T-110.455 Network Application Frameworks and XML Web Service Security 06.04.2005 Sasu Tarkoma Based on slides by Pekka Nikander

1
T-110.455 Network Application Frameworks and
XML Web Service Security06.04.2005Sasu
Tarkoma Based on slides by Pekka Nikander
2
Announcements

• A list of papers to read for the final exam
• Bob Braden, Architectural Principles of the
  Internet, IPAM Tutorial March 12, 2002.
• Jukka Ylitalo and Pekka Nikander, A new Name
  Space for End-Points Implementing secure
  Mobility and Multi-homing across the two versions
  of IP, in Proceedings of the Fifth European
  Wireless Conference, Mobile and Wireless Systems
  beyond 3G (EW2004), pp. 435-441, Barcelona,
  Spain, February 24-27, 2004.
• Hari Balakrishnan, Karthik Lakshminarayanan,
  Sylvia Ratnasamy, Scott Shenker, Ion Stoica, and
  Michael Walfish, "A Layered Naming Architecture
  for the Internet", ACM SIGCOMM 2004, Portland,
  OR, September 2004.
• We will have an invited lecture on 13.04. by
  Jaakko Kangasharju on wireless web services.
  Everyone should attend!

3
Contents

• Review
• Requirements
• Security contexts
• WS security standard revisited
• SAML
• Summary

4
Standardization Groups
Extensible Rights Markup Language
XrML
Provisioning
XML Common Biometric Format (XCBF)
eXtensible Access Control Markup Language (XACML)
XML Key Management Specification
WS-Security
Biometrics
XML Encryption
XML Signature
XKMS
XACML
SAML
Security Assertion Markup language
5
Digital Signatures
Need to know the message, digest, and algorithm
(f.e. SHA1)
Message
6
XML Digital Signatures (cont.)
ltSignature ID?gt ltSignedInfogt
ltCanonicalizationMethod/gt ltSignatureMethod/gt
(ltReference URI?gt (ltTransformsgt)?
ltDigestMethodgtlt/DigestMethodgt ltDigestValuegtlt/Dige
stValuegt lt/Referencegt) lt/SignedInfogt
ltSignaturevaluegtlt/Signaturevaluegt (ltKeyInfogt)?
(ltObject ID?gt) lt/Signaturegt
7
Encryption
8
XML Encryption
ltEncryptedData Id? Type? MimeType? Encoding?gt
ltEncryptionMethod/gt? ltdsKeyInfogt
ltEncryptedKeygt? ltAgreementMethodgt?
ltdsKeynamegt? ltdsRetrievalMethodgt?
ltdsgt? lt/dsKeyInfogt ltCipherDatagt
ltCipherValuegt? ltCipherReference URI?gt?
lt/CipherDatagt ltEncryptionPropertiesgt? lt/EncryptedD
atagt
9
Web Services Security Requirements

• Access control to Web services
• WS-Security, XML-Signature
• SAML Issuing and validation of SAML assertions
• Digital certificate validation
• Content-filtering XML
• Filters based on data format (XSD)
• Filters based on content (XPath)
• Filters based on integrity (XML Signature)

10
Functional point of view
Management Console Design and Deploy Security po
licies
ID Management LDAP PKI Single Sign-On
Authorization
Authentication
Content Checking
Reporting Activity Alerting Secure logging
Integrity
Validation
Routing
11
Security Contexts in Web Services

• Remember Web Services goals
• Re-use existing services
• Combine services from several domains
• Security result Must support several security
  domains
• SOAP intermediaries
• Reusing security tokens from one message in
  another message

12
Example 1 Pass subject details
Web Browser
Website
Appl. Server
Web Service
Main Point We need security within AND between
security contexts!
13
Example 2 SOAP Routing
Main Point We need XML validation, encryption,
and authentication between security contexts!
14
WS Security I

• Web Services Security SOAP Message Security 1.0
  (Oasis Standard 2004)
• End-to-End security
• Headers are decrypted and processed as needed
• Selective processing
• Some parts are plain text
• Some are encrypted
• Some are signed
• How does it work?
• SOAP header carries security information (and
  other info as well)

15
WS Security II

• Ability to send security tokens as part of a
  message, message integrity, and message
  confidentiality
• Security model in terms of security tokens
  combined with digital signatures to protect and
  authenticate SOAP messages
• An X.509 is an example of a signed security token
  endorsed by a CA.
• When third party support is not available,
  receiver may choose to accept the claims in the
  token based on trust on the entity that sent the
  message.

