CIS*6650.01 Service-Oriented Computing

Qusay H. MahmoudQusay H. Mahmoud CIS*6650.01CIS*6650.01 11

CIS*6650.01CIS*6650.01Service-Oriented ComputingService-Oriented Computing

Qusay H. Mahmoud, Ph.D.Qusay H. Mahmoud, Ph.D.

[email protected]@uoguelph.ca


Securing Web ServicesSecuring Web Services

Security and ProtectionSecurity and Protection

CryptographyCryptography– Encryption/DecryptionEncryption/Decryption– Digital signaturesDigital signatures– CertificatesCertificates– Message digestsMessage digests

SSL and Web servicesSSL and Web services

Standards for securing Web servicesStandards for securing Web services


Introduction to SecurityIntroduction to SecuritySecurity: safety from damage and unauthorized useSecurity: safety from damage and unauthorized use

Protection: mechanisms for achieving securityProtection: mechanisms for achieving security

Threats:Threats:– Eavesdropping: obtaining copies of messages without Eavesdropping: obtaining copies of messages without

authorityauthority– Masquerading: impersonating someoneMasquerading: impersonating someone– Tampering: unauthorized alteration of informationTampering: unauthorized alteration of information– Replaying: Storing intercepted messages and sending them Replaying: Storing intercepted messages and sending them

at a later dateat a later date– Denial of service: flooding a channel or other resources with Denial of service: flooding a channel or other resources with

messages in order to deny access to othersmessages in order to deny access to others


Designing Secure ServicesDesigning Secure ServicesAssume the worstAssume the worst

Construct a list of threats (methods by which security Construct a list of threats (methods by which security policies might be violated)policies might be violated)

Show that each threat is prevented by the Show that each threat is prevented by the mechanisms employed in your systemmechanisms employed in your system

The list may not be exhaustive; use auditing methods The list may not be exhaustive; use auditing methods (secure log of transactions: timestamps of actions, (secure log of transactions: timestamps of actions, identities, operation(s) performed)identities, operation(s) performed)

Balance cost against threats:Balance cost against threats:– A cost in computational effort and in network usageA cost in computational effort and in network usage– Inappropriately specified security measures exclude users Inappropriately specified security measures exclude users

from performing necessary actionsfrom performing necessary actions


Worst-case AssumptionsWorst-case AssumptionsDesign guidelines:Design guidelines:– Interfaces are exposedInterfaces are exposed– Networks are insecureNetworks are insecure– Limit the lifetime and scope of each secret (e.g. Limit the lifetime and scope of each secret (e.g.

change passwords every month)change passwords every month)– Attackers may have access to large resourcesAttackers may have access to large resources– Minimize the trusted baseMinimize the trusted base

Security is implemented by program that must be trustedSecurity is implemented by program that must be trusted


Protection TechniquesProtection TechniquesEncryption and decryptionEncryption and decryption

Secrecy and integritySecrecy and integrity

AuthenticationAuthentication

Digital signaturesDigital signatures

CertificatesCertificates

Access control listsAccess control lists

FirewallsFirewalls


CryptographyCryptographyEncryptionEncryption– The process of encoding a message to hide its The process of encoding a message to hide its

contentcontentScramble plain text into cipher (encrypted) textScramble plain text into cipher (encrypted) text

– Based on the use of secrets called “keys”Based on the use of secrets called “keys”– A cryptographic key is a parameter used in an A cryptographic key is a parameter used in an

encryption algorithm in such a way that the encryption algorithm in such a way that the encrypted message cannot be reversed without encrypted message cannot be reversed without knowledge of the keyknowledge of the key

– Two classes:Two classes:Shared secret key cryptosystems (private encryption)Shared secret key cryptosystems (private encryption)Public key cryptosystemsPublic key cryptosystems


CryptographyCryptographyPlays three rolesPlays three roles– Secrecy and integritySecrecy and integrity

Only the intended receiver should be able to read the Only the intended receiver should be able to read the messagemessage

– AuthenticationAuthenticationSender and receiver able to identify each otherSender and receiver able to identify each other

– Digital signaturesDigital signaturesEmulate the role of conventional signatures: verify to a Emulate the role of conventional signatures: verify to a third party that a message is an unaltered copy of one third party that a message is an unaltered copy of one produced by the signerproduced by the signer


