Web Services Security, Identity Management and Liberty

8/14/2019 Web Services Security, Identity Management and Liberty

1/56

Web ServicesSecurity

Sang [email protected]

www.javapassion.com/ webservices

Java Technology EvangelistSun Microsystems, Inc.

Disclaimer & Acknowledgments Even though Sang Shin is a full-time employee of Sun

Microsystems, the contents here are created as hisown personal endeavor and thus does not reflect anyofficial stance of Sun Microsystems.

Sun Microsystems is not responsible for anyinaccuracies in the contents.

Acknowledgments Some slides are borrowed from Eve Maler (Sun) Some slides are borrowed from Rima Patel (Sun)

Revision History 02/01/2004: created (Sang Shin) Things to do

speaker notes need to be added Contents need some polishing

03/29/ 2004


2/56


3/56

9

? Point of int eraction i s more over the internet (as opposed to wi thi n an intranet )

? Interaction between partners wit h nopreviously established relationship

? Program t o program interaction (as opposedto human to program int eraction)

? More dynamic interaction (as opposed tostatic interaction)

? Larger number of services providers and users

Why More Stringent Security forWeb Services?

10

Issues with Current WebSecurity Schemes? SSL/ TLS/ HTTPS

Transport level security (as opposed to messagelevel security)

Point-to-point security only, does not handleend-to-end multi-hopped messaging security

Security only when data is on the wire , does notsecure data off the wire

HTTPS does not support non-repudiat ion HTTP might not be the only transport used No element-wise signing and encrypti on

Can todays web securitymodel handle web services?

? The practical maximum is HTTPS usingSS L Transient point-to-point encrypted communication

with known trusted parties: authentication of the

parties and confidentiality of the data in motion? Web services can and do use this, but its

insufficient in several ways Not granular enough: it encrypts everything Inflexible about routing; its just point-to-point No chance for auditing whats going on Cant avoid repudiation; its not signing the data

Web ServicesSecurity Requirements

03/29/ 2004


4/56

13

Granularity, extensibility,and transparency in SOAP

Requester

Header C

SOAP body

Header B

Header A

Intermediary 1

Header C

SOAP body

Header B

Header A

Intermediary 2

Header C

SOAP body

Header A

Responder

SOAP body

Header A

Header D Header D

14

Simplescenario:

applying for abusiness loan

Businessin need of

cash

Creditreport

company

3. collectinventory data

as collateral

Bank

4. aggregate data andsend loan request

6. send response to loanrequest

5. log andtimestamp

loan request

1 .

r e q u e s

t

c r e

d i t

s c o r e

2 .

s e

n d

c

r e d

i t

s c o

r e

15

Requirements in this scenario? The business needs to prove its identity to the

credit report company and the bank(authentication)

? The credit report company needs to know thattheir paying customer wont back out maliciouslyafter sending the request (non-repudiation)

? The credit report company needs to prove itsupplied the credit score itself (authentication)

? All the message content needs to reach itsvarious destinations unchanged (integrity) and besafe from competitors eyes (confidentiality)

? The bank needs to record the receipt of theapplication (auditing)

16

Matching requirements to technologiesTechnologies:Requirement:

Various forms of logging, themselves secured to avoidtampering

Auditing

Application of policy, access control, digital rightsmanagement

Authorization

Message digest, itself authenticated wit h a digit alsignature

Integrity

Key-based digital signing and signature verification,message reliabilityNon-repudiation

Key-based digital signing and signature verificationTrust

Username/password, key-based digital signi ng andsignature verification, challenge-response, biometrics,smart cards, etc.

Authentication

Key-based digital encryption and decryptionConfidenti ality

03/29/ 2004


5/56

17

New challenges? Inter-enterprise web services are dealing

wit h incompletely trusted cli ents RPC-style services have special needs: is the caller

authorized to ask for t his computer action?? End-to-end isnt just point-to-point

SOAP intermediaries: the original author wrotethe payload, but many int ermediate senders maytouch the message afterwards

Long-running choreographed conversations withmultiple requests, responses, and forks

18

New opportunities? The pace of application and service creation is

increasing How can we make it easier for developers to add high-quality

security features?? The web services security infrastructure can

take advantage of XMLs granularit y Encrypting or signing selected portions Acting on and rewrit ing individual headers Hardware appliances could accelerate these functions

? Securi ty-related applications can themselvesbecome web services Providers of security, identit y, and provisioning solut ions

can interoperate better

Web ServicesSecurity Frameworks

20

WUST security infrastructurestandards

SOAP, SwA

WS-Security

XML Signature XML Encrypt ion

SAMLKerberos X.509

XrML QOP?

WSDL

descriptionsof endpoint

securityrequirements

authenticated, confidentiality-protectedweb service messages with potential to be

authorized

WS-Coordination, WS-Transaction?

03/29/ 2004


6/56

21

Where these technologiesare applied in our scenario

Businessin need of

cash

Creditreport

company

3. collectinventory dataas collateral

Bank

4. aggregate data andsend loan request

6. send response to loanrequest

5. log andtimestamp

loan request

1 .

r e q u e s

t

c r e

d i t

s c o r e

2 .

s e

n d

c r e

d i t

s c o

r e

22

Quick reference

Status:Venue:Standard:

Working draft stages; previous private spec; IPRissues

OASISXrML

1.0 in OASISStandard balloting; expected to passOASISSAML

Well established authenti cation technology usingpublic/ private keys

ITU, IETFX.509

Well established authenti cation technology usingsymmetric keys

IETFKerberos

Working drafts; previous private specs; mayultimat ely include Quality of Protection (QOP) workon top of WSDL

OASISWS-Secur it y

Recommendation , Candidate Rec stagesW3CXML Encryption

Recommendation stageW3C, IETFXML Signat ure

XML & Web ServicesSecurity Standards

S u n Te c hDa y sWeb Services Security

The standards ecosystem

Stability

WSPLWS-Policy

WSS

XCBFXKMS

XML Enc

XML SigC14N

SAML

XACML

ID-FF 1.1

Early Draft Mature Draft V1 Complete

W3C OASIS Liberty Private

ID-FF 1.2ID-WSF 1.0

03/29/ 2004


7/56

25

? XML Digital Signature? XML Encryption? XKMS (XML Key Management Specificat ion)? XACML (eXtensible Access Control Markup