16
Goals

• Multiple security token formats
• Multiple trust domains
• Multiple signature formats
• Multiple encryption technologies
• End-to-end message content security and not just
  transport-level security

17
Non-goals

• Establishing a security context or authentication
  mechanism
• Key derivation
• Advertisement and exchange of security policy
• How trust is established or determined
• Non-repudiation

18
Message Protection

• Integrity mechanism designed to support multiple
  signatures
• Uses XML Signature and XML Encryption
• Syntax and semantics of signatures within a
  ltwsseSecuritygt element
• This is the security block in the SOAP header
• SOAP actor/role attribute is used to target
  header blocks
• Security element includes
• Security tokens
• Information about the use of XML Encryption
  Signature in the SOAP header/body/combination

19
Security Header

• May be present multiple times in a SOAP message
• Must have different actor/role attribute values
• Unrecognized extension elements or attributes
  should cause a fault
• Receivers MAY ignore elements or extensions
  within the ltwsseSecuritygt element, based on
  local security policy

lt?xml version"1.0" encoding"utf-8"?gt
ltsoapEnvelope xmlnssoap""..." xmlnswsu"...
xmlnswsse"..."gt ltsoapHeadergt
ltwsseSecurity soapmustUnderstand..gt..lt/wsse..
.gt lt/soapHeadergt ltsoapBodygt ...
lt/soapBodygt lt/soapEnvelopegt
20
Security Element enclosing information

• UsernameToken block
• Defines how username-and-password info is
  enclosed in SOAP
• End users SAML Authentication Assertion or
  Kerberos ticket, shared uname/pwd secret
• Password must be protected against eavesdroppers
  (enc) and replay (timestamp/nonce)
• BinarySecurityToken block
• Encloses binary data
• An X.509 certificate or a Kerberos ticket
• Has an identifier (Id), a value (ValueType), and
  an encoding (EncodingType)
• XML Signature KeyInfo may point to a certificate
  used in signing using a Reference to its Id.
• Similar for XML Encryption.
• So we can sign/encrypt data with a certificate in
  the header.

21
ID References

• A new global attribute wsuId attribute
• ltanyElement wsuid..gt..lt/anyElementgt
• Note that the SOAP processor needs to support
  this
• wsuid a WS-Security namespace (wssecurity-secext-
  1.0.xsd)
• Recipients do not need to understand the full
  schema of the message for processing the security
  elements
• Two wsuId attributes within an XML document MUST
  NO have the same value
• Recommended that wsuId is used instead of a more
  general transformation, especially XPath

22
Signatures

• Does not use the Enveloped Signature Transform
• Due to mutability of SOAP header
• Does not use the Enveloping Signature
• Explicitly include the elements to be signed
• Allows for extensions, multiple signatures, etc.

23
Canonicalization

• XML Canonicalization and Exclusive XML
  Canonicalization
• Problems
• XML tools change documents, e.g. duplicate
  namespace declarations can be removed or created
• Signature simply covers something like xxfoo,
  its meaning may change if xx is redefined
• There are mechanisms like XPath, which consider
  xxhttp//example.com to be different from
  yyhttp//example.com/

24
Inclusive Canonicalization

• Copies all the declarations that are currently in
  force
• Useful in the typical case of signing part or all
  of the SOAP body
• Causes problems for signatures when the context
  changes (for example by intermediaries)

