Download Panel: Security and the World Wide Web

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts
no text concepts found
Transcript 
Copyright 1997 IEEE. See full copyright notice at Table of Contents.
Panel: Security and the World Wide Web
Win Treese
[email protected]
Open Market, Inc.
245 First St. Cambridge, MA 02142
The World-Wide Web has emerged as a primary
means of sharing information on the Internet. It is
also a powerful platform for building applications and
tying together disparate data sources. As the Web has
grown, the demand for security services has grown as
well. New applications such as electronic commerce,
business transactions, and internal information sharing have driven the development of many different approaches to security on the Web.
Three years ago, security on the World-Wide Web
largely meant authentication with passwords sent in
the clear. Early security proposals included Secure
HTTP (S-HTTP) and Shen, which provided rich security models but did not achieve widespread use. These
protocols added capabilities for encryption, strong authentication, and digital signatures for Web documents.
Today, security on the World-Wide Web usually
means the use of the Secure Sockets Layer (SSL). SSL
provides an encrypted communications channel. It uses
public key certificates for authentication of servers and
optional authentication of clients. Version 3 of the
SSL protocol was released earlier in 1996, and it has
quickly become common in both Web browsers and
servers. SSL version 3 improved the client authentication capabilities, and certifying authorities that can
issue the necessary certificates have emerged to support
them. The Internet Engineering Task Force (IETF) has
chartered its Transport Layer Security (TLS) Working
Group to specify a standard security protocol of this
type.
More recently, the development of downloadable
code, using technologies such as Java and ActiveX, has
raised new risks. One response has been a set of proposals for digital signatures on downloaded code to authenticate the origin of programs.
Many organizations protect their networks with firewalls, isolating the internal network from the public
Internet. Allowing security protocols through firewalls
has posed a technical challenge as well as questions
about appropriate security policies for such systems.
Should Web clients authenticate themselves to the firewall before being allowed to make external connections? Should the firewall be able to read the data on
a connection, in order to ensure that corporate policies
are being followed?
Other work has looked at how to bring wellestablished security protocols to the Web. One example is the integration of the Web with the Open Group's
Distributed Computing Environment (DCE).
This panel will examine the current state of security
on the Web and discuss some of the challenges facing
the Web community today. We will also look at the
security problems and potential solutions on the road
ahead.
Related documents
Chapter 19
Chapter 19
Powerpoint Slides
Powerpoint Slides
Name : Ahmed AL_Balawi ID: 200600112
Name : Ahmed AL_Balawi ID: 200600112
Chapter 24 - William Stallings, Data and Computer
Chapter 24 - William Stallings, Data and Computer
Network Security
Network Security
Slides for lecture 26
Slides for lecture 26
Figure 32.33: Packet
Figure 32.33: Packet
Chapter 12 slides
Chapter 12 slides
“Stronger” Web Authentication: A Security Review
“Stronger” Web Authentication: A Security Review
Electronic Payment Systems
Electronic Payment Systems
Course Learning Objectives:
Course Learning Objectives:
Lecture 7, Part 2
Lecture 7, Part 2
Web Security
Web Security
Britestream Applied: Check Point NGX Web Intelligence Accelerator
Britestream Applied: Check Point NGX Web Intelligence Accelerator
ws-security-framewor..
ws-security-framewor..
Rocket® Blue Zone Security Server
Rocket® Blue Zone Security Server
Protocol Overview
Protocol Overview
Hardware Building Blocks and Encoding
Hardware Building Blocks and Encoding
Internet Yesterday, Today and Tomorrow
Internet Yesterday, Today and Tomorrow
Secure Mobility - Grand Rapids ISSA
Secure Mobility - Grand Rapids ISSA
Protocol Overview
Protocol Overview
Net+ Chapter 1
Net+ Chapter 1