Language)? SAML (Secure Assertion Markup Language)? WS-Security? Identity Management & Liberty Project

XML & Web Services SecuritySchemes

XML Signature

27

What is XML Digital Signature ?? Authent ication, data int egrity (t amper-

proofing), non-repudiation? Joint W3C/ IETF eff ort

XML syntax for representi ng signature of webresources and portions thereof

Procedures for computing and verifying suchsignatures

Canonicalization of XML data Trust in key is out -of-scope

? Specs: W3C Recommendat ion, RFC 3075? JSR-105

28

Why XML Digital Signature?? Very flexible, thus can support diverse set

of internet transaction models Can sign individual i tems of a XML document Can sign mult iple i tems

Can sign both local and remote objects? All ows detached signatur e that apply to remote, URI-

referenced content Can sign both XML and non-XML content All ows mult ipl e levels of signing (different signing

semantics) to same content? Sign, co-sign, wi tness, notari ze, etc.

03/29/ 2004

8/56

XML SignatureTypes of XML Signature

XML Signature Forms

? Enveloped? Enveloping? Detached

XML Signature Enveloped< d o c I d = " my I D" >

< my E l e me n t >. . .

< / my E l e me n t >

< S i g n a t u r e >

. . .< Re f e r e n c e URI = " # my I D"/ >

. . .< / S i g n a t u r e >

< / d o c >

isenvelopedwithin thecontent beensigned

XML Signature Enveloping< S i g n a t u r e >

. . .

< Re f e r e n c e URI = " # my Re f Ob j e c t I D" >. . .

< d o c >< my E l e me n t >

. . .< / my E l e me n t >

. . .< / d o c >

< / Ob j e c t >< / S i g n a t u r e >

envelopes thecontents to besigned

03/29/ 2004

9/56

XML Signature Detached< S i g n a t u r e >

. . .

< Re f e r e n c e URI =" h t t p : / / www. b u y . c o m/ b o o k s / p u r c h a s e WS "/ >

. . .

< / S i g n a t u r e >

isexternal to thecontent that issigned

XML SignatureStructure of XML

Signature

S u n T e c hDa y sXML Signature Structure

XML Signature Structure< S i g n a t u r e >

< S i g n e d I n f o >< Ca n o n i c a l i z a t i o n Me t h o d / >< S i g n a t u r e Me t h o d / >< Re f e r e n c e >

< Tr a n s f o r ms >< Tr a n s f o r m/ >

< Tr a n s f o r m/ >< / Tr a n s f o r ms >< Di g e s t Me t h o d / >< Di g e s t Va l u e / >

< / Re f e r e n c e >< / S i g n e d I n f o >< S i g n a t u r e Va l u e / >< Ke y I n f o / >

< / S i g n a t u r e > SignatureElement

SignedDigested

Applied toreferencedcontent

Key relatedinformation

03/29/ 2004


10/56

37

Example of Signed Purchase Order

qZk+nkcGcWq6piVxeFdcbJzQ2JO=

IWijxQjUrcXBYc0ei4QxjWo9Kg8Dep9tlWoT4SdeRT87GH03dgh

CN=Alice Smith, STREET=742 Park Avenue,L=New York, ST=NY, C=US

element Parent element of XML Signature

structure Contains

element Consists of specification of the

information that is signed Contains

(one or more)

element Specifies the algorithm (identified

through a URI) used for Canonicalization of XML

03/29/ 2004


11/56

element

?

Specifies the algorithm (identifiedthrough a URI) used for? generation and validation of signatures

? For e.g. http://www.w3.org/2000/09/xmldsig#dsa-sha1 specifies the DSA (Digital SignatureAlgorithm)

element References the actual data stream

(through a URI), that would be signed This data stream would be hashed

(digested) after applying appropriatetransformations (if any)

Contains

element Specifies all the transformations that

would be applied on the to-be signedcontent

The input to first transformation is the result of dereferencing the URI attributeof element

element (Contd.)

The output of last transformation is then digested

Contains A list of elements

Transformation examples Base64 encoding (MIME) Canonicalization (XML-C14N) XSLT

03/29/ 2004


12/56

element Specifies

transformation algorithm in use content parameters for the given algorithm, if

any For e.g. Some transformations may require

explicit MIME type or charset (IANA, f or instance)or other such information concerning the datathey receive from an earlier

element (Contd.) Application specific transformation

algorithm is also allowed For e.g. A compression routine implemented

as Java class specified by a base64 encodedcontent parameter

element Contains the base64 encoded value of

the digital signature

element Allows specifying trust information

either Explicitly, by specifying

a raw public key or an X.509 certificate Implicitly, by specifying

URI of a remotely located public key via element

Optional element

03/29/ 2004


13/56

element (Contd.) Very important element

Leveraged by rest of the securityspecifications i.e.

XML Encryption XML Key Management Services Security Assertions Markup Language

element (Contd.) Contains

A text identifier

RSA or DSA public key, in base64

Remotely references the public key via a URI

X.509 certificates related data

element (Contd.)

PGP related data

SPKI certificates related data

Key Negotiation algorithms related parameterssuch as Diffie-Hellman

A note on Following are out of scope of XML

Signature Trust in the key information specified by

Verification of key information specified by

Although, this can be delegated to an XKMS Trust

Service as we will see later

03/29/ 2004

14/56

Canonicalization Canonicalization presents a method

for testing logical equivalence of XMLdocuments

It generates physical form a.k.a.Canonical form, of an XML documentsuch that

If two XML documents can be reduced to thesame canonical form, they are consideredlogically equivalent within the given context

Canonicalization (Contd.)

