secure web services arvind easwaran (arvinde@seas) cis/tcom 551 spring 2004 slide set 7
TRANSCRIPT
Secure Web ServicesSecure Web Services
Arvind Easwaran Arvind Easwaran (arvinde@seas)(arvinde@seas)
CIS/TCOM 551 Spring 2004CIS/TCOM 551 Spring 2004
Slide Set 7Slide Set 7
OutlineOutline
Web Services (WS): An overviewWeb Services (WS): An overview XML BasicsXML Basics SOAP BasicsSOAP Basics WSEmail : The real oneWSEmail : The real one Security in WSSecurity in WS
Web Services (WS) Web Services (WS) OverviewOverview
Today’s WebToday’s Web
Designed for applications involving human Designed for applications involving human interactionsinteractions
Intended purpose Intended purpose – Information sharing: a distributed content libraryInformation sharing: a distributed content library– Enabled B2C e-commerceEnabled B2C e-commerce– Non-automated B2B interactionsNon-automated B2B interactions
How did it happen?How did it happen?– Built on very few standards: http + htmlBuilt on very few standards: http + html– Shallow interaction model: very few Shallow interaction model: very few
assumptionsassumptions– Result was ubiquityResult was ubiquity
What’s next?What’s next?
There is a lot more we can do !There is a lot more we can do !– Open, automated B2B e-commerceOpen, automated B2B e-commerce– Business process integration on the WebBusiness process integration on the Web– Resource sharing, distributed computingResource sharing, distributed computing
Existing Web technology is Existing Web technology is ad hoc ad hoc for thisfor this– Application-to-application interactions with Application-to-application interactions with
HTML formsHTML forms Goal Goal
Enabling systematic application-to-Enabling systematic application-to-application interaction on the Webapplication interaction on the Web
Web ServicesWeb Services
““Web services” is an effort to build a Web services” is an effort to build a distributed computing platform for the Webdistributed computing platform for the Web
Web service applications are encapsulated, Web service applications are encapsulated, loosely coupled Web “components” that loosely coupled Web “components” that can bind dynamically to each othercan bind dynamically to each other
The Penn – Amazon exampleThe Penn – Amazon example
Typical Web Service Typical Web Service ComponentsComponents
SOAPSOAPSOAPSOAP Web Services consumers send and Web Services consumers send and
receive SOAP messages receive SOAP messages
WSDLWSDLWeb Services Web Services
Description LanguageDescription Language
WSDLWSDLWeb Services Web Services
Description LanguageDescription Language
Web Services are defined in terms of the Web Services are defined in terms of the formats and ordering of messagesformats and ordering of messages
Built using open Internet protocols Built using open Internet protocols XML & HTTPXML & HTTP
Web Services Architecture Web Services Architecture
A programmable application A programmable application component accessible via standard component accessible via standard Web protocolsWeb protocols
OpenOpen Internet Internet Protocols Protocols
Web Web ServiceService
UDDIUDDIUniversal Description, Universal Description,
Discovery, and IntegrationDiscovery, and Integration
UDDIUDDIUniversal Description, Universal Description,
Discovery, and IntegrationDiscovery, and Integration
Provide a Directory of Services on the Provide a Directory of Services on the InternetInternet
Web Services FrameworkWeb Services Framework
Framework can be described in terms ofFramework can be described in terms of– What goes “on the wire”What goes “on the wire”
Formats and protocols : XML and SOAP Formats and protocols : XML and SOAP using HTTPusing HTTP
– What describes what goes on the wireWhat describes what goes on the wireDescription languages : WSDLDescription languages : WSDL
– What allows us to find these descriptionsWhat allows us to find these descriptionsDiscovery of services : UDDIDiscovery of services : UDDI
XMLXML
What is XML?What is XML?
