ws federation developer introduction maryann hondo tony nadalin security architect chris kaler...

WS FederationWS FederationDeveloper IntroductionDeveloper Introduction

Maryann HondoMaryann HondoTony NadalinTony NadalinSecurity ArchitectSecurity Architect

Chris KalerChris KalerSecurity ArchitectSecurity Architect

AgendaAgenda

Web Services OverviewWeb Services OverviewWeb Services 101Web Services 101

Security RoadmapSecurity Roadmap

Federation OverviewFederation Overview

Example ScenarioExample Scenario

Specification SummarySpecification Summary

Federation DrilldownFederation Drilldown

The Evolution to Web The Evolution to Web ServicesServices

Business BenefitBusiness Benefit

Pre-1990sCustom, staticCustom, staticB2B IntegrationB2B IntegrationCustom, staticCustom, staticB2B IntegrationB2B Integration

Early 1990sApplication integration

technologies appearApplication integration

technologies appear

Late 1990sWeb technologies appear

e.g. HTTP, HTML, XMLWeb technologies appear

e.g. HTTP, HTML, XML

2000+Web application

technology = Web services

Web application technology = Web services

Your CompanyYour CompanyREQUEST

REQUESTREPLY

REPLY

Web Services OverviewWeb Services Overview

UDDI ServerUDDI Server

UDDI Server can UDDI Server can be used to locate be used to locate

available Web available Web servicesservices

WSDL WSDL describes describes

the the Web serviceWeb service

WS

DL

WS

DL

XMLXML


XMLXML

Your CompanyYour Company Internal SystemsInternal Systems

PartnersPartners CustomersCustomers

SOAPSOAPSOAPSOAPSOAPSOAP

Web Services OverviewWeb Services OverviewWhat Has What Has

Been Missing?Been Missing?

SecuritySecurity

Reliable MessagingReliable Messaging

TransactionsTransactions

Your CompanyYour Company

PolicyPolicy

Web Services TodayWeb Services TodayWeb services is currently Web services is currently an early majority marketan early majority market

Many successful deploymentsMany successful deployments

A 1A 1stst or 2 or 2ndnd focus for CIOs and focus for CIOs and architectsarchitects

Web services add Web services add immediate value to a broad immediate value to a broad range of scenariosrange of scenarios

Base infrastructure – SOAP Base infrastructure – SOAP and WSDL – have broad and WSDL – have broad adoption and tool adoption and tool integrationintegration

Great progress toward Great progress toward enabling security, enabling security, reliability, and transactionsreliability, and transactions

6%

15%

24%

33%

33%

70%

Other

ERP

B-to-C eCommerce

CRM

Supply Chain

B-to-B eCommerce

"In what areas will web services be most effective for your company?"

InfoWorld CTO Survey

"Web services development projects are at the top of the list of company priorities and one of the last budgets to be raided when budget cuts are made." - Gartner survey of 111 North American Companies

Real World Web Services Real World Web Services Connecting EverythingConnecting Everything

BusinessNetworks

PersonalNetworks

SocialNetworks

Value ChainNetworks

CustomerRelationship

Networks

ScientificNetworks

GovernmentNetworks

Purchasing

Fulfillment

HR

Web ServicesWeb Services

Provides a general-purpose, Provides a general-purpose, composable protocol frameworkcomposable protocol framework

Enables Service-Oriented Architecture Enables Service-Oriented Architecture (SOA)-based application development(SOA)-based application development

Provides flexibility through metadata-Provides flexibility through metadata-driven description and policydriven description and policy

Provides security with a capabilities-Provides security with a capabilities-based security modelbased security model

Web Services ProcessWeb Services Process

Developed in a process of partnerships Developed in a process of partnerships and open public workshopsand open public workshops

Specification workshopsSpecification workshops

Interoperability workshopsInteroperability workshops

Culminates in royalty-free specifications Culminates in royalty-free specifications

Secure, Reliable, TransactedSecure, Reliable, TransactedWeb Services Web Services

Service Composition

ComposableService

Assurances

Description

Messaging

Transports

BPEL4WS

Security

XSD, WSDL, UDDI, Policy, MetadataExchange

XML, SOAP, Addressing

HTTP, HTTPS, SMTP

ReliableMessaging

Transactions

From joint IBM/MSFT WS Whitepaper at From joint IBM/MSFT WS Whitepaper at http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnwebsrv/html/wsoverview.asp

http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnwebsrv/html/wsoverview.asp

Importance of CompositionImportance of Composition

Everything works in combinationEverything works in combinationEx: Transaction context works over a reliable Ex: Transaction context works over a reliable connection connection

Ex: Participants use WS-Security to secure Ex: Participants use WS-Security to secure transactions (for all types participants)transactions (for all types participants)

Not "reinventing the wheel" for every stackNot "reinventing the wheel" for every stackCode reuse, lower costs, faster time to marketCode reuse, lower costs, faster time to market

Ex: all resources named using WS-AddressingEx: all resources named using WS-Addressing

The overall system is more stableThe overall system is more stableChanges don't percolate up the stackChanges don't percolate up the stack

