Chapter 7: Technical Supplements

 
Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Chapter 7: Technical Supplements

patterns & practices Developer Center

Web Service Security: Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0

Microsoft Corporation

patterns & practices Developer Center
Web Service Security: Home
December 2005

DownloadDownload this guide in PDF format
CommunityWeb Service Security Community Workspace [Content link no longer available, original URL:http://go.microsoft.com/fwlink/?LinkId=57044]

This chapter contains technical supplements for Kerberos and X.509 brokered authentication patterns. You can use these supplements in addition to the design and implementation patterns for their respective technologies. The supplements include specific guidance that may not directly relate to each design or implementation pattern, but they are likely to be important resources as you consider deploying a solution into production.

The Kerberos Technical Supplement for Windows includes:

  • In-depth detail about how the Kerberos version 5 protocol is implemented on Windows Server 2003, including information on topics such as Local Security Authority (LSA), Security Support Provider Interface (SSPI), and key management.
  • Definition and configuration of service accounts for Web services.
  • Configuration of service principal names (SPNs) for use with Windows integrated authentication and message layer security.
  • Kerberos operations for Web services that include the configuration of domain accounts and deploying Web farms using message layer security.
  • Troubleshooting common Kerberos issues.

The X.509 Technical Supplement includes:

  • An overview of public key cryptography, X.509 certificates, and digital signatures.
  • Various uses of X.509 certificates to provide security.
  • An overview of certificate authorities and certificate revocation.

Information about how to obtain an X.509 certificate.

patterns & practices Developer Center

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Show: