Title: T-110.455 Network Application Frameworks and XML Web Service Security 06.04.2005 Sasu Tarkoma Based on slides by Pekka Nikander
1T-110.455 Network Application Frameworks and
XML Web Service Security06.04.2005Sasu
Tarkoma Based on slides by Pekka Nikander
2Announcements
- A list of papers to read for the final exam
- Bob Braden, Architectural Principles of the
Internet, IPAM Tutorial March 12, 2002. - Jukka Ylitalo and Pekka Nikander, A new Name
Space for End-Points Implementing secure
Mobility and Multi-homing across the two versions
of IP, in Proceedings of the Fifth European
Wireless Conference, Mobile and Wireless Systems
beyond 3G (EW2004), pp. 435-441, Barcelona,
Spain, February 24-27, 2004. - Hari Balakrishnan, Karthik Lakshminarayanan,
Sylvia Ratnasamy, Scott Shenker, Ion Stoica, and
Michael Walfish, "A Layered Naming Architecture
for the Internet", ACM SIGCOMM 2004, Portland,
OR, September 2004. - We will have an invited lecture on 13.04. by
Jaakko Kangasharju on wireless web services.
Everyone should attend!
3Contents
- Review
- Requirements
- Security contexts
- WS security standard revisited
- SAML
- Summary
4Standardization Groups
Extensible Rights Markup Language
XrML
Provisioning
XML Common Biometric Format (XCBF)
eXtensible Access Control Markup Language (XACML)
XML Key Management Specification
WS-Security
Biometrics
XML Encryption
XML Signature
XKMS
XACML
SAML
Security Assertion Markup language
5Digital Signatures
Need to know the message, digest, and algorithm
(f.e. SHA1)
Message
6XML Digital Signatures (cont.)
ltSignature ID?gt ltSignedInfogt
ltCanonicalizationMethod/gt ltSignatureMethod/gt
(ltReference URI?gt (ltTransformsgt)?
ltDigestMethodgtlt/DigestMethodgt ltDigestValuegtlt/Dige
stValuegt lt/Referencegt) lt/SignedInfogt
ltSignaturevaluegtlt/Signaturevaluegt (ltKeyInfogt)?
(ltObject ID?gt) lt/Signaturegt
7Encryption
8XML Encryption
ltEncryptedData Id? Type? MimeType? Encoding?gt
ltEncryptionMethod/gt? ltdsKeyInfogt
ltEncryptedKeygt? ltAgreementMethodgt?
ltdsKeynamegt? ltdsRetrievalMethodgt?
ltdsgt? lt/dsKeyInfogt ltCipherDatagt
ltCipherValuegt? ltCipherReference URI?gt?
lt/CipherDatagt ltEncryptionPropertiesgt? lt/EncryptedD
atagt
9Web Services Security Requirements
- Access control to Web services
- WS-Security, XML-Signature
- SAML Issuing and validation of SAML assertions
- Digital certificate validation
- Content-filtering XML
- Filters based on data format (XSD)
- Filters based on content (XPath)
- Filters based on integrity (XML Signature)
10Functional point of view
Management Console Design and Deploy Security po
licies
ID Management LDAP PKI Single Sign-On
Authorization
Authentication
Content Checking
Reporting Activity Alerting Secure logging
Integrity
Validation
Routing
11Security Contexts in Web Services
- Remember Web Services goals
- Re-use existing services
- Combine services from several domains
- Security result Must support several security
domains - SOAP intermediaries
- Reusing security tokens from one message in
another message
12Example 1 Pass subject details
Web Browser
Website
Appl. Server
Web Service
Main Point We need security within AND between
security contexts!
13Example 2 SOAP Routing
Main Point We need XML validation, encryption,
and authentication between security contexts!
14WS Security I
- Web Services Security SOAP Message Security 1.0
(Oasis Standard 2004) - End-to-End security
- Headers are decrypted and processed as needed
- Selective processing
- Some parts are plain text
- Some are encrypted
- Some are signed
- How does it work?