Extensible Markup LanguageExtensible Markup Language Meta language that Meta language that
– Allows to create and format own document Allows to create and format own document markupsmarkups
a method for putting structured data into a method for putting structured data into a text file a text file
- easy to read- easy to read- unambiguous- unambiguous- extensible- extensible- platform-independent- platform-independent
Sample XML ExampleSample XML Example
<?xml version=“1.0” encoding=“…”?><?xml version=“1.0” encoding=“…”?><msg:message from=“id” to=“id” xmlns:msg=“URI” <msg:message from=“id” to=“id” xmlns:msg=“URI”
xmlns:po=“URI”>xmlns:po=“URI”><msg:text><msg:text>
Hi please bill to the following addressHi please bill to the following address</msg:text></msg:text><msg:item><msg:item>
<po:po id=“123”><po:po id=“123”> <po:billto><po:billto>
<po:company> Skateboard </po:company><po:company> Skateboard </po:company> <po:street> One Warehouse Park </po:street><po:street> One Warehouse Park </po:street> <po:city> Boston </po:city><po:city> Boston </po:city>
</po:billto></po:billto> </po:po></po:po>
</msg:item></msg:item></msg:message> </msg:message>
XMLXML Declaration Declaration
<?xml version=“1.0” encoding=“…”?><?xml version=“1.0” encoding=“…”?>
<?xml ?> the XML declaration<?xml ?> the XML declaration – Not required, but typically usedNot required, but typically used– Attributes include:Attributes include:
VersionVersion Encoding – the character encodingEncoding – the character encoding
XMLXML Element Element
<msg:message from=“id” to=“id” xmlns:msg=“URI” <msg:message from=“id” to=“id” xmlns:msg=“URI” xmlns:po=“URI”>xmlns:po=“URI”><msg:text><msg:text>
Hi please bill the followingHi please bill the following</msg:text></msg:text><msg:item><msg:item>
<po:po id=“123”><po:po id=“123”> … …
</po:po></po:po> </msg:item></msg:item>
</msg:message> </msg:message>
<tag> text/element </tag> an element<tag> text/element </tag> an element Each element tag can be divided into 2 parts Each element tag can be divided into 2 parts Namespace, Tag Namespace, Tag
namename
XML AttributeXML Attribute
<msg:message from=“id” to=“id” xmlns:msg=“URI” <msg:message from=“id” to=“id” xmlns:msg=“URI” xmlns:po=“URI”>xmlns:po=“URI”>
…… <po:po id=“123”><po:po id=“123”>
… … </po:po></po:po>
</msg:message> </msg:message>
XML Attribute XML Attribute – Describes additional information about an elementDescribes additional information about an element– <tag key=”value”> text</tag><tag key=”value”> text</tag>– Reserved attribute Reserved attribute xml:lang xml:lang
XMLXML Namespaces Namespaces
<msg:message from=“id” to=“id” <msg:message from=“id” to=“id” xmlns:msg=“URI” xmlns:po=“URI”>xmlns:msg=“URI” xmlns:po=“URI”>
……</msg:message> </msg:message>
NamespacesNamespaces– Not mandatory, but useful in giving uniqueness Not mandatory, but useful in giving uniqueness
to an elementto an element– Declared using the xmlns:Declared using the xmlns:namename= “= “value”value”
SOAPSOAP
SOAPSOAP
An XML envelope for XML messagingAn XML envelope for XML messaging Headers + bodyHeaders + body SOAP is “transport independent”SOAP is “transport independent” A convention for doing RPCA convention for doing RPC
Soap Message ProcessingSoap Message Processing
SOAP Message ExampleSOAP Message Example
<?xml … ?><?xml … ?><SOAP-ENV:Envelope xmlns:SOAP-ENV=“URI” ><SOAP-ENV:Envelope xmlns:SOAP-ENV=“URI” >
<SOAP-ENV:Header><SOAP-ENV:Header> <t:Transaction xmlns:t=“URI” SOAP-ENV:mustUnderstand=“1” ><t:Transaction xmlns:t=“URI” SOAP-ENV:mustUnderstand=“1” >
1234512345 </t:Transaction></t:Transaction> <p:Priority xmlns:p=“URI”><p:Priority xmlns:p=“URI”>
Very HighVery High </p:Priority></p:Priority></SOAP-ENV:Header></SOAP-ENV:Header>
<SOAP-ENV:Body><SOAP-ENV:Body>““XML Document”XML Document”
</SOAP-ENV:Body></SOAP-ENV:Body></SOAP-ENV:Envelope></SOAP-ENV:Envelope>
WSEmailWSEmail
Carl GunterCarl Gunter
Kevin LuxKevin Lux
Michael MayMichael May
WSEmailWSEmail