< Re s e r v a t i o n T y p e = " Ho t e l "I d = " 1 2 3 4 5 " >< Re s e r v a t i o n I d = " 1 2 3 4 5 "T y p e = " Ho t e l " >

Proving logical equivalence is important

for application areas such as Checksums Digital Signatures

Consider XML fragements below:

They are logically equivalent, however will failequivalence test in byte comparison.

Canonicalization and XMLSignature Digital Signature over Canonical form

of an XML document or documentsubset

Allows signature digest to be oblivious tochanges in the original document's physicalrepresentation

Provided changes are defined to be logicallyequivalent by XML 1.0 or Namespaces inXML

Canonical XML Defines an algorithm that generates

canonical form of a given XML document or document

subset Effort hosted by XML Signature

Working Group of W3C Started in 1999

http://www.ietf.org/rfc/rfc3076.txt

03/29/ 2004

15/56

Example of Canonical XML< ? x ml v e r s i o n = " 1 . 0 " ? >

< ? x ml - s t y l e s h e e t h r e f = " d o c . x s l "t y p e = " t e x t / x s l " ? >

< ! DOCT YP E d o c S YS T E M " d o c . d t d " >

< d o c > He l l o , wo r l d ! < ! - - Co mme n t 1 - - > < / d o c >

< ? p i - w i t h o u t - d a t a ? >

< ! - - Co mme n t 2 - - >

< ! - - Co mme n t 3 - - >

Example of Canonical XML(Contd.) The Canonical form of the given XML

would Loose XML declaration Loose DTD Loose whitespace

Between PI target and its data Comment removal from uncommented

canonical form

Example of Canonical XML(Contd.)

< ? x ml - s t y l e s h e e t h r e f = " d o c . x s l "t y p e = " t e x t / x s l " ? >< d o c > He l l o , wo r l d ! < / d o c >< ? p i - wi t h o u t - d a t a ? >

< ? x ml - s t y l e s h e e t h r e f = " d o c . x s l "t y p e = " t e x t / x s l " ? >< d o c > He l l o , wo r l d ! < ! - - Co mme n t 1 - - > < / d o c >< ? p i - wi t h o u t - d a t a ? >< ! - - Co mme n t 2 - - >< ! - - Co mme n t 3 - - >

Canonical form with all thecomments removed.

Canonical form with all thecomments.

Process of signing Generate references by

Applying transforms () to datato be signed, if needed

Calculating digest Generate signature by

Placing element into

Calculating over

Placing into

03/29/ 2004


16/56

Process of Validation Validate references by

Applying transforms to datasource

Calculating digest and then comparing it to

Validate signature by Retrieving key from or other

source of key information Validating

XML SignatureJSR 105

JSR 105 XML Signatures in Java? Important JSR 105 APIs? XMLSignatureFactory

? Abstract factory used to create XML Signatures fromscratch

?

Implementations support a specific XML mechanism (ex:DOM)? XMLSignature

? Contains methods for signing and validating? XMLSignContext? XMLValidateContext

S u n Te c hDa y s

JSR 105 XML Signatures in Java

// First, create a DOM XMLSignatureFactoryXMLSignatureFactory fac = XMLSignatureFactory.getInstance(DOM);

// Specify the algorithms for various things such as CanonicalizationDigestMethod dm =

fac.newDigestMethod (DigestMethod.SHA1_URI,null);

CanonicalizationMethod cm = fac.newCanonicalizationMethod(CanonicalizationMethod.WITH_COMMENTS_URI, null);

SignatureMethod sm = fac.newSignatureMethod(SignatureMethod.RSA_SHA1_URI, null);

Transform tm = fac.newTransform(Transform.ENVELOPED_URI, null);

// Create a Reference pointing to the document to be signedReference ref = fac.newReference(, dm, Collections.singletonList(tm), null, null);

// Create a DOM KeyInfoFactoryKeyInfoFactory kifac = fac.getKeyInfoFactory();

Example of Enveloped Signature Generation (1)

03/29/ 2004


17/56

S u n Te c hDa y s

JSR 105 XML Signatures in Java

// Create X509Data KeyInfo type & insert X.509 certificationX509Data xd = kifac.newX509Data(Collections.singletonList(myX509Cert));

// Create KeyInfoKeyInfo ki = kifac.newKeyInfo(Collections.singletonList(xd));

// Create SignedInfoSignedInfo si =fac.newSignedInfo (cm, sm,Collections.singletonList(ref));

// Create XMLSignatureXMLSignature signature = fac.newXMLSignature(si, ki);

// C reate XMLSignContextXMLSignContext dsc =new DOMSignContext(privateKey, doc.getDocumentElement());

// Generate the XMLSignaturesignature.sign(dsc);

Example of Enveloped Signature Generation (2)

S u n Te c hDa y sJSR 105 XML Signatures in Java

// Create DOM XMLSignatureFactoryXMLSignatureFactory fac = XMLSignatureFactory.getInstance

(DOM);

// Create an XMLValidateContextXMLValidateContext dvc =new DOMValidateContext (myX509Cert.getPublicKey(),

sigElement);

// Unmarshal XMLSignatureXMLSignature signature = fac.unmarshalXMLSignature(dvc);

// Validate XMLSignature boolean coreValidity = signature.validate(dvc);

Example of Enveloped Signature Validation

XML SignatureStatus

68

Status? W3C Recommendation (Feb. 2002)? At least 10 vendor implementations

are available Java WSDP Apache Open source implementation Most J2EE vendors will support this even

though it is not mandated in J2EE 1.4? JSR-105 work in progress

Public review in progress (06/2003)

03/29/ 2004


18/56

XMLEncryption

70

What is XML Encryption?? Data privacy (Confidentiality)?

Defines XML syntax for encrypted dat a Encrypting/ decrypting such data Can encrypt only certain parts of document

? W3C Recommendation now? JSR 106

XML Encryption and SSL SSL encrypts all the data transmitted

through an SSL channel XML Encryption can encrypt the

portions of data selectively For e.g. A specific element within an XML

document

Examples of using XMLEncryption I

Nile.com

John

John Smith's Credit Info: John Smith's Purchase Info:1 Book titled...