- SOAP header carries security information (and
other info as well)
15WS Security II
- Ability to send security tokens as part of a
message, message integrity, and message
confidentiality - Security model in terms of security tokens
combined with digital signatures to protect and
authenticate SOAP messages - An X.509 is an example of a signed security token
endorsed by a CA. - When third party support is not available,
receiver may choose to accept the claims in the
token based on trust on the entity that sent the
message.
16Goals
- Multiple security token formats
- Multiple trust domains
- Multiple signature formats
- Multiple encryption technologies
- End-to-end message content security and not just
transport-level security
17Non-goals
- Establishing a security context or authentication
mechanism - Key derivation
- Advertisement and exchange of security policy
- How trust is established or determined
- Non-repudiation
18Message Protection
- Integrity mechanism designed to support multiple
signatures - Uses XML Signature and XML Encryption
- Syntax and semantics of signatures within a
ltwsseSecuritygt element - This is the security block in the SOAP header
- SOAP actor/role attribute is used to target
header blocks - Security element includes
- Security tokens
- Information about the use of XML Encryption
Signature in the SOAP header/body/combination
19Security Header
- May be present multiple times in a SOAP message
- Must have different actor/role attribute values
- Unrecognized extension elements or attributes
should cause a fault - Receivers MAY ignore elements or extensions
within the ltwsseSecuritygt element, based on
local security policy
lt?xml version"1.0" encoding"utf-8"?gt
ltsoapEnvelope xmlnssoap""..." xmlnswsu"...
xmlnswsse"..."gt ltsoapHeadergt
ltwsseSecurity soapmustUnderstand..gt..lt/wsse..
.gt lt/soapHeadergt ltsoapBodygt ...
lt/soapBodygt lt/soapEnvelopegt
20Security Element enclosing information
- UsernameToken block
- Defines how username-and-password info is
enclosed in SOAP - End users SAML Authentication Assertion or
Kerberos ticket, shared uname/pwd secret - Password must be protected against eavesdroppers
(enc) and replay (timestamp/nonce) - BinarySecurityToken block
- Encloses binary data
- An X.509 certificate or a Kerberos ticket
- Has an identifier (Id), a value (ValueType), and
an encoding (EncodingType) - XML Signature KeyInfo may point to a certificate
used in signing using a Reference to its Id. - Similar for XML Encryption.
- So we can sign/encrypt data with a certificate in
the header.
21ID References
- A new global attribute wsuId attribute
- ltanyElement wsuid..gt..lt/anyElementgt
- Note that the SOAP processor needs to support
this - wsuid a WS-Security namespace (wssecurity-secext-
1.0.xsd) - Recipients do not need to understand the full
schema of the message for processing the security
elements - Two wsuId attributes within an XML document MUST
NO have the same value - Recommended that wsuId is used instead of a more
general transformation, especially XPath
22Signatures
- Does not use the Enveloped Signature Transform
- Due to mutability of SOAP header
- Does not use the Enveloping Signature
- Explicitly include the elements to be signed
- Allows for extensions, multiple signatures, etc.