25
Exclusive Canonicalization

• Tries to figure out what namespaces are actually
  used and just copies those
• Does not look into attribute values or element
  content
• Can happen implicitly because XML processing
  tools will add xsitype if schema subtypes are
  used
• Useful when you have an XML document that you
  wish to insert into another XML document
• Example signed SAML assertion
• Should be used with WS-Security SOAP Message
  Security (recommended)

26
Signing Messages

• Multiple signature entries MAY be added into a
  single SOAP Envelope within one ltwsseSecuritygt
  header block
• MUST be prepended to the existing content
• ltdsReferencegt elements contained in the
  signature should refer to a resource within the
  enclosing SOAP envelope
• ltwsseSecurityTokenreferencegt
• Extensible mechanism that provides an open
  content model for referencing security tokens
• New reference option for XML signature
• STR Deference Transform
• Means that the output is the token referenced by
  the element, not the element itself
• You can conveniently locate and sign security
  tokens anywhere in the header

27
Example of a Token with signature
Open content model for specifying token. It could
be XML, URI,
ltwsseSecurityTokenReference wsuId"Str1"gt
... lt/wsseSecurityTokenReferencegt ... ltdsSignatu
re xmlnsds"http//...xmldsig"gt
ltdsSignedInfogt ltdsReference URI"Str1"gt
ltdsTransformsgt ltdsTransform
Algorithm"...STR-Transform"gt...
lt/dsTransformgtlt/dsTransformsgt
ltdsDigestMethod Algorithm"http//...sha1"/gt
ltdsDigestValuegt...lt/dsDigestValuegt
lt/dsReferencegt lt/dsSignedInfogt
ltdsSignatureValuegtlt/dsSignatureValuegt lt/dsSigna
turegt
We use the content here using STR-Transform and
compute the digest
28
Extended example

• SOAP Envelope
• SOAP Header
• WS Security
• Security token (a certificate)
• Encryption key (passing symmetric key)
• Signature
• SOAP Body
• Encrypted content

29
Overall message structure
lt?xml version"1.0" encoding"utf-8"?gt
ltsoapEnvelopegt ltsoapHeadergt
ltwsseSecuritygt ltwsseBinarySecurityTokengt...
lt/wsseBinary...gt ltxencEncryptedKeygt...lt/xen
cEncryptedKeygt ltdsSignaturegt
ltdsSignatureValuegt...lt/dsSignatureValuegt
ltdsKeyInfogt...lt/dsKeyInfogt
lt/dsSignaturegt lt/wsseSecuritygt
lt/soapHeadergt ltsoapBody wsuId"body"gt
ltxencEncryptedDatagt...lt/xencEncryptedDatagt
lt/soapBodygt lt/soapEnvelopegt
1.
2.
3.
4.
30
1. Binary security token
ltwsseSecuritygt ltwsseBinarySecurityToken
ValueType"...X509v3" wsuId"X509Token"
EncodingType"...Base64Binary"gt
ABCDEF.... lt/wsseBinarySecurityTokengt ltxencEncry
ptedKeygt...lt/xencEncryptedKeygt ltdsSignaturegt...lt
/dsSignaturegt lt/wsseSecuritygt
31
2. Passing encryption key
We are using another certificate for asymmetric
crypto.
ltxencEncryptedKeygt ltxencEncryptionMethod
Algorithm"...rsa-1_5"/gt ltdsKeyInfogt
ltwsseKeyIdentifier
EncodingType"...Base64Binary"
ValueType"...X509v3"gt ABCDEF....
lt/wsseKeyIdentifiergt lt/dsKeyInfogt
ltxencCipherDatagt ltxencCipherValuegt...lt/xenc
CipherValuegt lt/xencCipherDatagt
ltxencReferenceListgt ltxencDataReference
URI"enc1"gt lt/xencReferenceListgt
lt/xencEncryptedKeygt
Encrypted symmetric key
Reference to cipher data
32
3. Actual signature
ltdsSignaturegt ltdsSignedInfogt
ltdsCanonicalizationMethod
algorithm"http//...-exc-c14n"/gt
ltdsSignatureMethod algorithm"http//...rsa-sha1
"/gt ltdsReference URI"T0"gt...lt/dsReferencegt
ltdsReference URI"body"gt...lt/dsReferencegt
. lt/dsSignedInfogt ltdsSignatureValuegt
..... lt/dsSignatureValuegt ltdsKeyInfogt
ltwsseSecurityTokenReferencegt
ltwsseReference URI"X509Token"/gt
lt/wsseSecurityTokenReferencegt
lt/dsKeyInfogt lt/dsSignaturegt
Exclusive canonicalization
References digests to data
Reference to certificate.
33
3. SignedInfo in more detail
ltdsSignedInfogt ltdsCanonicalizationMethod
Algorithm"http//...-exc-c14n"/gt
ltdsSignatureMethod Algorithm"http//...rsa-sha1
"/gt ltdsReference URI"T0"gt ltdsTransformsgt
ltdsTransform Algorithm"http//...exc-c14n"
/gt lt/dsTransformsgt ltdsDigestMethod
Algorithm"http//...sha1"/gt
ltdsDigestValuegt...lt/dsDigestValuegt
lt/dsReferencegt ltdsReference URI"body"gt
ltdsTransformsgt ltdsTransform
Algorithm"http//...exc-c14n"/gt
lt/dsTransformsgt ltdsDigestMethod
Algorithm"http//...sha1"/gt
ltdsDigestValuegt...lt/dsDigestValuegt
lt/dsReferencegt lt/dsSignedInfogt
34
4. Actual message body
ltsoapBody wsuId"body"gt ltxencEncryptedData
Type"http//www.w3.org/2001/04/xmlencEleme
nt" wsuId"enc1"gt ltxencEncryptionMetho
d Algorithm"http//www.w3.org/2001/04/xmlen
ctripledes-cbc"/gt ltxencCipherDatagt
ltxencCipherValuegt...lt/xencCipherValuegt
lt/xencCipherDatagt lt/xencEncryptedDatagt lt/soapB
odygt lt/soapEnvelopegt
35
Error Handling