Secrecy and IntegritySecrecy and IntegrityA message that is encrypted with a particular A message that is encrypted with a particular encryption key can only be decrypted by a recipient encryption key can only be decrypted by a recipient who knows the corresponding decryption keywho knows the corresponding decryption key

The secrecy of the message is maintained as long as The secrecy of the message is maintained as long as the key is not compromisedthe key is not compromised

ExampleExample– Alice uses a secret key and an encryption function to encrypt Alice uses a secret key and an encryption function to encrypt

and send messages to Boband send messages to Bob– Bob reads the encrypted messages using the secret key and Bob reads the encrypted messages using the secret key and

the corresponding functionthe corresponding function– Problem: How can Alice send a shared secret key to Bob Problem: How can Alice send a shared secret key to Bob

securely?securely?


AuthenticationAuthenticationUsing public-key cryptography to distribute Using public-key cryptography to distribute shared keysshared keys– Alice access a distribution service to obtain Bob’s Alice access a distribution service to obtain Bob’s

public keypublic key– Alice creates a new shared key and encrypts its Alice creates a new shared key and encrypts its

using Bob’s public key and sends it to Bobusing Bob’s public key and sends it to Bob– Bob uses his private key to decrypt the message Bob uses his private key to decrypt the message

and retrieve the shared secret keyand retrieve the shared secret key


CertificatesCertificatesA digital certificate is a document containing a A digital certificate is a document containing a statement signed by a principalstatement signed by a principalExample: BK is a bankExample: BK is a bank– When his customers establish contact with BK, they When his customers establish contact with BK, they

need to be sure they are talking to BK the bankneed to be sure they are talking to BK the bank– BK needs to authenticate its customers before it BK needs to authenticate its customers before it

gives them access to their accountsgives them access to their accountsCertificate type: Account NumberCertificate type: Account NumberName: Alice, Account: 626662626Name: Alice, Account: 626662626Certification Authority: BKCACertification Authority: BKCASignature: Encrypt Digest(f1+f2) using BK’s private keySignature: Encrypt Digest(f1+f2) using BK’s private keyMerchant can use BK’s public key to extract f1+f2Merchant can use BK’s public key to extract f1+f2


CertificatesCertificatesTo make certificates useful, a couple of things are To make certificates useful, a couple of things are neededneeded– A standard format and representation for them so that A standard format and representation for them so that

certificate issuers and certificate users can successfully certificate issuers and certificate users can successfully construct and interpret themconstruct and interpret them

– An agreement on the manner in which chains of certificates An agreement on the manner in which chains of certificates are constructed, and in particular the notion of a trusted are constructed, and in particular the notion of a trusted authorityauthority

What if a certificate is revoked?What if a certificate is revoked?– Expensive and impossible to track down revoked certificates Expensive and impossible to track down revoked certificates

and delete themand delete them– Notify all possible recipients of revoked certificatesNotify all possible recipients of revoked certificates– Solution: include an expiry date in the certificateSolution: include an expiry date in the certificate


CertificatesCertificatesX.509 is the most widely used standard format for X.509 is the most widely used standard format for certificates; a standard for the construction of global certificates; a standard for the construction of global directories of names and attributesdirectories of names and attributes

Format:Format:– SubjectSubject– IssuerIssuer– Period of validityPeriod of validity– Administrative informationAdministrative information– Extended informationExtended information

You can see a list of Certification Authorities in You can see a list of Certification Authorities in Microsoft IE: Microsoft IE: – Tools->InternetOptions->Content->CertificatesTools->InternetOptions->Content->Certificates


Access Control Lists and FirewallsAccess Control Lists and FirewallsProtection domainsProtection domains– An execution environment shared by a collection of An execution environment shared by a collection of

processes. It contains a set of <resource, rights> processes. It contains a set of <resource, rights> pairs listing the resources that can be accessed and pairs listing the resources that can be accessed and the operations permitted on each resourcethe operations permitted on each resource

FirewallsFirewalls– Perform filtering actions on incoming and outgoing Perform filtering actions on incoming and outgoing

communicationscommunications– DisadvantagesDisadvantages

Offer no protection against attacks from the insideOffer no protection against attacks from the inside

Not effective against denial of service attacksNot effective against denial of service attacks