23Canonicalization
- XML Canonicalization and Exclusive XML
Canonicalization - Problems
- XML tools change documents, e.g. duplicate
namespace declarations can be removed or created - Signature simply covers something like xxfoo,
its meaning may change if xx is redefined - There are mechanisms like XPath, which consider
xxhttp//example.com to be different from
yyhttp//example.com/
24Inclusive Canonicalization
- Copies all the declarations that are currently in
force - Useful in the typical case of signing part or all
of the SOAP body - Causes problems for signatures when the context
changes (for example by intermediaries)
25Exclusive Canonicalization
- Tries to figure out what namespaces are actually
used and just copies those - Does not look into attribute values or element
content - Can happen implicitly because XML processing
tools will add xsitype if schema subtypes are
used - Useful when you have an XML document that you
wish to insert into another XML document - Example signed SAML assertion
- Should be used with WS-Security SOAP Message
Security (recommended)
26Signing Messages
- Multiple signature entries MAY be added into a
single SOAP Envelope within one ltwsseSecuritygt
header block - MUST be prepended to the existing content
- ltdsReferencegt elements contained in the
signature should refer to a resource within the
enclosing SOAP envelope - ltwsseSecurityTokenreferencegt
- Extensible mechanism that provides an open
content model for referencing security tokens - New reference option for XML signature
- STR Deference Transform
- Means that the output is the token referenced by
the element, not the element itself - You can conveniently locate and sign security
tokens anywhere in the header
27Example of a Token with signature
Open content model for specifying token. It could
be XML, URI,
ltwsseSecurityTokenReference wsuId"Str1"gt
... lt/wsseSecurityTokenReferencegt ... ltdsSignatu
re xmlnsds"http//...xmldsig"gt
ltdsSignedInfogt ltdsReference URI"Str1"gt
ltdsTransformsgt ltdsTransform
Algorithm"...STR-Transform"gt...
lt/dsTransformgtlt/dsTransformsgt
ltdsDigestMethod Algorithm"http//...sha1"/gt
ltdsDigestValuegt...lt/dsDigestValuegt
lt/dsReferencegt lt/dsSignedInfogt
ltdsSignatureValuegtlt/dsSignatureValuegt lt/dsSigna
turegt
We use the content here using STR-Transform and
compute the digest
28Extended example
- SOAP Envelope
- SOAP Header
- WS Security
- Security token (a certificate)
- Encryption key (passing symmetric key)
- Signature
- SOAP Body
- Encrypted content
29Overall message structure
lt?xml version"1.0" encoding"utf-8"?gt
ltsoapEnvelopegt ltsoapHeadergt
ltwsseSecuritygt ltwsseBinarySecurityTokengt...
lt/wsseBinary...gt ltxencEncryptedKeygt...lt/xen
cEncryptedKeygt ltdsSignaturegt
ltdsSignatureValuegt...lt/dsSignatureValuegt
ltdsKeyInfogt...lt/dsKeyInfogt
lt/dsSignaturegt lt/wsseSecuritygt
lt/soapHeadergt ltsoapBody wsuId"body"gt
ltxencEncryptedDatagt...lt/xencEncryptedDatagt
lt/soapBodygt lt/soapEnvelopegt
1.
2.
3.
4.
301. Binary security token
ltwsseSecuritygt ltwsseBinarySecurityToken
ValueType"...X509v3" wsuId"X509Token"
EncodingType"...Base64Binary"gt
ABCDEF.... lt/wsseBinarySecurityTokengt ltxencEncry
ptedKeygt...lt/xencEncryptedKeygt ltdsSignaturegt...lt
/dsSignaturegt lt/wsseSecuritygt
312. Passing encryption key
We are using another certificate for asymmetric
crypto.
ltxencEncryptedKeygt ltxencEncryptionMethod
Algorithm"...rsa-1_5"/gt ltdsKeyInfogt
ltwsseKeyIdentifier
EncodingType"...Base64Binary"
ValueType"...X509v3"gt ABCDEF....
lt/wsseKeyIdentifiergt lt/dsKeyInfogt
ltxencCipherDatagt ltxencCipherValuegt...lt/xenc
CipherValuegt lt/xencCipherDatagt
ltxencReferenceListgt ltxencDataReference
URI"enc1"gt lt/xencReferenceListgt
lt/xencEncryptedKeygt
Encrypted symmetric key
Reference to cipher data
323. Actual signature
ltdsSignaturegt ltdsSignedInfogt
ltdsCanonicalizationMethod
algorithm"http//...-exc-c14n"/gt
ltdsSignatureMethod algorithm"http//...rsa-sha1
"/gt ltdsReference URI"T0"gt...lt/dsReferencegt
ltdsReference URI"body"gt...lt/dsReferencegt
. lt/dsSignedInfogt ltdsSignatureValuegt
..... lt/dsSignatureValuegt ltdsKeyInfogt
ltwsseSecurityTokenReferencegt
ltwsseReference URI"X509Token"/gt
lt/wsseSecurityTokenReferencegt
lt/dsKeyInfogt lt/dsSignaturegt
Exclusive canonicalization
References digests to data
Reference to certificate.