Encryption of credit card infosent from user to Nile.com

03/29/ 2004

19/56

Examples of using XMLEncryption II

Nile.comEncryption of credit cardinfo sent from Nile.com tocreditcardprocessing.comsuch that -

Later can only decryptcredit card info and not thepurchase information Creditcardprocessing.com

John Smith's Credit Info: John Smith's Purchase Info:

XML EncryptionStructure of XML

Encryption

75

Example of Encryption (Only creditcard element is encrypted)

Alice Smith ...

ABCD

SharedKey

A23B45C56

8a32gh199081

XML Encryption Structure< En c r y p t e d Da t a >

< En c r y p t i o n Me t h o d >< d s : Ke y I n f o >

< En c r y p t e d Ke y >< Ag r e e me n t Me t h o d >< d s : Ke y Na me >< d s : R e t r i e v a l Me t h o d >

< / d s : Ke y I n f o >< Ci p h e r Da t a >< Ci p h e r Va l u e >< Ci p h e r Re f e r e n c e >

< / Ci p h e r Da t a >< En c r y p t i o n P r o p e r t i e s >

< / En c r y p t i o n Da t a > Encryption Element

Encryptionalgorithm

Rawencrypted data

Keyinformation

03/29/ 2004


20/56

element Core element in the syntax

Replaces the encrypted data in an XMLdocument or Serves as a new document root

Contains

element Optional element Specifies encryption algorithm applied

to cipher data If absent, encryption algorithm must

be known to recipient Else decryption will fail

element

Semantics as defined by XMLSignature specification

Can contain additional elements

defined by XML Encryption syntax i.e.

element Transports encryption keys to known

recipient Can be placed either

As a standalone XML document Within an application XML document Inside element

As a child of element

03/29/ 2004


21/56

element

Can be used by originator to identifykeys and computational proceduresused to obtain shared encryption key

Carries an Algorithm attribute tospecify Key Agreement algorithm

For e.g. Diffie-Hellman

element(Contd.)

XML Encryption does not provide anonline key agreement negotiationprotocol

If agreed key is being used to wrap akey rather than data then

appears inside inside element

Keying information fordecryption of cipher data

Can be provided in 3 ways or

specifying the keying info by

A detached elementspecifying via or via

The keying material is automaticallydetermined by recipient

based on the application context

element Provides cipher data either

In the form of base64 encoded text of element or

By providing a reference to an externallocation containing the encrypted octetsequence specified by element

03/29/ 2004

22/56

element It identifies source (via URI)

Which can yield encrypted octet sequence Contains

An optional sequence of Data resulting from dereferencing the URI is

transformed as specified in order to yieldintended cipher value

Syntax of similar to XML Signaturesyntax

element

Carries additional information concerning the generation of

or element

For e.g. Serial number of cryptographichardware used during encryption

Contains

Encryption Granularity Encryption can be carried out at

following levels Encrypting an XML element Encrypting XML Elements containing other

elements Encrypting XML Element containing

character data Encrypting arbitrary data and XML

documents Encrypting EncryptedData (Super

Encryption)

Example XML Document< ? x ml v e r s i o n = ' 1 . 0 ' ? >



< Na me > J o h n S mi t h < / Na me >< Cr e d i t Ca r d L i mi t = ' 5 , 0 0 0 ' Cu r r e n c y = ' US D' >

< Nu mb e r > 4 0 1 9 2 4 4 5 0 2 7 7 5 5 6 7 < / N u mb e r > E x a mp l e Ba n k < E x p i r a t i o n > 0 4 / 0 2 < / E x p i r a t i o n >

< / Cr e d i t Ca r d >

03/29/ 2004

23/56

Encrypting XML Element< ? x ml v e r s i o n = ' 1 . 0 ' ? >



< Na me > J o h n S mi t h < / Na me >< E n c r y p t e d Da t a T y p e =' h t t p : / / www. w3 . o r g / 2 0 0 1 / 0 4 / x ml e n c # E l e me n t 'x ml n s = ' h t t p : / / www. w 3 . o r g / 2 0 0 1 / 0 4 / x ml e n c # ' >

< Ci p h e r Da t a >< Ci p h e r Va l u e > A2 3 B4 5 C5 6 < / Ci p h e r Va l u e >

< / Ci p h e r Da t a >< / E n c r y p t e d Da t a >



Encrypting entire element

Encrypting XML ElementContents (Elements)

< ? x ml v e r s i o n = ' 1 . 0 ' ? >


< E n c r y p t e d Da t ax ml n s = ' h t t p : / / www. w3 . o r g / 2 0 0 1 / 0 4 / x ml e n c # 'T y p e = ' h t t p : / / w ww. w3 . o r g / 2 0 0 1 / 0 4 / x ml e n c# Co n t e n t ' >

< Ci p h e r Da t a >< Ci p h e r Va l u e > A2 3 B4 5 C5 6 < / C i p h e r Va l u e >


< / Cr e d i t Ca r d >

Only encrypts theelements of element

Encrypts XML ElementContents (Character Data)

< ? x ml v e r s i o n = ' 1 . 0 ' ? >


< Nu mb e r >< E n c r y p t e d Da t ax ml n s = ' h t t p : / / www. w 3 . o r g / 2 0 0 1 / 0 4 / x ml e n c # ' T y p e = ' h t t p : / / www. w3 . o r g / 2 0 0 1 / 0 4 / x ml e n c # Co n t e n t ' >

< Ci p h e r Da t a >< Ci p h e r Va l u e >

A2 3 B4 5 C5 6< / Ci p h e r Va l u e >


Only encrypts creditcard number

Encrypts XML ElementContents (Character Data)

< / Nu mb e r > E x a mp l e Ba n k < E x p i r a t i o n > 0 4 / 0 2 < / E x p i r a t i o n >

< / C r e d i t Ca r d >

03/29/ 2004

24/56

Encrypting Arbitrary Data andXML Documents

< ? x ml v e r s i o n = ' 1 . 0 ' ? >< E n c r y p t e d Da t ax ml n s = ' h t t p : / / www. w3 . o r g / 2 0 0 1 / 0 4 / x ml e n c # 'Mi me T y p e = ' t e x t / x ml ' >

< Ci p h e r Da t a >< Ci p h e r Va l u e > A2 3 B4 5 C5 6 < / Ci p h e r Va l u e >


If the application scenario requires allinformation to be encrypted, the wholedocument is encrypted as an octet sequence.This applies to arbitrary data as well as XMLdocuments.