Traditional Internet EmailTraditional Internet Email– Based on a collection of protocolsBased on a collection of protocols
SMTP, POP, IMAPSMTP, POP, IMAP
– Evolved over a vast installed baseEvolved over a vast installed base– ShortcomingsShortcomings
FlexibilityFlexibility Security and Security and IntegrationIntegration
WSEmail : The SolutionWSEmail : The Solution
Aims to exploit advantages of web Aims to exploit advantages of web service protocolsservice protocols
Uses web service security features to Uses web service security features to support integrity, authentication, and support integrity, authentication, and access control for both end-to-end access control for both end-to-end and hop-by-hop message and hop-by-hop message transmissionstransmissions
A collection of services that can be A collection of services that can be added to the base systemadded to the base system
The Solution (Contd)The Solution (Contd)
A way to integrate different A way to integrate different messaging systemsmessaging systems
Prototype system is built using Prototype system is built using Microsoft .Net Microsoft .Net
On-demand attachmentsOn-demand attachments Integrated instant messagingIntegrated instant messaging
ArchitectureArchitecture
Architecture (Contd)Architecture (Contd)
Sender Client SC makes a call on its Sender Sender Client SC makes a call on its Sender Server SSServer SS
All calls are SOAP calls over TCPAll calls are SOAP calls over TCP The server SS then makes a call on the The server SS then makes a call on the
Receiver Server RSReceiver Server RS The Receiver Client RC periodically makes The Receiver Client RC periodically makes
calls to RCcalls to RC Security based on standards for web service Security based on standards for web service
security possibly supported by encrypted security possibly supported by encrypted tunnelstunnels
Architecture (Contd)Architecture (Contd)
Hop-by-hop confidentiality, so Hop-by-hop confidentiality, so communications between the nodes can communications between the nodes can be protected by TLSbe protected by TLS
Clients like SC and RC are typically Clients like SC and RC are typically authenticated by a passwordauthenticated by a password
Servers authenticate themselves using Servers authenticate themselves using certificatescertificates
Such certificates are used in TLS and used Such certificates are used in TLS and used to sign messages using XMLDSIGto sign messages using XMLDSIG
Variations – Security TokenVariations – Security Token
Security Token (Contd)Security Token (Contd)
SC contacts SS to obtain a security token SC contacts SS to obtain a security token recognized by RSrecognized by RS
SC sends a message authenticated with this SC sends a message authenticated with this credential to RScredential to RS
Instant messages are posted directly to the Instant messages are posted directly to the clientclient
RS and RC apply access control for this RS and RC apply access control for this function based on the security token from function based on the security token from SCSC
Token is recognized because of a form of Token is recognized because of a form of federated identity between SS and RSfederated identity between SS and RS
SecuritySecurity
Why Web Services Security Why Web Services Security is a Challengeis a Challenge
Theory: This thing has 4 wheel drive But we only take it to the Mall
Practice: In this environment we need 4 wheel drive
Message Level SecurityMessage Level Security
Example : SC to SSExample : SC to SS
<wsse:Security SOAP-ENV:mustUnderstand="1“<wsse:Security SOAP-ENV:mustUnderstand="1“ SOAP-ENV:actor=“…” xmlns:wsse=“…"> SOAP-ENV:actor=“…” xmlns:wsse=“…">
<wsse:UsernameToken xmlns:wsu=“…“<wsse:UsernameToken xmlns:wsu=“…“ wsu:Id="SecurityToken…">wsu:Id="SecurityToken…"><wsse:Username>SC</wsse:Username><wsse:Username>SC</wsse:Username> <wsse:Nonce>…</wsse:Nonce><wsse:Nonce>…</wsse:Nonce> <wsu:Created>Date</wsu:Created> <wsu:Created>Date</wsu:Created> </wsse:UsernameToken> </wsse:UsernameToken>