333. SignedInfo in more detail
ltdsSignedInfogt ltdsCanonicalizationMethod
Algorithm"http//...-exc-c14n"/gt
ltdsSignatureMethod Algorithm"http//...rsa-sha1
"/gt ltdsReference URI"T0"gt ltdsTransformsgt
ltdsTransform Algorithm"http//...exc-c14n"
/gt lt/dsTransformsgt ltdsDigestMethod
Algorithm"http//...sha1"/gt
ltdsDigestValuegt...lt/dsDigestValuegt
lt/dsReferencegt ltdsReference URI"body"gt
ltdsTransformsgt ltdsTransform
Algorithm"http//...exc-c14n"/gt
lt/dsTransformsgt ltdsDigestMethod
Algorithm"http//...sha1"/gt
ltdsDigestValuegt...lt/dsDigestValuegt
lt/dsReferencegt lt/dsSignedInfogt
344. Actual message body
ltsoapBody wsuId"body"gt ltxencEncryptedData
Type"http//www.w3.org/2001/04/xmlencEleme
nt" wsuId"enc1"gt ltxencEncryptionMetho
d Algorithm"http//www.w3.org/2001/04/xmlen
ctripledes-cbc"/gt ltxencCipherDatagt
ltxencCipherValuegt...lt/xencCipherValuegt
lt/xencCipherDatagt lt/xencEncryptedDatagt lt/soapB
odygt lt/soapEnvelopegt
35Error Handling
- SOAP Faults are used to indicate faults
- Error scenarios
- Security token type unsupported
- Note WS-Policy may be used to convey what
security tokens can be understood by different
parties - Fault code InvalidSecurity (if contents of the
header block cannot be processed) - Invalid security token
- For example security token corrupted or has
invalid signature - Fault code InvalidSecurityToken
- Security token cannot be authenticated
- For example given certificate cannot be
validated - Fault code FailedAuthentication
- Security token unavailable
- For example a certificate was referenced that
could not be located - Fault code wsseSecurityTokenUnavailable
36SAML
- SAML (Security Assertion Markup Language)
- A XML-based framework (schemas) for the exchange
of authentication and authorization information - A standard message exchange protocol
- How you ask and receive information
- Mainly for integration, up to relying parties to
decide to what authentication authority to trust - Assertions can convey information about
authentication acts performed by subjects,
attributes of subjects, and authorization
decisions about whether subjects are allowed to
access certain resources - Authentication statements merely describe acts of
authentication that happened previously - Specified by OASIS
37SAML in a nutshell
- XML-based framework for exchanging security
information - XML-encoded security assertions
- XML-encoded request/response protocol
- Rules on using assertions with standard transport
and messaging frameworks - SAML WS-Security allow a SOAP message to
include information about the end-users
authentication status
38SAML Motivation Portable Trust
Using services in B from A? Authentication at
B? Not acceptable!
39Timed updates
Timed updates
Authentication server C
40SAML assertions
- An assertion is a declaration of fact about a
subject, e.g. a user - According to some assertion issues
- SAML has three kinds, all related to security
- Authentication
- Attribute
- Authorization decision
- You can extend SAML to make you own kinds of
assertions - Assertions can be digitally signed
41All assertions have some common information
- Issuer and issuance timestamp
- Assertion ID
- Subject
- Name plus the security domain
- Optional subject information, e.g. public key
- Conditions under which assertion is valid
- SAML clients must reject assertions containing
unsupported conditions - Special kind of condition assertion validity
period - Additional advice
- E.g. to explain how the assertion was made
42Authentication assertion
- An issuing authority asserts that
- Subject S
- was authenticated by means M
- at time T
- Caution actually checking or revoking of
credentials is not in the scope of SAML! - Password exchange
- Challenge-response
- Etc.