• SOAP Faults are used to indicate faults
• Error scenarios
• Security token type unsupported
• Note WS-Policy may be used to convey what
  security tokens can be understood by different
  parties
• Fault code InvalidSecurity (if contents of the
  header block cannot be processed)
• Invalid security token
• For example security token corrupted or has
  invalid signature
• Fault code InvalidSecurityToken
• Security token cannot be authenticated
• For example given certificate cannot be
  validated
• Fault code FailedAuthentication
• Security token unavailable
• For example a certificate was referenced that
  could not be located
• Fault code wsseSecurityTokenUnavailable

36
SAML

• SAML (Security Assertion Markup Language)
• A XML-based framework (schemas) for the exchange
  of authentication and authorization information
• A standard message exchange protocol
• How you ask and receive information
• Mainly for integration, up to relying parties to
  decide to what authentication authority to trust
• Assertions can convey information about
  authentication acts performed by subjects,
  attributes of subjects, and authorization
  decisions about whether subjects are allowed to
  access certain resources
• Authentication statements merely describe acts of
  authentication that happened previously
• Specified by OASIS

37
SAML in a nutshell

• XML-based framework for exchanging security
  information
• XML-encoded security assertions
• XML-encoded request/response protocol
• Rules on using assertions with standard transport
  and messaging frameworks
• SAML WS-Security allow a SOAP message to
  include information about the end-users
  authentication status

38
SAML Motivation Portable Trust
Using services in B from A? Authentication at
B? Not acceptable!
39
Timed updates
Timed updates
Authentication server C
40
SAML assertions

• An assertion is a declaration of fact about a
  subject, e.g. a user
• According to some assertion issues
• SAML has three kinds, all related to security
• Authentication
• Attribute
• Authorization decision
• You can extend SAML to make you own kinds of
  assertions
• Assertions can be digitally signed