Encrypting Super Encryption



< En c r y p t e d Da t a I d = ' ED1 'x ml n s = ' h t t p : / / www. w3 . o r g / 2 0 0 1 / 0 4 / x ml e n c # 'Ty p e = ' h t t p : / / www. w3 . o r g / 2 0 0 1 / 0 4 / x ml e n c # El e me n t ' >

< Ci p h e r Da t a >< Ci p h e r Va l u e >

o r i g i n a l En c r y p t e d Da t a< / Ci p h e r Va l u e >

< / Ci p h e r Da t a >< / En c r y p t e d Da t a >



A valid super encryption of ED1 is shown onnext slide ->

Encrypting Super Encryption



< En c r y p t e d Da t a I d = ' ED2 'x ml n s = ' h t t p : / / www. w3 . o r g / 2 0 0 1 / 0 4 / x ml e n c # 'Ty p e = ' h t t p : / / www. w3 . o r g / 2 0 0 1 / 0 4 / x ml e n c # El e me n t ' >

< Ci p h e r Da t a >

< Ci p h e r Va l u e >n e wEn c r y p t e d Da t a

< / Ci p h e r Va l u e >< / Ci p h e r Da t a >

< / En c r y p t e d Da t a >

Here 'newEncryptedData' is thebase64 encoding of theencrypted octet sequenceresulting from encrypting th elementwith ID='ED1'

XML EncryptionJSR 106

03/29/ 2004


25/56

JSR 106 XML Encryption inJava

? Standard Java API for W3C XMLEncryption standard

? Programming model similar to JSR 105? Important JSR 106 APIs

? XMLEncryptionFactory? EncryptedData? EncryptedKey? XMLEncryptContext? XMLDecryptContext

XML SignatureStatus

99

Status and Resources (XMLEncryption)? W3C Note status on XML Encryption

Requirements? Implementat ions are not yet widely

available? JSR-106 work in progress? W3C XML Encryption home page

www.w3.org/ Encryption/

XKMS(XML Key

Management Spec.)

03/29/ 2004

26/56

S u n Te c hDa y s

What is XKMS?? Defines protocol between XKMS

client and XKMS server forperforming PKI operations

? public key registration? public key validation? public key discovery? public key revocation

? XKMS server provides trust service inthe form of a Web service

? Used along with XML digital signingand encryption

S u n Te c hDa y s

Why XKMS?

? PKI is very important to Web services &E-commerce

? PKI operations are too expensive tosmall devices? XKMS reduces the processing burden by

moving it to a XKMS server? PKI operations are too complex to

many applications? XKMS eases the integration of PKI by moving

the complexity of PKI operation to a XKMSserver

S u n T e c hDa y sXKMS Specifications

? XKISS: XML Key Information ServiceSpec.? Defines a protocol for validation of public

keys? XKRSS: XML Key Registration Service

Spec.? Defines a protocol for registration,

revocation, recovery of public keys

X-KISS Protocol: Public KeyBinding Validation Request< Va l i d a t e >

< Qu e r y >< S t a t u s > Va l i d < / S t a t u s >< d s : Ke y I n f o >

< d s : Ke y Na me > . . . < / d s : Ke y Na me >< d s : Ke y Va l u e > . . . < / d s : Ke y Va l u e >

< / d s : Ke y I n f o >< / Qu e r y >< Re s p o n d >

< s t r i n g > Ke y Na me < / s t r i n g >< s t r i n g > Ke y Va l u e < / s t r i n g >

< / Re s p o n d >< / Va l i d a t e >

03/29/ 2004

27/56

X-KISS Protocol: Public KeyBinding Validation Response

< Va l i d a t e Re s u l t >< Re s u l t > S u c c e s s < / R e s u l t >< An s we r >

< Ke y Bi n d i n g > < S t a t u s > Va l i d < / S t a t u s >

< Ke y I D> h t t p : / / www. x ml t r u s t c e n t e r . o r g / a s s e r t / 2 0 0 1 0 1 2 0 - 3 9< / Ke y I D>

< d s : Ke y I n f o >< d s : Ke y Na me > . . . < / d s : Ke y Na me >< d s : Ke y Va l u e > . . . < / d s : Ke y Va l u e >

< / d s : Ke y I n f o > < Va l i d i t y I n t e r v a l >

< No t Be f o r e > 2 0 0 0 - 0 9 - 2 0 T1 2 : 0 0 : 0 0 < / No t B e f o r e >< No t Af t e r > 2 0 0 0 - 1 0 - 2 0 T1 2 : 0 0 : 0 0 < / No t Af t e r >

< / Va l i d i t y I n t e r v a l >< / Ke y Bi n d i n g >

< / An s we r >< / Va l i d a t e Re s u l t >

106

Status and Resources (XKMS)? W3C is making good progress? JSR-104 work in progress? W3C XKMS Home page

htt p:/ / www.w3.org/ TR/ xkms/

107

Java Implementations XKMS? Verisign: Trust Services Integration Kit

www.xmltrustcenter.org/ developer/ verisign/ tsik/ ? Entrust: XKMS toolkit

xkms.entrust.com/ xkms/ ? Phaos

www.phaos.com/ products/ xkms/ xkms.html

XACML(eXtensible Access Control

Markup Language)

03/29/ 2004


28/56

109

What is XACML?? Define core schema and namespace for

authorizati on poli cies in XML: Used against XML elements in XML document Extensible

? Closely ali gned with SAML effort Pol icy Decision Poin ts (PDPs) involved in SAML

might consult poli cies encoded in XACML todetermine whether access wil l be granted to aresource