- It merely lets you link back to acts of
authentication that took place previously
43Example authentication assertion
ltsamlAssertion MajorVersion"1"
MinorVersion"0" AssertionID"127.0.0.1.1234567
" Issuer"Example Corp" IssueInstant"2005-0
4-04T090000Z"gt ltsamlConditions
NotBefore"2005-04-04T090000Z"
NotAfter""2005-04-04T090500Z"/gt
ltsamlAuthenticationStatement
AuthenticationMethod"password"
AuthenticationInstant"2005-04-04T090100Z"gt
ltsamlSubjectgt ltsamlNameIdentifier
SecurityDomain"example.com"
Name"johndoe"/gt lt/samlSubjectgt
lt/samlAuthenticationStatementgt
lt/samlAssertiongt
44Attribute assertion
- An issuing authority asserts that
- subject S
- is associated with attributes A,B,..
- with values a,b,
- Typically this would be gotten from an LDAP
repository - john.doe in example.com
- is associated with attribute Department
- with value Human Resources
45Example attribute assertion
ltsamlAssertion ...gt ltsaml Conditions .../gt
ltsamlAttributeStatementgt ltsamlSubjectgt
ltsamlNameIdentifier
SecurityDomain"example.com"
Name"johndoe" /gt lt/samlSubjectgt
ltsamlAttribute AttributeName"PaidStatus"
AttributeNameSpace"http//example.com"gt
ltsamlAttributeValuegt
PaidUp lt/samlAttributeValuegt
lt/samlAttributegt lt/samlAttributeStatementgt
lt/samlAssertiongt
46Authorization decision assertion
- An issuing authority decides whether to grant the
request - by subject S
- for access type A
- to resource R
- given evidence E
- The subject could be a human or a program
- The resource could be a web page or a web
service, for example
47Example authorization decision assertion
ltsamlAssertion ...gt ltsamlConditions .../gt
ltsamlAuthorizationStatement
Decision"Permit" Resource"http//example
.com/res123"gt ltsamlSubjectgt
ltsamlNameIdentifier
SecurityDomain"example.com"
Name"johndoe" /gt lt/samlSubjectgt
lt/samlAuthorizationStatementgt
lt/samlAssertiongt
48Assertion type Description
Authentication Assertion Asserts that subject S was authenticated by means M at time T
Attribute Assertion Asserts that subject S is associated with attributes A1, A2, with values V1,V2,...
Authorization Decision Assertion Should the request to subject S for access type A be granted to resource R given evidence E
49A username token in WS-Security SOAP Header
ltSOAPEnvelope xmlnsSOAP"..."gt ltSOAPHeadergt
ltwsseSecurity xmlnswsse"http//...secext"gt
ltwsseUsernameTokengt ltwsseUserNamegtabclt
/wsseUserNamegt ltwssePassword
Type"wssePasswordDigest"gt xyzabc
lt/wssePasswordgt ltwsseNoncegt
ap2oep3oaeap1 lt/wsseNoncegt
lt/wsseUsernameTokengt ...
