This week was my first time presentation in my lab. I selected the International Journal of Information Management paper "Mapping the reasons for resistance to Internet banking: A mean-end approach" by Tuire Kuisma, Tommi Laukkanen, from University of Kuopio, and Mika Hiltunen from Nordea Bank Finland.
They did research in Finland. Because eventhough Finland can be considered as one of the leading coutries in e-Banking, but some people still use ATM as the main method for payment. This issue also surprised me.
They used the method called mean-end method together with the laddering technique interview to get and analyze the data. Some of the reasons of resistance are out of my thought also. For example, lacking of barcode reader issue.
For the main idea, the resistance to the Internet banking can be consisted of Newness, Lacking of Computer/Internet/Info/Official Receipt/Barcode reader, changeable password, unclear proceeding monitor, etc.
I hope that one day Thailand will be able to adopt Internet banking as the main method for payment system, too.
Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts
Friday, April 30, 2010
Friday, February 27, 2009
Let's Talk about .. Security
Last Wednesday I joined the meeting of my department. One of many parts was about security. Mr Sahassawat from AC InfoTech described about the security to us.
The reason that the organization needs security policy consists of to protect the organization, protect business and employees, set the rules for expected behavior- the prohibited activities, be used for authorize activities, be used for approved operational steps, and legal compliance.
Policy is a part of security the global standard of security is ISO27001 (Global Standard Code of Protection for information security management). Now Thailand has 20 certificates of this ISO.
Policy can declare the direction of the organization and policy is an intelligent property of the organization.
The reason that the organization needs security policy consists of to protect the organization, protect business and employees, set the rules for expected behavior- the prohibited activities, be used for authorize activities, be used for approved operational steps, and legal compliance.
Policy is a part of security the global standard of security is ISO27001 (Global Standard Code of Protection for information security management). Now Thailand has 20 certificates of this ISO.
Policy can declare the direction of the organization and policy is an intelligent property of the organization.
Thursday, January 29, 2009
Let's Talk about .. Visual Studio 2005-Web Services Enhancements 3.0
Today I participated a mini course of Web Services Enhancements (WSE) 3.0, instructed by Dr. Gorn Tepvorachai and Mr.Suppakrit Forbes Chatchayanusorn from Standards & Methodology Team, IT Department, BOT.
Since I have to develop the web services that return some credential results, WSE 3.0 is the solution they suggested me.
The basic concept of WSE 3.0 is there is a connection between web site and web service that makes it unable to be called directly via URL.
The instruction to Declare Security and Policy by WSE 3.0
-Check Your Web Service comes from New Web Site->ASP.NET Web Service
-Install WSE 3.0
-Open Solution of VS2005
- Check out the project of Web Service
-Right click at the project of Web Service
-Click WSE Settings 3.0 (at the buttom)
-In General tab, check Enable the project for Web Services Enhancements
-Check Enable Microsoft Web Services Enhancements Soap Protocol Factory
-In Diasnostics tab, Check Enable Message Trace
-Click OK button
-Check your web.config, is it added section tag with microsoft.web.services3
-Deploy your Web Service
-Try to call your web service via web browser (optional)
At WebSite:
-Check your Web Site project
-Right Click at WebSite project
-Click at WSE Settings 3.0
-In General tab, check Enable the project for Web Services Enhancement
-Update your web service
-Rebuild your project
-Test that your web is still able to call your web service
- If ok, now it's a step to set the policy.
At WebService Side:
-Right click at web service project
-Click at WSE Settings 3.0
-In Policy tab, check Enable Policy
-Click Add button
-Type your Policy Name
-Click OK
-Click Next
-Do you want to secure a service or a client?, Select Secure a service application
-Choose Client Authentication Method, for me I choose Username
-Click Next
-Click Next
-Uncheck Establish Secure Session
-Click Next
-Click Select Certificate button, if any
-Click Next
-The summary message appears, click Finish
-Now you will get [yourPolycy]Cache.config file
-Open your dot vb file of Web Service
-Under WebServiceBinding tag, add Policy tag => //Policy("YourPolicyName")> _
At WebSite:
-Right click at you project
-Click at WSE Settings 3.0
-In Policy tab, enable policy
-Add Policy
-Click OK button
-Click Next button
-Select Secure a client application
-Select authentication mode, for me I use username
-Click Next button
-Enable Perform Authorization
-Add User or Add Role
Note: if you want to use the local user or local group as the role you can see the instruction at
http://natttech.blogspot.com/2009/02/lets-talk-about-windows-server-2003.html
-Uncheck the Establish Secure Session
-Click Next button
-Select Certificate, if any
-Click Finish button
-Click OK button
-Open you dot vb file that call the Web Service
-Modify it, for example, this is my old one before modification,
[VB.Net]
Dim ServiceGetResult As New MyWeb.Business.GetResult.NATTService
change to
[VB.Net]
Dim ServiceGetResult As New MyWeb.Business.GetResult.NATTService
ServiceGetResult.SetClientCredential(Of UsernameToken)(New UsernameToken("NATTusername", "NATTpassword", PasswordOption.SendHashed))
'NATTusername and NATTpassword are your username and password.