Cryptographic ToolsCryptographic ToolsEncryption algorithmsEncryption algorithms– Secret-key systems (symmetric). Example: DESSecret-key systems (symmetric). Example: DES– Public-key systems (asymmetric). Example: RSAPublic-key systems (asymmetric). Example: RSA

One-way functionsOne-way functions– Given the value f(x), it is extremely difficult to guess Given the value f(x), it is extremely difficult to guess

xx– Can be applied to message digestsCan be applied to message digests

MD5: Message Digest-5 (128-bit digest)MD5: Message Digest-5 (128-bit digest)

SHA: Secure Hash Algorithm (160-bit digest)SHA: Secure Hash Algorithm (160-bit digest)


EncryptionEncryptionNotationsNotations– K is the encryption keyK is the encryption key– K’ is the decryption keyK’ is the decryption key– Kp is the public keyKp is the public key– Ks is the private keyKs is the private key

In secret-key encryption: K = K’In secret-key encryption: K = K’In public-key encryptionIn public-key encryption– K = KpK = Kp– K = Ks and K’ = Kp (digital signature)K = Ks and K’ = Kp (digital signature)– Should be easy to generate pairs of keys (Kp, Ks)Should be easy to generate pairs of keys (Kp, Ks)– Difficult to determine Ks from KpDifficult to determine Ks from Kp


Digital SignaturesDigital SignaturesUsing public encryption for signaturesUsing public encryption for signatures– Alice encrypts a message using her private keyAlice encrypts a message using her private key– Bob decrypts the message using Alice’s public keyBob decrypts the message using Alice’s public key– Bob concludes that the message is signed by Alice Bob concludes that the message is signed by Alice

since it was encrypted using Alice’s private key – since it was encrypted using Alice’s private key – Alice is the only one who knows that keyAlice is the only one who knows that key

To prevent someone from replaying an old To prevent someone from replaying an old message signed by Alice, use a timestamp message signed by Alice, use a timestamp


Message DigestsMessage DigestsFunction: h = H(M)Function: h = H(M)

A secure digest function should have the A secure digest function should have the following propertiesfollowing properties– Given M, it is easy to compute hGiven M, it is easy to compute h– Given h, it is hard to compute MGiven h, it is hard to compute M– Given M, it is hard to find another message M’ such Given M, it is hard to find another message M’ such

that H(M) = H(M’)that H(M) = H(M’)


Message DigestsMessage DigestsExample: Alice wants to sign a documentExample: Alice wants to sign a document– Alice computes a digest of the document Digest(M)Alice computes a digest of the document Digest(M)– Alice encrypts digest with her private key and Alice encrypts digest with her private key and

appends it to Mappends it to M– Bob obtains the signed document, extracts M and Bob obtains the signed document, extracts M and

computes Digest(M)computes Digest(M)– Bob decrypts Digest(M) using Alice’s public key and Bob decrypts Digest(M) using Alice’s public key and

compares the results with his calculated digest. If compares the results with his calculated digest. If they match, the signature is validthey match, the signature is valid


Certificates...Certificates...From the previous slide: how does Bob know From the previous slide: how does Bob know that the public key he has or acquired belong to that the public key he has or acquired belong to Alice?Alice?

Use a certificate, which represents the public Use a certificate, which represents the public key identity of a personkey identity of a person– A certificate is a signed document that says “I certify A certificate is a signed document that says “I certify

that the public key in this document belongs to the that the public key in this document belongs to the entity named in this document. Signed certificate entity named in this document. Signed certificate authority”authority”


Secure Socket Layer (SSL)Secure Socket Layer (SSL)Originally developed by NetscapeOriginally developed by Netscape

An extended version has been adopted as an An extended version has been adopted as an Internet standard under the name Transport Internet standard under the name Transport Layer Security (TLS)Layer Security (TLS)

TLS is described in RFC2246TLS is described in RFC2246

SSL is supported by most browsers and web SSL is supported by most browsers and web servers and widely used for secure online servers and widely used for secure online shopping (https://)shopping (https://)


SSLSSL


Securing Web ServicesSecuring Web ServicesSix general security services required by a security facilitySix general security services required by a security facility– AuthenticationAuthentication: Ensures that the sender and receiver are who they : Ensures that the sender and receiver are who they

claim to be. Mechanisms such as username/password, smart cards, and claim to be. Mechanisms such as username/password, smart cards, and Public Key Infrastructure (PKI) can be used to assure authentication. Public Key Infrastructure (PKI) can be used to assure authentication.

