonyms

13.1.5. Artifacts/Cookies

13.1.6. Bearer Tokens and Token References

13.1.7. Freshness

13.2. HTTP Protocol Syntax

13.2.1. Parameters

13.2.2. Requesting Security Tokens

13.2.3. Returning Security Tokens

13.2.4. Sign-Out Request Syntax

13.2.5. Attribute Request Syntax

13.2.6. Pseudonym Request Syntax

13.3. Detailed Example of Web Requester Syntax

13.4. Request and Result References

13.5. Home Realm Discovery

13.5.1 Discovery Service

13.6. Minimum Requirements

13.6.1 Requesting Security Tokens

13.6.2 Returning Security Tokens

13.6.3 Details of the RequestSecurityTokenResponse element

13.6.4 Details of the Returned Security Token Signature

13.6.5 Request and Response References

14. Additional Policy Assertions

14.1. RequireReferenceToken Assertion

14.2. WebBinding Assertion

14.3. Authorization Policy

15 Error Handling

16. Security Considerations

17. Acknowledgements

18. References

Appendix I - WSDL

Appendix II. Sample HTTP Flows for Web Requestor Detailed Example

Appendix III. Sample Use Cases

III.1. Single Sign On

III.2. Sign-Out

III.3. Attributes

III.4. Pseudonyms

III.5. Detailed Example

III.6. No Resource STS

III.7. 3

-Party STS

III.8. Delegated Resource Access

III.9. Additional Web Examples

III.9.1. No Resource STS

III.9.2. 3

-Party STS

III.9.3. Sign-Out

III.9.4. Delegated Resource Access

评论收藏

内容反馈

decarl

粉丝: 6
资源: 24

Web Service 官方文档 Web Services Federation Language(WS-Federation)

评论0

最新资源

Web Service 官方文档 Web Services Federation Language(WS-Federation)

评论0

webservice开发文档

cmdbuild webservice官方说明文档

spring web service 官网示例 基于spring-ws

spring-ws 中文文档

WS-Security.pdf

Understanding SOA with Web service( 中英版)

Web Services Enhancements 3.0 Hands On Lab - Security

WebService服务的安全控制程序例子源码[Security- Web services the secure ]

asp-net-mvc4-sso:示例 ASP.NET MVC4 应用程序，用于演示使用 WS-Federation 和 SAML2 的 SSO

webservice demo

webservice的入门文档

webservice笔记

webservice学习视频

webservice开发资料

webservice

c# asp.net interview

ASP.net常见面试题

2022金蝶云星空插件开发学习文档.zip

《基础实验》期末考试试题 综合大作业

OpenCV4 (4.0.0) 离线文档

Imatest 详细教程

activiti中文文档

150个ChatGPT提示词模板，多种使用方式一网打尽！（完整版）.zip

最全matlab遗传算法工具箱

中文版-SAP S4 MM模块官方标准教材-SAP S4HANA寻源与采购中的业务流程 S4500_ZH_Col12 共154页 2019年编著.pdf

海康Api接口

中兴2017年招聘在线测试综合题及答案解析.pdf

软件项目开发的文档(全套).zip

STM32F103C8T6引脚功能表.pdf

JAVA著名免费框架若依前后端分离项目详细部署文档

最新资源

spring web service 官网示例基于spring-ws

《基础实验》期末考试试题综合大作业