41
All assertions have some common information

• Issuer and issuance timestamp
• Assertion ID
• Subject
• Name plus the security domain
• Optional subject information, e.g. public key
• Conditions under which assertion is valid
• SAML clients must reject assertions containing
  unsupported conditions
• Special kind of condition assertion validity
  period
• Additional advice
• E.g. to explain how the assertion was made

42
Authentication assertion

• An issuing authority asserts that
• Subject S
• was authenticated by means M
• at time T
• Caution actually checking or revoking of
  credentials is not in the scope of SAML!
• Password exchange
• Challenge-response
• Etc.
• It merely lets you link back to acts of
  authentication that took place previously

43
Example authentication assertion
ltsamlAssertion MajorVersion"1"
MinorVersion"0" AssertionID"127.0.0.1.1234567
" Issuer"Example Corp" IssueInstant"2005-0
4-04T090000Z"gt ltsamlConditions
NotBefore"2005-04-04T090000Z"
NotAfter""2005-04-04T090500Z"/gt
ltsamlAuthenticationStatement
AuthenticationMethod"password"
AuthenticationInstant"2005-04-04T090100Z"gt
ltsamlSubjectgt ltsamlNameIdentifier
SecurityDomain"example.com"
Name"johndoe"/gt lt/samlSubjectgt
lt/samlAuthenticationStatementgt
lt/samlAssertiongt
44
Attribute assertion

• An issuing authority asserts that
• subject S
• is associated with attributes A,B,..
• with values a,b,
• Typically this would be gotten from an LDAP
  repository
• john.doe in example.com
• is associated with attribute Department
• with value Human Resources

45
Example attribute assertion
ltsamlAssertion ...gt ltsaml Conditions .../gt
ltsamlAttributeStatementgt ltsamlSubjectgt
ltsamlNameIdentifier
SecurityDomain"example.com"
Name"johndoe" /gt lt/samlSubjectgt
ltsamlAttribute AttributeName"PaidStatus"
AttributeNameSpace"http//example.com"gt
ltsamlAttributeValuegt
PaidUp lt/samlAttributeValuegt
lt/samlAttributegt lt/samlAttributeStatementgt
lt/samlAssertiongt
46
Authorization decision assertion

• An issuing authority decides whether to grant the
  request
• by subject S
• for access type A
• to resource R
• given evidence E
• The subject could be a human or a program
• The resource could be a web page or a web
  service, for example