– Authorization or Access ControlAuthorization or Access Control: Ensures that an authenticated entity : Ensures that an authenticated entity can access only those services they are allowed to access. Access can access only those services they are allowed to access. Access control lists are used to implement this. control lists are used to implement this.

– AvailabilityAvailability: Requires that uninterrupted services are provided to : Requires that uninterrupted services are provided to authenticated and authorized users. authenticated and authorized users.

– ConfidentialityConfidentiality: This assures that information in storage and in-transit : This assures that information in storage and in-transit are accessible only for reading by authorized parties. Encryption is used are accessible only for reading by authorized parties. Encryption is used to assure message confidentiality. to assure message confidentiality.

– IntegrityIntegrity: Ensures that information, either in storage or in-transit cannot : Ensures that information, either in storage or in-transit cannot be modified intentionally or unintentionally. Digital signatures are used to be modified intentionally or unintentionally. Digital signatures are used to assure message integrity. assure message integrity.

– NonrepudiationNonrepudiation: Requires that neither the sender nor the receiver of a : Requires that neither the sender nor the receiver of a message be able to legitimately claim they didn't send/receive the message be able to legitimately claim they didn't send/receive the message. message.


SSL and Web ServiceSSL and Web ServiceSSL addresses the following security considerationsSSL addresses the following security considerations– AuthenticationAuthentication: The server presents the browser with a set : The server presents the browser with a set

of credentials in the form of a server certificate, which is of credentials in the form of a server certificate, which is used to verify that the site is what it claims to beused to verify that the site is what it claims to be

– ConfidentialityConfidentiality: SSL responses are encrypted so that the : SSL responses are encrypted so that the data cannot be deciphered by third parties as it passes data cannot be deciphered by third parties as it passes between the client and server on a networkbetween the client and server on a network

– IntegrityIntegrity: Guarantee that data is not being modified as it is : Guarantee that data is not being modified as it is being passed between the client and server on a networkbeing passed between the client and server on a network


SSL and Web ServicesSSL and Web ServicesSSL is not adequate; it encrypts the data SSL is not adequate; it encrypts the data stream but doesn’t provide end-to-end stream but doesn’t provide end-to-end confidentialityconfidentiality


SSL and Web ServicesSSL and Web ServicesLimitations of SSL for Web ServicesLimitations of SSL for Web Services– SSL provides point-to-point security or operates between end-points SSL provides point-to-point security or operates between end-points

(and not applications), but for web services we need end-to-end (and not applications), but for web services we need end-to-end security in which multiple intermediate nodes could exist between the security in which multiple intermediate nodes could exist between the two end-points. In a web services environment, there could be multiple two end-points. In a web services environment, there could be multiple XML-based business documents going through multiple intermediary XML-based business documents going through multiple intermediary nodes and it will be difficult for such nodes to participate in security nodes and it will be difficult for such nodes to participate in security operations in an integrated fashion. operations in an integrated fashion.

– SSL operates at the transport level and not at the message level. In SSL operates at the transport level and not at the message level. In other words, messages are protected only while in transit. That is, you other words, messages are protected only while in transit. That is, you cannot save the message for later to prove that it hasn't been modified. cannot save the message for later to prove that it hasn't been modified.

– SSL doesn't support nonrepudiation. Using SSL, a communicating SSL doesn't support nonrepudiation. Using SSL, a communicating partner cannot prove that the other party has performed a particular partner cannot prove that the other party has performed a particular transaction. That is, SSL doesn't support an end-to-end audit trail from transaction. That is, SSL doesn't support an end-to-end audit trail from service request to service response. service request to service response.

– SSL doesn't support element-wise signing and encryption. Given a SSL doesn't support element-wise signing and encryption. Given a large XML order document, you may want to only sign or encrypt the large XML order document, you may want to only sign or encrypt the credit card info...and that is difficult in SSL. This is because SSL is a credit card info...and that is difficult in SSL. This is because SSL is a transport-level security scheme as opposed to a message-level transport-level security scheme as opposed to a message-level scheme. scheme.