110

Why XACML?? Standardize access control language in XML

Extensibl e language with fl exible semantics? Lower costs

No need to develop app-specifi c languages No need to writ e policy in several l anguages

? Simpler Admins only need to understand one language

? Policy composition Policies writ ten by di fferent parties can be

combined

111

? A patient has pati ent record includingpsychiat ric notes

? The patient grants access right topsychiat ric notes only to primary care

doctor? The primary care doctor grants access to

patient record to covering doctor, wi thaccess restriction following thetransmitted documents so that coveringdoctor has no access to psychiatric notes

XACML Use Case

112

Status and Resources (XACML)? OASIS Standard (Feb. 2003)? Java-based open source implementat ion

avail able (donated fr om Sun) htt p:/ / sunxacml.sourceforge.net/

? No JSR effort yet

03/29/ 2004


29/56

SAML(Security AssertionMarkup Language)

What is SAML?? Define an XML framework for

exchanging authentication andauthorization information

Various XML security assertions : credentials,authentication, attribute, authorization, etc...

Request & response protocol? Enables Single Sign-On (SSO) ? OASIS Standard? JSR-155

Why SAML?? Standards are emerging for many

facets of collaborative e-commerce,such as:

Business transactions (e.g., ebXML)

Software interactions (e.g., SOAP)? But communicating security

properties of these interactions isntwell standardized

Low interoperability between PMI solutions Tight coupling within components

Use cases for sharing securityinformation thru SAML

SAML developed three use cases todrive its requirements and design: Single sign-on (SSO)

Distributed transaction Authorization service

03/29/ 2004


30/56

#1 Single Sign On (SSO)? Logged-in (authenticated) users of Smith.com

are allowed to access to sister site Johns.com

without relogin

Smith.com

Johns.com

Authenticate

SAMLAsserti onResponse

Use securedresource without re-login

SAMLAsserti onRequest

#2 Distributed Transaction? A car buyer also purchases an auto insurance

from insurance.com which is affiliated with

cars.comcars.com

insurance.com

SAMLAssertionResponse

Buy a car

Buy insurance

SAMLAssertionRequest

#3 Authorization Service? An employ of Works.com orders office supplies

directly from Office.com , which performs its ownauthorization

Works.com

Office.com

SAMLAssertionResponse

Employee ofWorks.com

SAMLAssertionRequest

SAML in a nutshell? Its an XML-based framework for

exchanging security information XML-encoded security assertions XML-encoded request/response protocol Rules on using assertions with standard

transport and messaging frameworks

03/29/ 2004


31/56

SAML Assertions Assertions are declarations of fact,

according to someone SAML assertions are compounds of one

or more of three kinds of statement about subject (human or program) Authentication Attribute Authorization

Authentication statement? An issuing authority asserts that

subject S was authenticated by means M at time T

? Targeted towards Single Sign On uses

Example assertion withauthentication statement

(At time T) (Subject S)

http://core-25/sender-vouches

Attribute statement? An issuing authority asserts that

Subject S is associated with attributes A, B, with values a, b, c

?

Useful for distributed transactions andauthorization services

03/29/ 2004


32/56

Example assertion with twoattribute statements

..Sang..

(with value a) PaidUp

(with value b) 500.00

Authorization statement

? An issuing authority decides whether to grant the request by subject S for access type A to resource R given evidence E

? The subject could be a human or aprogram

? The resource could be a web page ora web service, for example

Example assertion withauthorization statement

(for res. R) (by Subject S)

Read (for access type A)

Protocol for Requesting &Receiving Assertions

Asserting Party (Issuing Party)

Relying Party (Requesting Party)

SAML AssertionRequest

SAML AssertionResponse

03/29/ 2004


33/56

WS-Security

130

WS-Security Specification Set of SOAP ext ensions for end-to-end SOAP

messaging security Security schemes at message level

Signing and encrypt ing SOAP messages byattaching securit y tokens to SOAP messages Any combinat ion of message parts: Header blocks,

body, att achments

131

WS-Security Mult iple security models

username/ password certificate

Multiple security technologies Kerberos PKI

Multiple types of security tokens Kerberos t icket X509 certificate SAML assertions

How They Worktogether

03/29/ 2004

03/29/ 2004


34/56

SAML and Other Standards SAML and XML DSig

XML DSig is used for digitally signing andcanonicalizing SAML assertions Authenticating, tamper-proofing (integrity),

non-repudiating SAML assertions SAML and XML Encryption

XML Encryption is used for encrypting anddecrypting SMAL assertions

Enforcing privacy (confidentiality) of SAMLassertions

SAML and Other Standards

SAML and XKMS SAML traffic could be secured by XKMS-

based PKI (or by other PKI implementation,or by other means entirely)

SAML and XACML XACML could be used to define access

control/policy as a basis for handling SAMLassertion request

SAML and Other Standards

SAML and WS-Security SAML Assertions can be carried as security

tokens defined in WS-Security

SAML and Liberty Project SAML is used as security information

exchange protocol among Libertyparticipants

03/29/ 2004

03/29/ 2004


35/56

Resources

138

Resources? W3C XML Digital Signature

www.w3.org/ Signatur e/ ? W3C XML Encrypt ion

www.w3.org/ Encryption/ ? XKMS

www.w3.org/ TR/ xkms/ ? XACML

www.oasis-open.org/ commit tees/ xacml/ ? SAML

oasis-open.org/ committ ees/ securit y

139

Resources? WS-Security

www.oasisopen.org/ commit tees/ wss/ ? ebXML Message Services

www.ebxml.org?

Liberty Project www.projectliberty.org Thank You!