47
Example authorization decision assertion
ltsamlAssertion ...gt ltsamlConditions .../gt
ltsamlAuthorizationStatement
Decision"Permit" Resource"http//example
.com/res123"gt ltsamlSubjectgt
ltsamlNameIdentifier
SecurityDomain"example.com"
Name"johndoe" /gt lt/samlSubjectgt
lt/samlAuthorizationStatementgt
lt/samlAssertiongt
48
Assertion type Description
Authentication Assertion Asserts that subject S was authenticated by means M at time T
Attribute Assertion Asserts that subject S is associated with attributes A1, A2, with values V1,V2,...
Authorization Decision Assertion Should the request to subject S for access type A be granted to resource R given evidence E
49
A username token in WS-Security SOAP Header
ltSOAPEnvelope xmlnsSOAP"..."gt ltSOAPHeadergt
ltwsseSecurity xmlnswsse"http//...secext"gt
ltwsseUsernameTokengt ltwsseUserNamegtabclt
/wsseUserNamegt ltwssePassword
Type"wssePasswordDigest"gt xyzabc
lt/wssePasswordgt ltwsseNoncegt
ap2oep3oaeap1 lt/wsseNoncegt
lt/wsseUsernameTokengt ...
lt/wsseSecuritygt lt/SOAPHeadergt ltSOAPBody
Id"body"gt ... lt/SOAPBodygt
lt/SOAPEnvelopegt
50
A Binary X.509 Certificate in WS-Security SOAP
header
ltwsseSecurity xmlnswsse"http//...secext"gt
ltwsseBinarySecurityToken Id"X509Token"
xmlnswsse"...secext" ValueType"wsseX509v3
" EncodingType"wsseBase64Binary"gt
ABCDEF.. lt/wsseBinarySecurityTokengt
ltdsSignature xmlnsds"...xmldsig"gt
ltdsSignedInfogt...lt/dsSignedInfogt
ltdsSignatureValuegt...lt/dsSignatureValuegt
ltdsKeyInfogt ltwsseSecurityTokenReferencegt
ltwsseReference URI"X509Token"/gt
lt/wsseSecurityTokenReferencegt
lt/dsKeyInfogt lt/Signaturegt
... lt/wsseSecuritygt
51
A SAML Assertion in WS-Security SOAP Header
ltwsseSecurity xmlnswsse"http//...secext"gt
ltsamlAssertion xmlnssaml"urnoasisnamest
cSAML1.0assertion" MajorVersion"1"
Minorversion"0" AssertionID"SecurityToken-1
23" Issuer"example.com"
IssueInstant"2005-04-04T090000Z"gt ...
lt/samlAssertiongt ltdsSignature
xmlnsds"...xmldsig"gt ltdsSignedInfogt...lt/ds
SignedInfogt ltdsSignatureValuegt...lt/dsSignat
ureValuegt ltdsKeyInfogt
ltwsseSecurityTokenReferencegt
ltsamlAssertionIDReferencegt
SecurityToken-123 lt/samlAssertionIDReferencegt
lt/wsseSecurityTokenReferencegt
lt/dsKeyInfogt lt/Signaturegt
... lt/wsseSecuritygt
SAML does not allow the use of the ID attribute
with assertion elements, hence AssertionIDReferenc
e is used
52
SAML and XACML
Once the SAML authoriz. Has ben made it may be
included into the SOAP message and used by the
target WS.
SOAP msg is Intercepted. SAML query is formed,
results determine access. Identity info taken
from request. There may be multiple PEPs.
PDP queries attributes from PIP (time of day,
value, etc.). PIP returns an attribute assertion.
Once the PDP has all the relevant information, it
evaluates rules and returns a SAML authoriz.
Assertion
PEP Policy Enforcement Point
Web Service
PDP Policy Decision Point
PIP Policy Information Point
Policy Store (XACML)
Rules are combined subjects, resources, and
attributes. Exported into XACML.
PRP Policy Retrieval Point
PAP Policy Admin. Point
53
Implementations

• Trust Services Integration Kit (TSIK), Verisign
• Java API for creating trusted services, includes
  a SAML API
• http//www.xmltrustcenter.org/developer/verisign/t
  sik/index.htm
• Apache XML-Security, Apache Software Foundation
• XML Digital Signature and XML Encryption (Java,
  C)
• http//xml.apache.org/security/
• Web Services Enhancements 2.0, Microsoft
• .NET implementation of various WS Security specs.
• http//msdn.microsoft.com/webservices/building/wse
  /
• Microsoft Passport, Microsoft
• Single sign-on support
• XML Security Suite, IBM
• XML Digital Signature, XML Encryption and XML
  Access Control Language (Java)
• http//www.alphaworks.ibm.com/tech/xmlsecuritysuit
  e
• SunONE Identity Server, Sun Microsystems
• Supports Libertys federated identity and SAML

54
Web Services Enhancements 2.0

• Implements many of the rules of the WS-
  specifications
• Works with HTTP and SOAP (SoapExtensions)
• Supported specifications
• WS-Security, WS-SecurityPolicy,
  WS-SecureConversation, WS-Trust, WS-Referral,
  WS-Addressing, WS-Policy, WS-Attachments
• Supports signing/encrypting message elements and
  policies
• More information and downloads

55
Lecture Summary

• Security contexts
• Security needed within and between contexts
• XML validation, encryption, and authentication
  needed between security contexts!
• WS security standard revisited
• SOAP header carries security information (and
  other info as well)
• Selective processing
• SAML
• Statements about authorization, authentication,
  attributes
• SAML WS-Security XACML
• Implementations available