Firewalls and Web ServicesFirewalls and Web ServicesTo be effective, a content filtering firewall To be effective, a content filtering firewall should determine:should determine:– If the incoming SOAP message is destined to a live If the incoming SOAP message is destined to a live

Web serviceWeb service– If the SOAP message and its request are validIf the SOAP message and its request are valid– If the SOAP message contains valid dataIf the SOAP message contains valid data


Message-Level SecurityMessage-Level SecuritySecurity at the transport layer is not always Security at the transport layer is not always sufficient for web servicessufficient for web servicesMessage-level (or message-layer) security: Message-level (or message-layer) security: security is contained within the SOAP security is contained within the SOAP message and/or SOAP attachment (security message and/or SOAP attachment (security info travels with the message)info travels with the message)– A “portion” of a message may be signed by a A “portion” of a message may be signed by a

sender and encrypted for a particular receiver. It sender and encrypted for a particular receiver. It will pass through intermediary nodes, but can be will pass through intermediary nodes, but can be decrypted only by the intended receiver. Hence decrypted only by the intended receiver. Hence “end-to-end security”.“end-to-end security”.


Message-Level SecurityMessage-Level SecurityAdvantagesAdvantages– Security stays with the message over all hops and after Security stays with the message over all hops and after

the message arrives at destinationthe message arrives at destination– Fine-grained: can be selectively applied to different Fine-grained: can be selectively applied to different

portions of a messageportions of a message– Can be used in conjunction with intermediaries over Can be used in conjunction with intermediaries over

multiple hopsmultiple hops– Independent of the application environments or transport Independent of the application environments or transport

protocolprotocol

Disadvantage:Disadvantage:– Complex and adds some overhead to processingComplex and adds some overhead to processing

Mechanisms:Mechanisms:– Encryption, Decryption, AuthenticationEncryption, Decryption, Authentication


XML-based Security StandardsXML-based Security StandardsW3C Specifications (www.w3.org):W3C Specifications (www.w3.org):– XML EncryptionXML Encryption: A standard specification developed by the : A standard specification developed by the

W3C proposes to encrypt portions of XML documents. This W3C proposes to encrypt portions of XML documents. This specification can be used to assure confidentiality in case of a specification can be used to assure confidentiality in case of a security context ranging over several SOAP intermediaries. To security context ranging over several SOAP intermediaries. To do that, portions of the SOAP message are kept confidential do that, portions of the SOAP message are kept confidential from SOAP intermediaries while the message is in transit.from SOAP intermediaries while the message is in transit.

– XML Digital SignatureXML Digital Signature: A standard specification developed : A standard specification developed jointly by the W3C and IETF (Internet Engineering Task Force). jointly by the W3C and IETF (Internet Engineering Task Force). An XML signature is equivalent to a digital signature; it can be An XML signature is equivalent to a digital signature; it can be used to digitally sign portions of an XML document. It is used used to digitally sign portions of an XML document. It is used with SOAP messages. with SOAP messages.

– XML Key Management Specification (XKMS)XML Key Management Specification (XKMS): Developed by : Developed by the W3C to allow clients to obtain cryptographic key information the W3C to allow clients to obtain cryptographic key information (such as keys and certificates). It also describes protocols for (such as keys and certificates). It also describes protocols for key management such as registration and revocation, suitable to key management such as registration and revocation, suitable to be used together with XML Signature and XML Encryptionbe used together with XML Signature and XML Encryption . .


Web Services SecurityWeb Services Security

Original Security Roadmap (IBM & Original Security Roadmap (IBM & Microsoft, 2002)Microsoft, 2002)– See “Resources” for link to full paperSee “Resources” for link to full paper


WS-Security SpecificationsWS-Security SpecificationsIBM & Microsoft RoadmapIBM & Microsoft Roadmap– WS-Security: describes how to attach signature and WS-Security: describes how to attach signature and

encryption headers to SOAP messages, and how to attach encryption headers to SOAP messages, and how to attach security tokens (usernames, certificates)security tokens (usernames, certificates)

– WS-Policy: Capabilities and constraints of the security WS-Policy: Capabilities and constraints of the security policies on intermediaries and endpointspolicies on intermediaries and endpoints

– WS-Trust: A framework for trust models to enable Web WS-Trust: A framework for trust models to enable Web services to securely interoperateservices to securely interoperate

– WS-Privacy: A model for requesters and organizations to WS-Privacy: A model for requesters and organizations to specify preferencesspecify preferences