03/29/ 2004

03/29/ 2004


36/56

S u n T e c hDa y s

JAX-RPC Message-Level SecuritySang Shin

Technology Evangelist

03/29/ 2004

03/29/ 2004


37/56

S u n T e c hDa y sJAX-RPC Message Level Security

Implementation in Java WSDP 1.3

? Implements portions of OASIS Web ServicesSecurity

? Implements only XML Signature? no encryption? runs over plain HTTP

? Signing and verification are implemented asSOAP message handlers at both client and server

? Only programmatic security is supported? no declarative support (via deployment descriptor)

03/29/ 2004

03/29/ 2004


38/56

S u n T e c hDa y s

Transport Level

Transport vs. Message Level Security

Uses SSL Point-to-Point :

Protects the pipe Does not work with

Intermediaries

Ubiquitous

Does not use SSL

Data Chunks areprotected

Intended to work withIntermediaries

Standards still underdevelopment

MessageLevel

SOAP based communications intr oduces the notionof Message-level secur ity

03/29/ 2004

03/29/ 2004


39/56

S u n T e c hDa y s

Sample Applications

?

dump? prints out both the client and server request and response

SOAP messages? sign

? the response is signed by the server and verified by the client? sign2

? the client signs the request, the message is dumped out, themessage travels over the network, the server verifies thesignature, the business method is called, the server signs theresponse, the message travels back over the network, andthe client verifies the response

? retrieves calling client identity

03/29/ 2004

03/29/ 2004


40/56

S u n T e c hDa y s

Steps of Signing (at the Client)

?

Get client proxy object? Create ClientHelper object and bind it with the

client proxy object? Use the createFor() static factory method to create an

instance of a ClientHelper? Configure the ClientHelper for the actions you

want to take?

SOAP message handlers are configured? Sign client request? Verify server response

? Call business methods

03/29/ 2004

03/29/ 2004


41/56

S u n T e c hDa y s

ClientHelper Class

? There could be several kinds of ClientHelper's

depending on the kind of credentials the clientuses? A ClientHelper has no credentials associated

with it, while a CertificateClientHelper carriesX509 certificate credentials

03/29/ 2004

03/29/ 2004


42/56

S u n T e c hDa y s

JAX-RPC Client Side (from sign2)

public class StaticHelloClient {public static void main(String[] args) throws Exception {

Remote proxy = (Remote) createProxy();

// Create a CertificateClientHelper for a client-side stub/proxyCertificateClientHelper cch = CertificateClientHelper.createFor(proxy);

// Sign the request and then dump the message for debuggingcch.addSignRequest().addDumpRequest();

// Verify the response which was signed by the servercch.addVerifyResponse();

// Call the business methodHelloIF hello = (HelloIF) proxy;System.out.println(hello.sayHello("to Duke!"));

}

private static Stub createProxy() {// Note: MyHello_Impl is implementation-specific.Stub stub = (Stub) (new Hello_Impl().getHelloIFPort());return stub;

}}

03/29/ 2004


43/56

S u n T e c hDa y s

Steps of Verification (at the Server)

?

On the server side, there is only one kind ofcredential, an X509 Certificate credential, whichmeans that there is only one ServerHelper class

? Create ServerHelper object and bind it with theendpoint? Usually done inside of init() method of ServiceLifeCycle

interface which is implemented by the endpoint?

Configure the ServerHelper object with securityconfiguration? Verify client request? Sign response

03/29/ 2004


44/56

S u n T e c hDa y s

JAX-RPC Secure Endpoint (sign2)

public class HelloImpl implements HelloIF, ServiceLifecycle{

private ServerHelper sh; public String sayHello (String s){

...}

public void init (Object context)throws ServiceException{

// Create ServerHelper object and bind it// with endpointsh = ServerHelper.createFor(context);

// Config server security actions - verify client// request and sign responsesh.addVerifyRequest().addSignResponse();

}}

03/29/ 2004


45/56

S u n T e c hDa y s

Extracting Client Principal

? Once client is authenticated, client's Subjectand Principal's are set

? Subject identifies the source of request? Subject has multiple Principals

03/29/ 2004


46/56

S u n T e c hDa y s

Extracting Client Principal (sign2)

public class HelloImpl implements HelloIF, ServiceLifecycle{

private ServerHelper sh;

public String sayHello (String s){return (prompt + s + " and also to " +

sh.getClientPrincipal() );

}

public void init (Object context)throws ServiceException{

...}

}


47/56

SunNetwork SM Conference 2002

Identity Management &Liberty Project

Sang [email protected]

Java Technology Evangel istSun Microsystems, Inc.

Disclaimer & Acknowledgments Even though Sang Shin is a full-time employee

of Sun Microsystems, the contents here arecreated as his own personal endeavor andthus does not reflect any official stance of SunMicrosystems.

Sun Microsystems is not responsible for anyinaccuracies in the contents.

Revision History 02/01/2004: created (Sang Shin) Things to do

speaker notes need to be added Contents need some polishment


48/56


Agenda What is and Why Identity Management? Identity Management architectural options Liberty project Identity Management evolution Java Technology and Identity

Management Status of Liberty project

What is & WhyIdentity Management?

What Is Identity?

The set ofattributes thatdescribeprofile(s) of anindividual orbusiness entityor program

Customer Name John SmithEmail alias [email protected] ID [email protected] card number

Social security numberDrivers licensePassportRetinal ScanDNA

Entertainment preferencesNotification preferencesEmployee AuthorizationBusiness CalendarDinning preferencesAffinity programFriends and associatesEducation HistoryMedical HistoryFinancial Assets

Why Identity Management?

Policy-Based Trusted Network

Identity is the foundation for the nextgeneration of highly personalized web services

Context-Sensit ive Authentication,Attributes, and Authorization

Employees Customers BusinessPartners

Devices

Technology


49/56

SunNetwork SM Conference 2002Network Identity Components

AUTHENTICATION:

AUTHORIZATION:

A level of securityguaranteeing t he

validity of an identit yrepresentation

Govt issued (Drivers license,social security, Passport)

Biometric (Fingerprint, RetinalScan, DNA)

Self-selected (PIN number, secretpassword)

The provisioning ofservices or

activit ies basedupon an

authenticatedidentity

Services based on attributes (e.g,.Travel, entertainment, dining)

Transaction consummation Gradient levels of service (e.g.,

based on employee level)

COMPONENT DEFINITION EXAMPLEATTRIBUTES: Traits, profiles,

preferences of anidentit y, device, or

business part ner

Personal consumer preferences(e.g., travel, entertainment,dining)

Identity-specific histories (e.g.,purchases, medical records, etc.)

