View
1.074
Download
1
Category
Preview:
DESCRIPTION
Citation preview
Secure Systems Research Group - FAU
A Pattern for WS-SecurityPresented by Keiko Hashizume
Secure Systems Research Group - FAU
Outline
• Introduction• A Pattern for WS-Security• Conclusion
Secure Systems Research Group - FAU
Introduction
• Web services standards are confusing which makes it difficult for vendors to develop products that comply with standards and for users to decide what product to use.
• That is why we need to develop patterns for these standards.– Patterns embody the knowledge and experience of
software developers about a recurrent problem. A pattern solves a specific problem in a given context and can be tailored to fit different situations.
Secure Systems Research Group - FAU
WS-Security Standard
• Originally developed by IBM, Microsoft, VeriSign, and Forum Systems.
• OASIS Specification• Latest Version: WS-Security 1.1• Approved on February 2006
Secure Systems Research Group - FAU
A Pattern for WS-Security
• WS-Security Standard describes enhancements to SOAP messaging through– Message Confidentiality– Message Integrity– Message Authentication– Non-repudiation
• Context– Users of web services send and receive SOAP
messages through the Internet.
Secure Systems Research Group - FAU
A Pattern for WS-Security
• Problem– Forces:
• We need to prevent unauthorized users from reading data during transit.
• We need to protect data in transit from being modified by attackers.
• We need to verify the producer of the message.
• We need to prevent message replay.
Secure Systems Research Group - FAU
A Pattern for WS-Security
• Solution– Use a set of mechanisms to improve security by
describing how to add security information in the header part of a message.
– Elements that can be included in the SOAP security header :
• Security tokens• Encryption• Digital signature• Timestamps
Secure Systems Research Group - FAU
– Structure - Class Diagram
Secure Systems Research Group - FAU
– Dynamics
Sequence Diagram for the UC: Encrypt an element using Security Tokens
Secure Systems Research Group - FAU
– Dynamics
Sequence Diagram for the UC: Sign an element using Security Tokens
A Pattern for WS-Security
Secure Systems Research Group - FAU
A Pattern for WS-Security• Consequences
This pattern presents the following advantages:– XML Encryption allows to hide information from
unauthorized users.– XML Digital signature is used to verify whether a
message was modified in transit.– The combination of XML Signature and security
tokens verifies that the user is who he claims to be.– We can prevent message replay using timestamps .
The pattern also has some (possible) liabilities:– This pattern does not describe fixed security
protocols.
Secure Systems Research Group - FAU
A Pattern for WS-Security
• Know UsesSeveral vendors have developed products that support WS-Security.– Xtradyne’s WS-DBC (Web Service Domain Boundary Controller) http://www.xtradyne.com/products/ws-dbc/WSDBCfeatures.htm– IONA Artix www.iona.com/info/aboutus/collateral/Artix%20and%20Security.pdf–Forum Sentry™ http://forumsys.com/products_sentry_specs.htm–Microsoft Trust Bridge http://www.microsoft.com/presspass/press/2002/Jun02/06-06TrustbridgePR.mspx
Secure Systems Research Group - FAU
A Pattern for WS-Security
• Related PatternsWS-Security uses XML Signature and XML EncryptionSecure Channel contains a set of security protocols that provide identity authentication and secure, private communication through encryption.Strategy
Secure Systems Research Group - FAU
Conclusion
• We need to develop related patterns such as XML Encryption and XML Signature.
• We need to develop patterns for the WS – family such as WS-Policy, WS-Privacy, WS-SecureConversation, WS-Federation, and WS-Authorization.
Recommended