Configure UDDI Services Security
You can configure UDDI Services security options by using the UDDI Services snap-in. You can change the default authentication, encryption, and cryptography settings for a UDDI Services site.
Authentication
UDDI Services supports two basic types of authentication: UDDI publisher authentication and Windows authentication. Understanding the differences between these modes of authentication is an important part of determining which method to use for a specific UDDI Services deployment.
- UDDI Publisher Authentication: Supports authenticated publications using UDDI Publisher authentication, as defined in section 5.3 of the UDDI v3 Specification. All interaction with UDDI Services that uses this style of authentication occurs under the http://<server name>/uddipublic or https://<server name>/uddipublic virtual directory in IIS. The UDDI Services ASP.NET user interface supports only anonymous searching with this authentication mode.
- Windows Authentication: Supports authenticated publications using Windows Integrated Authentication. In this mode, any message passed to UDDI Services is authenticated based on the security context of the user that is generated by Windows at login. All interaction with UDDI Services that uses this type of authentication occurs under the http://<server name>/uddi or https://<servername>/uddi virtual directory in IIS. The UDDI Services ASP.NET user interface supports all functions with this authentication mode including searching, publishing, subscribing, and coordination.
To configure the authentication setting for a site, select one of the following:
- Windows Integrated and UDDI publisher authentication: Supports both Windows Integrated Authentication and UDDI Publisher authentication for publications. This is the default selection. Publication SOAP requests sent to http://<servername>/uddi or https://<servername>/uddi should use Windows Integrated Authentication and publication SOAP requests sent to http://<servername>/uddipublic or https://<servername>/uddipublic should use UDDI Publisher Authentication.
- UDDI publisher authentication: Supports UDDI Publisher authentication only for publications. If this option is selected, publication SOAP requests should be sent to http://<servername>/uddipublic or https://<servername>/uddipublic.
- Windows Integrated publisher authentication: Supports Windows Integrated Authentication only for publications. If this option is selected, publication SOAP requests should be sent to http://<servername>/uddi or https://<servername>/uddi.
- Authentication for read (inquiry) access: If this option is selected, this UDDI Services site mandates the use of Windows Integrated Authentication for UDDI Inquiry API requests into this site.
Membership in Administrators, or equivalent, is the minimum required to complete this procedure.
To select an authentication type
- Click Start, point to All Programs, point to Microsoft UDDI Services, and then click UDDI Services Management Console.
- In the console tree, click the UDDI Services site that you want to configure.
- On the Action menu, click Properties.
- Click the Security tab.
- Under Authenticated access, select the authentication type that you want to use, and then click OK.
Encryption
The use of Secure Sockets Layer (SSL) for publishing updates to the UDDI Services site is automatically selected during UDDI Services Basic configuration. SSL encryption provides increased security for communication between client computers and the UDDI Services Web Application. If you do not want to use SSL encryption, you can use Custom configuration to clear the Require SSL for publication to this UDDI Services site option on the Configure UDDI Services Database Component page. When using SSL encryption with UDDI Services, you must configure a server certificate for the Internet Information Services (IIS) service that hosts the UDDI Services Web Application and then create an HTTPS binding for the Web site. For more information about configuring server certificates on a Web server, see Configuring Server Certificates in IIS 7.0 at http://go.microsoft.com/fwlink/?LinkID=64327 . After the UDDI Services are configured, you can still enable or disable the SSL option by using the UDDI Services snap-in.
Membership in Administrators, or equivalent, is the minimum required to complete this procedure.
To enable or disable SSL
- Click Start, point to All Programs, point to Microsoft UDDI Services, and then click UDDI Services Management Console.
- In the console tree, click the UDDI Services site that you want to configure.
- On the Action menu, click Properties.
- Click the Security tab.
- Under Secure Communications, select or clear the Require SSL for publication requests to this site check box.
- Click OK.
Cryptography
You can change the default key settings that are used for UDDI publisher authentication. Cryptography settings include the following:
- SOAP authentication token expiration: SOAP authentication tokens communicate publisher credentials for UDDI publisher authenticated publications.
- Cryptography key time-out: The cryptography key is used to generate SOAP authentication tokens.
Membership in Administrators, or equivalent, is the minimum required to complete this procedure.
To change cryptography settings
- Click Start, point to All Programs, point to Microsoft UDDI Services, and then click UDDI Services Management Console.
- In the console tree, click the UDDI Services site that you want to configure.
- On the Action menu, click Properties.
- Under Cryptography, click Change, and then modify one of the following:
- SOAP Authentication Token Expiration:
Use the up or down arrow to change the time, in minutes, after which tokens that are issued for publication will expire. - Cryptography Key Timeout:
To reset the cryptography key that is used to encrypt SOAP authentication tokens now, click Reset Now.
To automatically reset the cryptography key after a certain number of days, select the Automatically reset cryptography key check box, and then specify the number of days by using the up or down arrow.
- SOAP Authentication Token Expiration:
- Click OK twice.
No comments:
Post a Comment