<Signature> <Signature> <SignedInfo> <SignedInfo>
<CanonicalizationMethod <CanonicalizationMethod Algorithm=“…" /> Algorithm=“…" />
<SignatureMethod Algorithm=“hmac-<SignatureMethod Algorithm=“hmac- sha1" /> sha1" />
<Reference URI="#Id…"> <Reference URI="#Id…"> <Transforms> <Transform <Transforms> <Transform Algorithm="xml-exc-c14n#" /> Algorithm="xml-exc-c14n#" /> </Transforms></Transforms><DigestMethod <DigestMethod Algorithm="xmldsig#sha1" /> Algorithm="xmldsig#sha1" /><DigestValue>…</DigestValue> <DigestValue>…</DigestValue>
</Reference></Reference></SignedInfo> </SignedInfo>
<SignatureValue>…</SignatureValue><SignatureValue>…</SignatureValue>
<KeyInfo> <KeyInfo> <wsse:SecurityTokenReference> <wsse:SecurityTokenReference>
<wsse:Reference <wsse:Reference URI=“…" /> URI=“…" /> </wsse:SecurityTokenReference> </wsse:SecurityTokenReference> </KeyInfo> </KeyInfo>
</Signature> </Signature>
</wsse:Security> </wsse:Security>
CanonicalizationCanonicalization
Logically equivalent physically Logically equivalent physically different XML snippetsdifferent XML snippets
– <p a=“1” b=“2”> </p><p a=“1” b=“2”> </p>
– <p a=“1” b=“2” /><p a=“1” b=“2” />
XML Element Specific XML Element Specific SecuritySecurity
<po xmlns=“URI” id=“123”><po xmlns=“URI” id=“123”><enc:EncryptedData Type=“URI”><enc:EncryptedData Type=“URI”>
<enc:EncryptionMethod Algorithm=“…”/><enc:EncryptionMethod Algorithm=“…”/><ds:KeyInfo><ds:KeyInfo>
<ds:KeyName> Shared Key <ds:KeyName> Shared Key </ds:KeyName></ds:KeyName>
</ds:KeyInfo></ds:KeyInfo><enc:CipherData>…</enc:CipherData><enc:CipherData>…</enc:CipherData>
</enc:EncryptedData></enc:EncryptedData>……
</po></po>
XML Key Management XML Key Management Specification (XKMS)Specification (XKMS)
Management of Public KeysManagement of Public Keys– RegistrationRegistration
Alice registers her email signature public keyAlice registers her email signature public key
– InformationInformation Bob looks up the key for AliceBob looks up the key for Alice Bob checks to see if it is validBob checks to see if it is valid
Core ObjectiveCore Objective– Shield the client from the complexity of PKIShield the client from the complexity of PKI
Platform Level SecurityPlatform Level Security
Security TerminologySecurity Terminology
Authentication Authentication – Positively identifying the clientsPositively identifying the clients– User ID password pairs, X509 certificate etcUser ID password pairs, X509 certificate etc
AuthorizationAuthorization– Defining what authenticated clients are allowed to see Defining what authenticated clients are allowed to see
and doand do– ACLsACLs
Non RepudiationNon Repudiation– Digital SignaturesDigital Signatures
Secure CommunicationSecure Communication– Ensuring that messages remain private and unaltered as Ensuring that messages remain private and unaltered as
they cross networksthey cross networks– SSL point-to-pointSSL point-to-point
Is SSL Alone Enough?Is SSL Alone Enough?
For For somesome applications applications Yes Yes As Infrastructure As Infrastructure No No
SSL does not support multi-party SSL does not support multi-party transactionstransactions
– Intermediate NodeIntermediate Node
SSL does not support non-RepudiationSSL does not support non-Repudiation Does not leave any audit trail Does not leave any audit trail
DemoDemo
ConclusionsConclusions
Without Security and TrustWithout Security and Trust– Web Services are Dead On ArrivalWeb Services are Dead On Arrival
Considerable progress has already been madeConsiderable progress has already been made– Industry wide consensus on value of standardsIndustry wide consensus on value of standards– Basic Infrastructure is in place or in developmentBasic Infrastructure is in place or in development– There is considerable consensus on the roadmapThere is considerable consensus on the roadmap– Web Services is certainly moving towards a secure Web Services is certainly moving towards a secure
architecturearchitecture