WS-Security

veryard projects > security > ws-security

we offer

new architecture and roadmap

material

links

consultancy

management briefings

independent advice on tools and methods

IBM, Microsoft and Verisign have joined forces to develop and promote a new architecture for web service security.

purpose	to enable a variety of systems to securely interoperate in a platform- and language-neutral manner
	to ensure the integrity, confidentiality and security of Web services
	defines a comprehensive Web service security model that supports, integrates and unifies several popular security models, mechanisms, and technologies (including both symmetric and public key technologies)
	describes a set of specifications and scenarios that show how these specifications might be used together
	brings together formerly incompatible security technologies

on this page

commentary
links

elsewhere

security

Web Service Security - Commentary

veryard projects > security > ws-security > commentary

"A customer making an on-line purchase should not be impacted by whether they are using a cell phone or a laptop computer, as long as each device can securely express the proper identity."	Thus it should be possible to specify security requirements and policies (e.g. relating to identity) in a technology-neutral manner, and then implement specific mechanisms on each platform (cell phone, laptop, and so on) that demonstrably conform to the requirements and policies.
"Integration through the abstractions of a single security model enables organizations to use their existing investments in security technologies while communicating with organizations using different technologies."	This means establishing a common level of abstraction at which the diversity and heterogeneity of rival security devices and mechanisms disappears. While this represents an attractive simplification, it also potentially represents a dangerous reduction in biodiversity. An attack that is designed at the appropriate level of abstraction might be able to overcome any security mechanism that conforms to the common model.
"A security token is a representation of security-related information (e.g. X.509 certificate, Kerberos tickets and authenticators, mobile device security tokens from SIM cards, username, etc.)" "The subject of the security token is a principal (e.g. a person, an application or a business entity) about which the claims expressed in the security token apply. Specifically, the subject, as the owner of the security token possesses information necessary to prove ownership of the security token."	In the case of a SIM card, the subject of the security token seems to be the SIM card or the mobile phone. A further step seems to be required to associate this token with a human subscriber. In many business and social contexts, a principal can delegate authority to an agent, which may involve lending the necessary tokens. The model describes various scenarios for the exchange of tokens. But there also needs to be a higher level of abstraction at which these scenarios can be understood as different ways of achieving the same underlying business security requirements.
"An intermediary may add headers, encrypt or decrypt pieces of the message, or add additional security tokens. In such situations, care should be taken so that alterations to the message do not invalidate message integrity, violate the trust model, or destroy accountability."	Who is the caretaker? Can this be independently verified?

Requirements

General

Web service security is only credible if it can be verified and tested - and any breaches detected.

The architecture should also provide some basis for diagnosing any breach of security - how did this intruder get in, how did this information leak out - and planning appropriate corrective/preventative action.

WS-Privacy

The general requirement on privacy is to define the ownership of information and knowledge (including commercial, industrial and intellectual property), and to constrain its storage, use and propagation.

While a web service may require some information to perform its proper function, companies will be reluctant to send commercially sensitive or valuable data to a third party web service without some guarantees that these data will be safeguarded and not abused. In some cases, use of information is permitted -- but only in anonymous or statistical form.

Special cases include digital rights management and escrow. For example, a web service may perform some work on a document or software artefact, and may therefore require special provision to penetrate any copy-protection attached to the artefact, or to access the source code.

Web Service Security - Links

veryard projects > security > ws-security > links

Security in a Web Services World: A Proposed Architecture and Roadmap (Joint White Paper from IBM and Microsoft, April 2002) [@IBM] [@Microsoft]

veryard projects - innovation for demanding change

[top]

[home page]

[contact us]

in asssociation with