ServiceGetResult.SetPolicy("NATT Client Policy")
'NATT Client Policy is my WebSite Policy name.
hidResult.Value = ServiceGetResult.GetResultByID(txtID.Text)
At Web Service:
Because I want to check the role of user/Web Site that call the method of my web service, so I have to add the authorize function to my web service code.
-Open your dot vb file of your web service
-Add imports System.Security.Principal
-Add imports Microsoft.Web.Services3.Security.Tokens
-Add Authorization() function
[VB.Net]
Private Sub Authorization(ByVal inputRole As String)
Dim pPrincipal As IPrincipal = RequestSoapContext.Current.Credentials.UltimateReceiver.GetClientToken(Of UsernameToken)().Principal
If Not pPrincipal Is Nothing And p.IsInRole(role) Then
Return
Else
Throw New SoapException("Access denied.", New XmlQualifiedName("Authorization"))
End If
End Sub
-Add Authorization("YourRoleName") inside your method before doing anything
Note that YourRoleName is the username or role name that you specified in WSE setting.
-Deploy your web service
At WebSite:
-Update your Web Service
Now only the user or member of role group that you specified will be juct a group that can use that method of your web service.
Since I have to develop the web services that return some credential results, WSE 3.0 is the solution they suggested me.
The basic concept of WSE 3.0 is there is a connection between web site and web service that makes it unable to be called directly via URL.
The instruction to Declare Security and Policy by WSE 3.0
NOTE: Make sure that you already installed WSE3.0 (runtime) to your server both WebSite and Web Service and WSE3.0 (Visual Studio Developer) on your developing machine.
At WebService Side:
-Check Your Web Service comes from New Web Site->ASP.NET Web Service
-Install WSE 3.0
-Open Solution of VS2005
- Check out the project of Web Service
-Right click at the project of Web Service
-Click WSE Settings 3.0 (at the buttom)
-In General tab, check Enable the project for Web Services Enhancements
-Check Enable Microsoft Web Services Enhancements Soap Protocol Factory
-In Diasnostics tab, Check Enable Message Trace
-Click OK button
-Check your web.config, is it added section tag with microsoft.web.services3
-Deploy your Web Service
-Try to call your web service via web browser (optional)
At WebSite:
-Check your Web Site project
-Right Click at WebSite project
-Click at WSE Settings 3.0
-In General tab, check Enable the project for Web Services Enhancement
-Update your web service
-Rebuild your project
-Test that your web is still able to call your web service
- If ok, now it's a step to set the policy.
At WebService Side:
-Right click at web service project
-Click at WSE Settings 3.0
-In Policy tab, check Enable Policy
-Click Add button
-Type your Policy Name
-Click OK
-Click Next
-Do you want to secure a service or a client?, Select Secure a service application
-Choose Client Authentication Method, for me I choose Username
-Click Next
-Click Next
-Uncheck Establish Secure Session
-Click Next
-Click Select Certificate button, if any
-Click Next
-The summary message appears, click Finish
-Now you will get [yourPolycy]Cache.config file
-Open your dot vb file of Web Service
-Under WebServiceBinding tag, add Policy tag => //Policy("YourPolicyName")> _
At WebSite:
-Right click at you project
-Click at WSE Settings 3.0
-In Policy tab, enable policy
-Add Policy
-Click OK button
-Click Next button
-Select Secure a client application
-Select authentication mode, for me I use username
-Click Next button
-Enable Perform Authorization
-Add User or Add Role
Note: if you want to use the local user or local group as the role you can see the instruction at
http://natttech.blogspot.com/2009/02/lets-talk-about-windows-server-2003.html
-Uncheck the Establish Secure Session
-Click Next button
-Select Certificate, if any
-Click Finish button
-Click OK button
-Open you dot vb file that call the Web Service
-Modify it, for example, this is my old one before modification,
[VB.Net]
Dim ServiceGetResult As New MyWeb.Business.GetResult.NATTService
change to
[VB.Net]
Dim ServiceGetResult As New MyWeb.Business.GetResult.NATTService
ServiceGetResult.SetClientCredential(Of UsernameToken)(New UsernameToken("NATTusername", "NATTpassword", PasswordOption.SendHashed))
'NATTusername and NATTpassword are your username and password.
ServiceGetResult.SetPolicy("NATT Client Policy")
'NATT Client Policy is my WebSite Policy name.
hidResult.Value = ServiceGetResult.GetResultByID(txtID.Text)
At Web Service:
Because I want to check the role of user/Web Site that call the method of my web service, so I have to add the authorize function to my web service code.
-Open your dot vb file of your web service
-Add imports System.Security.Principal
-Add imports Microsoft.Web.Services3.Security.Tokens
-Add Authorization() function
[VB.Net]
Private Sub Authorization(ByVal inputRole As String)
Dim pPrincipal As IPrincipal = RequestSoapContext.Current.Credentials.UltimateReceiver.GetClientToken(Of UsernameToken)().Principal
If Not pPrincipal Is Nothing And p.IsInRole(role) Then
Return
Else
Throw New SoapException("Access denied.", New XmlQualifiedName("Authorization"))
End If
End Sub
-Add Authorization("YourRoleName") inside your method before doing anything
Note that YourRoleName is the username or role name that you specified in WSE setting.
-Deploy your web service
At WebSite:
-Update your Web Service
Now only the user or member of role group that you specified will be juct a group that can use that method of your web service.
Subscribe to:
Posts (Atom)