a presentation by verisign's dr. phillip hallam-baker
TRANSCRIPT
![Page 1: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/1.jpg)
Web Services Security StandardsForum
Dr. Phillip M. Hallam-Baker C.Eng. FBCS
VeriSign Inc.
![Page 2: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/2.jpg)
Web Services Security StandardsFor ‘Um
For ‘um: Meeting to tell people that everyone agrees on an issue
• Walk the Walk or just Talk the Talk?
![Page 3: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/3.jpg)
VeriSign is For ‘um
• Provider of Web Services– XKMS Service live over 1 year– Trust Service Integration Kit
• User of Web Services– Integrate multiple IT infrastructures
• VeriSign • Signio• Network Solutions• Illuminet• HO Systems
![Page 4: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/4.jpg)
Why Everyone is For’um
Web Services like email
Anyone can talk to everyone
Not like Power Cord
Different Mains Adapter for Every Device
$600 service fee to repair broken connector
![Page 5: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/5.jpg)
And Security?
Don’t want our Power Cords [Web Services] to catch Fire
![Page 6: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/6.jpg)
Why Are We All For’um?
• Standards Benefits– Interoperability– Vendor Independence– Clearly Defined Intellectual Property
Constraints
• Standards should be enablers, not limiters– Don’t complain if companies don’t wait for
standards to catch up
![Page 7: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/7.jpg)
Why Web Services Security is a Challenge
Theory: This thing has 4 wheel drive But we only take it to the Mall
Practice: In this environment we need 4 wheel drive
![Page 8: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/8.jpg)
Why Security Is Needed
Without Trust and Security…
Web Services are Dead on Arrival
![Page 9: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/9.jpg)
Web Services Security Groups
SAML XACML
XrML
XKMS
XML
Encryption
XML
Signature
BiometricsWS-Security
Provisioning
W3C
Architecture
OASIS
Joint Security
![Page 10: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/10.jpg)
And Don’t Forget…
• Web Services Institute– Standards are great
• Interoperability is better• Need Profiles, Testing, etc.
• UDDI– Protocol specification now in OASIS
• www.XMLTrustCenter.org– Web Services Security Community
• Internet Engineering Task Force– Mainly focused on lower protocol stack layers
![Page 11: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/11.jpg)
What Parts of Web Services Security Should Be Infrastructure?
Operating System
Subroutine
Application
RemoteSubroutine
Application
WebServices
Revolution
![Page 12: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/12.jpg)
What Parts of Web Services Security Should Be Infrastructure?
• Replicate security context provided by O/S– Protected Memory
• Prevents modification of process state• Prevents interception of function calls• Prevent disclosure
– Access Control• Authentication• Authorization• Auditing
![Page 13: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/13.jpg)
Problem Space
InfrastructureSecurity
InfrastructureServices
Applications
Confidentiality
Integrity
Access Control
Policy
Conversation
Authentication
Authorization
Attributes
Trust Funds Transfer
Payroll
Inventory
Purchasing
![Page 14: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/14.jpg)
Solution Space
Applications
Web Services Security Infrastructure
Security
Conversation
AccessControl
RightsManagement
Privacy
CredentialManagement
Policy
XML & Web Services Foundation
XMLSignature
XMLEncryption
WSDLDescription
SOAP
![Page 15: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/15.jpg)
Part I – XML Infrastructure
![Page 16: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/16.jpg)
XML Signature & Encryption
• Allow node level security enhancements– Sign parts of a document– Enveloped signature is inside signed node– Detached signature signs referenced content– Detached encryption data
• Operate on the XML InfoSet– Not just a stream of bits
![Page 17: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/17.jpg)
XML Signature Operates on the InfoSet not Just Bits
SourceXML
ParserApplication
Code
XML Encoded Bits XML Infoset
TraditionalPKCS#7
XMLSignature
![Page 18: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/18.jpg)
Part II – Web Services Security Infrastructure
![Page 19: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/19.jpg)
Is SSL Enough?