lt/wsseSecuritygt lt/SOAPHeadergt ltSOAPBody
Id"body"gt ... lt/SOAPBodygt
lt/SOAPEnvelopegt
50A Binary X.509 Certificate in WS-Security SOAP
header
ltwsseSecurity xmlnswsse"http//...secext"gt
ltwsseBinarySecurityToken Id"X509Token"
xmlnswsse"...secext" ValueType"wsseX509v3
" EncodingType"wsseBase64Binary"gt
ABCDEF.. lt/wsseBinarySecurityTokengt
ltdsSignature xmlnsds"...xmldsig"gt
ltdsSignedInfogt...lt/dsSignedInfogt
ltdsSignatureValuegt...lt/dsSignatureValuegt
ltdsKeyInfogt ltwsseSecurityTokenReferencegt
ltwsseReference URI"X509Token"/gt
lt/wsseSecurityTokenReferencegt
lt/dsKeyInfogt lt/Signaturegt
... lt/wsseSecuritygt
51A SAML Assertion in WS-Security SOAP Header
ltwsseSecurity xmlnswsse"http//...secext"gt
ltsamlAssertion xmlnssaml"urnoasisnamest
cSAML1.0assertion" MajorVersion"1"
Minorversion"0" AssertionID"SecurityToken-1
23" Issuer"example.com"
IssueInstant"2005-04-04T090000Z"gt ...
lt/samlAssertiongt ltdsSignature
xmlnsds"...xmldsig"gt ltdsSignedInfogt...lt/ds
SignedInfogt ltdsSignatureValuegt...lt/dsSignat
ureValuegt ltdsKeyInfogt
ltwsseSecurityTokenReferencegt
ltsamlAssertionIDReferencegt
SecurityToken-123 lt/samlAssertionIDReferencegt
lt/wsseSecurityTokenReferencegt
lt/dsKeyInfogt lt/Signaturegt
... lt/wsseSecuritygt
SAML does not allow the use of the ID attribute
with assertion elements, hence AssertionIDReferenc
e is used
52SAML and XACML
Once the SAML authoriz. Has ben made it may be
included into the SOAP message and used by the
target WS.
SOAP msg is Intercepted. SAML query is formed,
results determine access. Identity info taken
from request. There may be multiple PEPs.
PDP queries attributes from PIP (time of day,
value, etc.). PIP returns an attribute assertion.
Once the PDP has all the relevant information, it
evaluates rules and returns a SAML authoriz.
Assertion
PEP Policy Enforcement Point
Web Service
PDP Policy Decision Point
PIP Policy Information Point
Policy Store (XACML)
Rules are combined subjects, resources, and
attributes. Exported into XACML.
PRP Policy Retrieval Point
PAP Policy Admin. Point
53Implementations
- Trust Services Integration Kit (TSIK), Verisign
- Java API for creating trusted services, includes
a SAML API - http//www.xmltrustcenter.org/developer/verisign/t
sik/index.htm - Apache XML-Security, Apache Software Foundation
- XML Digital Signature and XML Encryption (Java,
C) - http//xml.apache.org/security/
- Web Services Enhancements 2.0, Microsoft
- .NET implementation of various WS Security specs.
- http//msdn.microsoft.com/webservices/building/wse
/ - Microsoft Passport, Microsoft
- Single sign-on support
- XML Security Suite, IBM
- XML Digital Signature, XML Encryption and XML
Access Control Language (Java) - http//www.alphaworks.ibm.com/tech/xmlsecuritysuit
e - SunONE Identity Server, Sun Microsystems
- Supports Libertys federated identity and SAML
54Web Services Enhancements 2.0
- Implements many of the rules of the WS-
specifications - Works with HTTP and SOAP (SoapExtensions)
- Supported specifications
- WS-Security, WS-SecurityPolicy,
WS-SecureConversation, WS-Trust, WS-Referral,
WS-Addressing, WS-Policy, WS-Attachments - Supports signing/encrypting message elements and
policies - More information and downloads
55Lecture Summary
- Security contexts
- Security needed within and between contexts
- XML validation, encryption, and authentication
needed between security contexts! - WS security standard revisited
- SOAP header carries security information (and
other info as well) - Selective processing
- SAML
- Statements about authorization, authentication,
attributes - SAML WS-Security XACML
- Implementations available