– WS-SecureConversation: How to manage and authenticate WS-SecureConversation: How to manage and authenticate message exchangesmessage exchanges

– WS-Federation: How to manage trust relationships in a WS-Federation: How to manage trust relationships in a heterogeneous environmentheterogeneous environment

– WS-Authorization: How to manage authorization data WS-Authorization: How to manage authorization data policiespolicies


Web Services Security StandardsWeb Services Security StandardsOASIS Specifications (OASIS Specifications (www.oasis-open.orgwww.oasis-open.org):):– WS-Security (SOAP Message Security): describes WS-Security (SOAP Message Security): describes

enhancements to SOAP messaging to provide enhancements to SOAP messaging to provide message integrity and confidentiality. Also defines a message integrity and confidentiality. Also defines a mechanism for associating security tokens with mechanism for associating security tokens with message contentmessage content

– Security Assertion Markup Language (SAML): Security Assertion Markup Language (SAML): defines a framework for exchanging authentication defines a framework for exchanging authentication and authorization informationand authorization information

– eXtensible Access Control Markup Language eXtensible Access Control Markup Language (XACML): a language for expressing security policy(XACML): a language for expressing security policy


WS-Security (OASIS standard)WS-Security (OASIS standard)WS-SecurityWS-Security– Defines enhancements to SOAP messaging to provide Defines enhancements to SOAP messaging to provide

message integrity and confidentialitymessage integrity and confidentiality– End-to-end security: from initial sender, 0-n intermediaries, End-to-end security: from initial sender, 0-n intermediaries,

ultimate receiverultimate receiver– Support for pluggable algorithms: encryption, digest, Support for pluggable algorithms: encryption, digest,

signaturesignature– Provides a general-purpose mechanism for associating Provides a general-purpose mechanism for associating

security tokens with message contentsecurity tokens with message contentA security token (unsigned such as username or signed such as A security token (unsigned such as username or signed such as certificate) is a collection of one or more claims; a claim is declaration certificate) is a collection of one or more claims; a claim is declaration made by an entitymade by an entity

Proposes a standard set of SOAP (SOAP11, SOAP Proposes a standard set of SOAP (SOAP11, SOAP 12) extensions to be used when building secure Web 12) extensions to be used when building secure Web servicesservices


Integrity Example (Sender)Integrity Example (Sender)

Send a SOAP message and ensure that Send a SOAP message and ensure that the body is not modifiedthe body is not modified– Generate a digest of the SOAP bodyGenerate a digest of the SOAP body– Generate a signature over the digest using Generate a signature over the digest using

my private keymy private key– Include sender’s certificate (which includes Include sender’s certificate (which includes

sender’s public key) in a security tokensender’s public key) in a security token


Integrity Example (Receiver)Integrity Example (Receiver)

Check that the body of the message Check that the body of the message wasn’t modifiedwasn’t modified– Generate a digest of the SOAP bodyGenerate a digest of the SOAP body– Verify the signature using sender’s public key Verify the signature using sender’s public key

(received in the certificate)(received in the certificate)– Compare the two values and ensure they Compare the two values and ensure they

matchmatch– Conclude that the message was from the Conclude that the message was from the

sender you believe s/he sent itsender you believe s/he sent it


Security StandardsSecurity StandardsSpecifications for any XML-based interactionsSpecifications for any XML-based interactions

WS-* security standards based on “IBM & WS-* security standards based on “IBM & Microsoft Roadmap”Microsoft Roadmap”

Source: Securing Service-based Interactions (see resources for link to paper)Source: Securing Service-based Interactions (see resources for link to paper)


Will the standards work together?Will the standards work together?Sample 1:Sample 1:– A user requests services from a number of A user requests services from a number of

providersproviders– User must be authenticated for every service to User must be authenticated for every service to

determine level of accessdetermine level of access– Authentication for each request is not practical (use Authentication for each request is not practical (use

single sign-on). Initial service provider single sign-on). Initial service provider authenticates, and subsequent requests from same authenticates, and subsequent requests from same user to other providers are automatically user to other providers are automatically authenticated. Two ways to do this:authenticated. Two ways to do this:

Have the authentication info for each service included in Have the authentication info for each service included in the initial SOAP message (SAML and XACML)the initial SOAP message (SAML and XACML)Use a user’s authentication list in a central database Use a user’s authentication list in a central database (Microsoft Passport)(Microsoft Passport)