• For some applications – Yes
• As Infrastructure– No
• SSL Only supports data in transit, not in storage• SSL does not support multi-party transactions• SSL is all or nothing
– Messages are opaque to firewalls
• SSL does not support non-Repudiation
![Page 20: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/20.jpg)
WS-Security
• SOAP Message Level Security– Confidentiality– Integrity– Authentication
• Builds on XML Standards– XML Signature & Encryption
![Page 21: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/21.jpg)
Completing the Picture
• Request / Response Correlation– Prevent Message Substitution Attacks
• Response Modification• Response Replay
• Request Replay
• Denial of Service
![Page 22: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/22.jpg)
Part III Web Services Infrastructure Security Applications
• Key Management– XKMS– Key Agreement TBA
• Distributed Access Control– SAML– XACML– XrML
• Ancillary– Provisioning [SPML]– Biometrics [XCBF]– Privacy Profile [P3P]
![Page 23: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/23.jpg)
XML Key Management Specification (XKMS)
• Management of Public Keys– Because all you need to know to communicate
securely with anyone is their public key– Registration
• Alice registers her email signature public key– [Alice might later request reissue, revocation, recovery]
– Information• Bob looks up the key for [email protected]• Bob checks to see if it is valid
• Core Objective:– Shield the client from the complexity of PKI
![Page 24: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/24.jpg)
Distributed Access Control
• Authorization Decision– Can ‘Alice’ access the general ledger?
• Authentication– Is ‘Alice’ the real Alice?
• Attributes– Alice is a Finance department employee
• Authorization Policy– Finance department employees may access the
general ledger.
![Page 25: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/25.jpg)
Distributed Access Control
Authentication
User Application
User AttributesAuthorization
Policy
Password
Biometric
Smartcard etc.
Single Mechanism
Request
Authorization
Decision
Permit or Deny
![Page 26: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/26.jpg)
SAML
Authentication
User Application
User AttributesAuthorization
Policy
Password
Biometric
Smartcard etc.
Single Mechanism
Request
Authorization
Decision
Permit or Deny
![Page 27: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/27.jpg)
Why Standardize Authorization Policy?
• Support common Authorization Policy API
• Move policy with controlled object– Privacy Applications
• Healthcare (HIPPA)• EU Privacy Directive
– Digital Rights Management
![Page 28: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/28.jpg)
XML Access Control Markup Language
• Allows Access Control Policy to be expressed– Encode in XML rules such as:
1. A person may read any record for which he or she is the designated patient.
2. A person may read any record for which he or she is the designated parent or guardian, and for which the patient is under 16 years of age.
3. A physician may write any medical element for which he or she is the designated primary care physician, provided an email is sent to the patient,
4. An administrator shall not be permitted to read or write medical elements of a patient record.
– Chief standards issue is naming• How to identify ‘patient’, ‘record’, ‘guardian’ etc.
![Page 29: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/29.jpg)
XrML
• Allows Digital Rights Policy to be expressed at each level in the value chain– Encode in XML rules such as:
• Consumer can view film 6 times within 6 months• Consumer can view any content in super subscription plan
for 1 month• Consumer can listen to audio track X on the devices P, Q, R.• Content Owner can define distributors and their respective
rights on the content
• Chief standards issue is naming– How to identify content, constraints etc.
![Page 30: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/30.jpg)
Part IV Futures
• Proposals on or near the table to address:– Support for Direct Trust– WSDL Description of Security Enhancements
• Why not now?– Need to standardize dependencies first– Maintain focus, momentum on existing work
![Page 31: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/31.jpg)
Support for Direct Trust
• It can’t be turtles all the way down.
XKMS
XKMS
XKMSApplicationMust be a static
mechanism
![Page 32: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/32.jpg)
WSDL Description of Security Enhancements
• We know what to do– WSDL description of security enhancements
• I support WS-Security with AES Encryption• The authentication key of my service is X• I always authenticate responses with Y• You must perform key agreement with Z
• Specification is dependent on:– WSDL specification– Web Services Security Specifications
![Page 33: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/33.jpg)
Conclusions
• Without Security and Trust:
Web Services are Dead On Arrival
• Considerable progress has already been made– Industry wide consensus on value of standards– Basic Infrastructure is in place or in development– There is considerable consensus on the roadmap– Security need not be the show stopper
![Page 34: A presentation by Verisign's Dr. Phillip Hallam-Baker](https://reader036.vdocuments.us/reader036/viewer/2022062319/557cf9a6d8b42a98158b4bb6/html5/thumbnails/34.jpg)
Web Services Security Standards
Time to Say:
I’m For ‘um