Ç¥ÁØÈ­ Âü¿©¾È³»

TTAÀÇ Ç¥ÁØÇöȲ

Ȩ > Ç¥ÁØÈ­ °³¿ä > TTAÀÇ Ç¥ÁØÇöȲ

Ç¥ÁعøÈ£ TTAE.OT-10.0109 ±¸Ç¥ÁعøÈ£
Á¦°³Á¤ÀÏ 2007-12-26 ÃÑÆäÀÌÁö 50
ÇѱÛÇ¥Áظí À¥¼­ºñ½º ¾ÈÀüÇÑ ´ëÈ­ v1.3
¿µ¹®Ç¥Áظí WS-SecureConversation 1.3
Çѱ۳»¿ë¿ä¾à WS-Security¿¡¼­ Á¤ÀÇµÈ ¸ÞÄ¿´ÏÁòÀº ´Ù¼öÀÇ ¸Þ½ÃÁö ±³È¯À» À§ÇØ Á¤ÀÇµÈ ¾ÈÀüÇÑ ¸Þ½Ã
¡ ¹æ¹ýÀ» Á¦°øÇÑ´Ù. WS-SecureConversationÀº ¾ÈÀüÇÑ ÄÁÅýºÆ®ÀÇ È®¸³°ú °øÀ¯, ¼¼¼ÇÅ°
À¯µµ ¹æ½Ä¿¡ ´ëÇÑ È®ÀåÀ» Á¦°øÇÑ´Ù. ÀÌ°ÍÀº ¾ÈÀüÇÑ ÄÁÅýºÆ®¸¦ ¼³Á¤ÇÏ°í, º¸´Ù È¿°úÀûÀÎ
Å°¿Í ±³È¯µÇ´Â Å°°ü·Ã ³»¿ëÀ» Çã¿ëÇϸç, ÀüüÀûÀÎ ¼º´É°ú °è¼ÓµÇ´Â ±³È¯¿¡¼­ÀÇ ¾ÈÀü¼ºÀ»
³ôÀδÙ. WS-Security Ç¥ÁØÀº ¸Þ½ÃÁö ÀÎÁõ ¸ðµ¨¿¡ ÁßÁ¡À» µÎ±â ¶§¹®¿¡, WSSecureConversationÀº
¸¹Àº °æ¿ì¿¡ À¯¿ëÇÏÁö¸¸, Ưº°È÷ ¾î¶² ÇüÅÂÀÇ °ø°Ý¿¡ ´ëºñÇϱ⠿¡
À¯¿ëÇÏ´Ù. µû¶ó¼­, º» Ç¥ÁØÀº ¾ÈÀüÇÑ ÄÁÅýºÆ®¿Í ±×ÀÇ »ç¿ë¿¡ ´ëÇØ ¼Ò°³Çϸç, ÄÁÅýºÆ®
ÀÎÁõ¸ðµ¨À» ÅëÇØ ´Ù¼öÀÇ ¸Þ½ÃÁö¸¦ ÀÎÁõÇÏ´Â ±â¹ýÀ» Á¦½ÃÇÑ´Ù. ÇÏÁö¸¸, ¸¸¾à ÀÎÁõÀÌ Á¤»ó
ÀûÀÎ ¾ÖÇø®ÄÉÀÌ¼Ç ¸Þ½ÃÁö ±³È¯ Àü¿¡ ÁøÇàµÇ¾î¾ß ÇÑ´Ù¸é ºÎ°¡ÀûÀÎ µ¥ÀÌÅÍ ¼Û½ÅÀ» ¿ä±¸ÇÑ
´Ù.
¿µ¹®³»¿ë¿ä¾à The mechanisms defined in [WS-Security] provide the basic mechanisms on top of
which secure messaging semantics can be defined for multiple message exchanges.
WS-SecureConversation defines extensions to allow security context establishment and
sharing, and session key derivation. This allows contexts to be established and
potentially more efficient keys or new key material to be exchanged, thereby increasing
the overall performance and security of the subsequent exchanges.
The [WS-Security] specification focuses on the message authentication model.
This approach, while useful in many situations, is subject to several forms of attack.
Accordingly, this specification introduces a security context and its usage. The
context authentication model authenticates a series of messages thereby addressing
these shortcomings, but requires additional communications if authentication happens
prior to normal application exchanges. The security context is defined as a new [WSSecurity]
token type that is obtained using a binding of [WS-Trust].
±¹Á¦Ç¥ÁØ
°ü·ÃÆÄÀÏ TTAE.OT-10.0109_ed15.pdf TTAE.OT-10.0109_ed15.pdf            

ÀÌÀü
½º¸¶Æ® Æ®·£½ºµà¼­ÀÇ µðÁöÅÐ Á¦¾î¸¦ À§ÇÑ ÀÎÅÍÆäÀ̽º ¸ðµâ
´ÙÀ½
½º¸¶Æ® Æ®·£½ºµà¼­ÀÇ µðÁöÅÐ Á¦¾î¸¦ À§ÇÑ ÀåÄ¡ µ¶¸³Àû ÀÎÅÍÆäÀ̽º