Will the standards work together?Will the standards work together?Sample 2:Sample 2:– Alice uses XML signature and XML encryption to Alice uses XML signature and XML encryption to

sign and encrypt a document representing a sign and encrypt a document representing a purchase order (PO)purchase order (PO)

– Alice sends the signed document to the supplier Alice sends the signed document to the supplier using SOAP, header defined using WS-Securityusing SOAP, header defined using WS-Security

– Receiver may use XKMS to discover and validate Receiver may use XKMS to discover and validate Alice’s public keyAlice’s public key

If valid, receiver can validate and decrypt POIf valid, receiver can validate and decrypt POReceiver checks a policy server that maintains access Receiver checks a policy server that maintains access control policy information in XACML for authorization control policy information in XACML for authorization using SAML requests/responsesusing SAML requests/responses


SOAP HeadersSOAP HeadersThey are the extensibility point for SOAP They are the extensibility point for SOAP messages.messages.

This is where the security metadata goThis is where the security metadata go– Security tokens, message digests, signing Security tokens, message digests, signing

algorithms, etc.algorithms, etc.

SOAP security builds on XML-Encryption and SOAP security builds on XML-Encryption and XML-Digital SignaturesXML-Digital Signatures

Example to follow…Example to follow…


ExampleExampleSecurity Header


User Name TokenUser Name TokenUserName TokenUserName Token

<S11:Envelope><S11:Envelope> <S11:Header><S11:Header>

<wsse:Security><wsse:Security><wsse:UsernameToken><wsse:UsernameToken>

<wsse:Username><wsse:Username> qmahmoudqmahmoud

</wsse:Username></wsse:Username></wsse:UsernameToken></wsse:UsernameToken>

</wsse:Security></wsse:Security> </S11:Header></S11:Header> … …</S11:Envelope></S11:Envelope>


Full exampleFull exampleShowing: signature, digest value, binary security token to decrypt signature. Enough info to verify msg Showing: signature, digest value, binary security token to decrypt signature. Enough info to verify msg contentcontent

<?xml version="1.0" encoding="utf-8"?><?xml version="1.0" encoding="utf-8"?><S11:Envelope xmlns:S11="..." xmlns:wsse="..." xmlns:wsu="...“ xmlns:ds="..."><S11:Envelope xmlns:S11="..." xmlns:wsse="..." xmlns:wsu="...“ xmlns:ds="..."><S11:Header><S11:Header><wsse:Security><wsse:Security> <wsse:BinarySecurityToken ValueType="...#X509v3" EncodingType="...#Base64Binary“ <wsse:BinarySecurityToken ValueType="...#X509v3" EncodingType="...#Base64Binary“

wsu:Id="X509Token"> MIIEZzCCA9CgAwIBAgIQEmtJZc0rqrKh5i... </wsse:BinarySecurityToken> wsu:Id="X509Token"> MIIEZzCCA9CgAwIBAgIQEmtJZc0rqrKh5i... </wsse:BinarySecurityToken> <ds:Signature><ds:Signature> <ds:SignedInfo><ds:SignedInfo> <ds:CanonicalizationMethod Algorithm=“…"/> <ds:SignatureMethod Algorithm=“…"/><ds:CanonicalizationMethod Algorithm=“…"/> <ds:SignatureMethod Algorithm=“…"/> <ds:Reference URI="#myBody"><ds:Reference URI="#myBody"> <ds:Transforms><ds:Transform Algorithm= “…"/></ds:Transforms> <ds:Transforms><ds:Transform Algorithm= “…"/></ds:Transforms> <ds:DigestMethod Algorithm= “…"/> <ds:DigestValue>EULddytSo1...</ds:DigestValue><ds:DigestMethod Algorithm= “…"/> <ds:DigestValue>EULddytSo1...</ds:DigestValue> </ds:Reference></ds:Reference> </ds:SignedInfo></ds:SignedInfo> <ds:SignatureValue>BL8jdfToEb1l/vXcMZNNjPOV... </ds:SignatureValue><ds:SignatureValue>BL8jdfToEb1l/vXcMZNNjPOV... </ds:SignatureValue> <ds:KeyInfo><ds:KeyInfo> <wsse:SecurityTokenReference><wsse:Reference <wsse:SecurityTokenReference><wsse:Reference