Device capabilit ies informati on(e.g., text-only, video, etc.)

Network Identity Is The FoundationUpon Which Web Services Are Built

Business policy: liability, assurance for transactionsRelationships between people, groups, and organizations

Presentation/Personalization: What the User SeesDefining relationships through quality of experience

Authenticated Identity(person, application, group, organization)

Source: Burton Group

Applications and services: Access and AuthorizationRelationships between identities and information

Web Services

Network Identity

Identity CrisisSilos of Identity Why Identity Is Important

It should b e availableon anything attachedto the Internet

Single sign-on should bean accelerant for Internetcommerce, not abottleneck or toll booth


50/56


Enterprise Identity Challenges? Many incompatible identity

standards? Same for authentication? No standard for policy based

provisioning of services? Building your on-line directory

before your competitors do it foryou

? Mining your directory? Privacy, public policy, regulation? Interoperability within and

between enterprises

What Individuals Care About

Security andsafety Comfort Convenience and

ubiquity

Identity Value Chain

APIsSchemaSW PlatformDevice SpecificSecurityTools

Creation Promotion Content &Delivery

ServiceManagement

BusinessFactors

HostingPortalIngredientBrand

FinancialServicesBusiness ServicesSupply ChainServicesEntertainment AggregationCommunicationNotification

PreferencesHistory AccessRewards Authentication

BillingUsageDiscountsPayments Authorization

Identity ManagementArchitectural Options


51/56


Possible Identity Solutions

Single IdentityOperator

Centralized

Model Financial SvcsCustomerCommunity

OnlineCommunity

TelecommunicationsCommunity

TravelCommunityEntertainmentCommunity

RetailCommunity

WirelessCommunity

Open Federated Model

Centralized Architecture Single IdentityOperatorSingle IdentityOperatorSingle IdentityOperator Overview

User & Nodes enroll with ID operator ID operator issues (GUID) global unique identifier User can access all operator sites

Pros Single source of control/auditability

Cons Security/Privacy controlled by one operator Operator controls some profile data Profile sharing/tracking possible without permission Single point of security failure Danger for "Tollgateng"

Federated Architecture RETAILERINSURANCE

PORTALYOU

AIRLINE

TELCOM

BANK

Overview Account chaining based User & Nodes need explicit linking No common GUID

Pros User has complete control on who/what to share Businesses have complete on user profile data Incremental profile sharing possible Creates market opportunity for identity service

providers Cons

Expensive to do without standards Profile data inconsistency possible

Liberty Project


52/56


Liberty Project Create an open standard for identity ,

authentication and authorization Objective: lower costs, accelerate commercialopportunit ies, and increase customer satisfaction

Federated standard will enable everybusiness to: Maintain their own customer/ employee/ device

data Tie data to an individuals or businesss identit y Share data with partners according to it s business

objectives , and customers preferences

Liberty Alliance*

* today. And growing.

Views of Federated IdentityServices

Providers thatare equal and

interoperable

Control overownership

and disclosure

Manage privacyand preferences

Multiple

IdentityProviders

Multiple

Service

Providers

Individualswith Multiple

Profiles

Federated Identity Premises Distributed identity data stays with rightful

owner Multiple authenticators (Identity providers)

They compete for consumer trust

Delineation between authentication (identityproviders) and authorization (merchants) Merchants retain control of transaction requirements

Consumer is in control of who can accessinformation Multiple modes: Always, Within group, per transaction,

Gradient levels of authentication within network


53/56


Identi ty ManagementEvolution

Circles of Trust

PrimaryTrustAuthority

(my company)

AcctsPayable

App

PrimaryTrust

Authority(e.g., my bank)

Calendar

NIEnabled

Merchants

NIEnabledServices

SupplyChain

Aggregator

NIService

Aggregator

Name:

ID

Preferences:

.

Name:

ID

Preferences:

.

WorkProfile

HomeProfile

SupplierA

SupplierB

SupplierC

NewsSource

NewsSource

NewsSource

Employee Circle of Trust

Consumer Circles of Trust

ExternalServices

ExternalServices

ExternalServices

ExternalServices

ExternalServices

ExternalServices

SecondaryTrust

Authority(e.g., my airline)

Friends &Family

Notification

Network Identity Organic Evolution Evolution of Identity Networks

Separate loginfor each site

Separate loginfor each network

Seamless loginacross networks


54/56


Analogous to ATM Networks

Separate cardfor each bank

Separate card foreach network

Seamless accessacross networks

Java Technology &Identity Management

Java Platform and Liberty J2EE

New Liberty JSR Inclusion in Java Web Services Developer Pack Tracked for J2EE 1.5

J2SE Liberty digital signing via Java Web start

J2ME Liberty digital signing via MIDP

JavaCard Liberty certificates stored in Java Card

Status ofLiberty Project


55/56


Status of Liberty Project Liberty version 1.0 specification was

released in July, 2002 First Liberty-enabled products are

expected to be available by the end of2002

Liberty version 2.0 work has been alreadystarted

More than x members right now

Liberty Project ConceptDemo

Key Points of the Demo? Signing into a portal for the first t ime?

Opting-in t o a federated identi ty network? Providing that identi ty network withadditional data and preferences

? Performing context-sensitive online banking? A sophisticated airline affinity program? Online web service notification? How one's personal identi ty follows them

across multiple devices

Resources


56/56


Resources? W3C XML Digit al Signature

http:/ / www.w3.org/ Signature/ ? W3C XML Encrypt ion

www.w3.org/ Encryption/ ? XKMS and it s relatives (now at W3C)

www.w3.org/TR/ xkms/ ? XACML

www.oasis-open.org/ commit tees/ xacml/ ? Liberty Alliance

www.projectliberty.org

Passion!