URI="#X509Token"/></wsse:SecurityTokenReference>URI="#X509Token"/></wsse:SecurityTokenReference> </ds:KeyInfo></ds:KeyInfo> </ds:Signature></ds:Signature></wsse:Security></wsse:Security></S11:Header></S11:Header><S11:Body wsu:Id="myBody"> … </S11:Body><S11:Body wsu:Id="myBody"> … </S11:Body></S11:Envelope></S11:Envelope>


SAMLSAML

An XML-based framework for exchanging An XML-based framework for exchanging security informationsecurity information

Enables disparate security services to Enables disparate security services to interoperateinteroperate

A set of specifications that define componentsA set of specifications that define components– Assertions and request/response protocolsAssertions and request/response protocols– An assertion is a declaration of fact about a subjectAn assertion is a declaration of fact about a subject– Assertions can be digitally signedAssertions can be digitally signed


SAMLSAMLSingle Sign-OnSingle Sign-On

Source: Presentation by Abbie Barbir, Nortel Networks1. User accesses authentication server

– Authentication server asks for user ID and password2. End user enters ID and password

– Authentication server checks with LDAP directory and authenticates user

3. End user requests a resource from destination/Web services server– Authentication server opens a session with destination server

4. Authentication server sends uniform resource identifier (URI) to end user– End user browser is redirected to URI, that connects him to Web service

AuthenticationAuthenticationServerServer

1111

4444

3333

Web ServicesWeb ServicesServerServer

22

LDAPLDAPDirectoryDirectory

22

LDAPLDAPDirectoryDirectory

RequestorRequestorSAML: How It WorksSAML: How It Works


WS-Security WS-Security • Securing SOAPSecuring SOAP• Work in progressWork in progress• OASIS basedOASIS based• Supported by major playersSupported by major players• Ensures InteroperabilityEnsures Interoperability

Web Services SecurityWeb Services Security

XML EncryptionMultiple PartiesDocument partsConfidentiality

SOAP Message

<SOAP-ENV: Envelope>

</SOAP-ENV: Envelope>

<SOAP-ENV: Header> <WS-Security>

<SAML Token>

</SAML Token>

<WS-Security>

</SOAP-ENV:Header>

<SOAP-ENV:Body>

</SOAP-ENV:Body>

WS-Security: Signature, Encryption

SAML Token: Authentication, AuthorizationXML Signature: Integrity

X.509 Certificate: Encryption, Signature verification

XML Schema Validation

Source: Presentation by Abbie Barbir, Nortel Networks


WS-I Specifications WS-I Specifications Basic Security ProfileBasic Security Profile– An extension of the Basic ProfileAn extension of the Basic Profile– Provides guidelines and usage scenarios for WS-Provides guidelines and usage scenarios for WS-

Security, REL (Rights Expression Language), Security, REL (Rights Expression Language), SAML, UserName, and X.509 security token SAML, UserName, and X.509 security token formatsformats

– Attempts to increase interoperability by Attempts to increase interoperability by addressing common problems that addressing common problems that implementation experience has revealed (Rnnn)implementation experience has revealed (Rnnn)

– Makes a number of security recommendations to Makes a number of security recommendations to improve security (Cnnn)improve security (Cnnn)


WS-I Basic Security ProfileWS-I Basic Security ProfileSample constraintsSample constraints– Web Services Security: SOAP Message Security Web Services Security: SOAP Message Security

defines a timestamp element for use in SOAP defines a timestamp element for use in SOAP message. The profile places the following constraint message. The profile places the following constraint on its use:on its use: R3227R3227 A SECURITY_HEADER MUST NOTA SECURITY_HEADER MUST NOT

contain more than one TIMESTAMPcontain more than one TIMESTAMP

R3203 A TIMESTAMP MUST contain exactly oneR3203 A TIMESTAMP MUST contain exactly one

CREATEDCREATED


WS-I SpecificationsWS-I SpecificationsSecurity Challenges, Threats, and Security Challenges, Threats, and Countermeasure (download from WS-I.org)Countermeasure (download from WS-I.org)

Source: J2EE 5 TutorialSource: J2EE 5 Tutorial

Documents

CIS*6650.01 Service-Oriented Computing