Ex: By using WS-Security, Federation supports Ex: By using WS-Security, Federation supports all tokens, all tokens, including future onesincluding future ones

Composable HeadersComposable Headers

Addressing

<S:Envelope … > <S:Header> <wsa:ReplyTo> <wsa:Address>http://business456.com/User12</wsa:Address> </wsa:ReplyTo> <wsa:To>http://fabrikam123.com/Traffic</wsa:To> <wsa:Action>http://fabrikam123.com/Traffic/Status</wsa:Action> <wssec:Security> <wssec:BinarySecurityToken ValueType="wssec:X509v3" EncodingType=“wssec:Base64Binary"> dWJzY3JpYmVyLVBlc…..eFw0wMTEwMTAwMD </wssec:BinarySecurityToken> </wssec:Security> <wsrm:Sequence> <wsu:Identifier>http://fabrikam123.com/seq1234</wsu:Identifier> <wsrm:MessageNumber>10</wsrm:MessageNumber> </wsrm:Sequence> </S:Header> <S:Body> <app:TrafficStatus xmlns:app="http://highwaymon.org/payloads"> <road>520W</road><speed>3MPH</speed> </app:TrafficStatus> </S:Body></S:Envelope>

Security

Reliability

Web Service Security RequirementsWeb Service Security Requirements

InteroperableInteroperablePeople, systems, applications, and servicesPeople, systems, applications, and services

Seamlessly with reliable messaging and Seamlessly with reliable messaging and transactionstransactions

Heterogeneous environmentsHeterogeneous environments

Information/processes flow across Information/processes flow across application networksapplication networks

Autonomous SecurityAutonomous SecurityIndividual services must be autonomousIndividual services must be autonomous

Operate with intermittent connectivityOperate with intermittent connectivity


Dynamic SecurityDynamic SecurityAssume change Assume change

Evolving set of participantsEvolving set of participants

Mobile clients and serversMobile clients and servers

Decentralized SecurityDecentralized SecurityNot owned/operated by a single entityNot owned/operated by a single entity

Reflect political, social, economic forcesReflect political, social, economic forces

Arbitrary network topologyArbitrary network topology

Support existing business models, not force Support existing business models, not force them to changethem to change


Internet-Ready SecurityInternet-Ready SecurityReach, scale, and capabilities to mirror the Reach, scale, and capabilities to mirror the today's Internet-based worldtoday's Internet-based world

The Security ModelThe Security Model

Capabilities-BasedCapabilities-BasedWS-Security provides mechanisms to associate WS-Security provides mechanisms to associate security tokens with messagessecurity tokens with messages

Identity mapping and user attributes support ACL-Identity mapping and user attributes support ACL-based modelsbased models

Policy-DrivenPolicy-DrivenWS-Policy enables services to describe required WS-Policy enables services to describe required claims (and more - described next)claims (and more - described next)

DecentralizedDecentralizedWS-Trust enables anyone to become a trust broker; WS-Trust enables anyone to become a trust broker; e.g. provide identity or group membershipe.g. provide identity or group membership

End-to-end security, don’t assume point-to-point, End-to-end security, don’t assume point-to-point, don’t assume back-channelsdon’t assume back-channels

Metadata/Capability-Driven FederationMetadata/Capability-Driven Federation

AccessPolicy

FederationPolicy

Identity Service

Pseudonym and Attribute Service

Security Token Service(Access Control Service provides Permission Tokens)

Target Service

Management

AccessAll

Areas

K.A. JaleCorporation

Kat Alexandra

Management

AccessAll

Areas

K.A. JaleCorporation

Kat Alexandra

WS-Security RoadmapWS-Security Roadmap

SecuritySecurity

SecuritySecurityPolicyPolicy

SecureSecureConversationConversation

TrustTrust

FederationFederation

PrivacyPrivacy

AuthorizationAuthorization

SOAP MessagingSOAP Messaging

WS-FederationWS-FederationAnnounced by BEA, IBM, Microsoft, RSA, and VeriSignAnnounced by BEA, IBM, Microsoft, RSA, and VeriSign

WS-Federation WS-Federation (Web Services Federation Language)(Web Services Federation Language)

Enables security realms to federateEnables security realms to federate

Enhances policy to enable federation of related servicesEnhances policy to enable federation of related services

Describes federation messagesDescribes federation messages

Describes federated Attribute and Pseudonym service relationships Describes federated Attribute and Pseudonym service relationships

WS-Federation: Passive Requestor ProfileWS-Federation: Passive Requestor Profile

Uses the cross trust realm identity, authentication and authorization Uses the cross trust realm identity, authentication and authorization federation mechanisms in WS-Federation to support passive federation mechanisms in WS-Federation to support passive requestors, such as Web browsersrequestors, such as Web browsers

WS-Federation: Active (Smart) Requestor ProfileWS-Federation: Active (Smart) Requestor Profile

Uses the cross trust realm identity, authentication and authorization Uses the cross trust realm identity, authentication and authorization federation mechanisms in WS-Federation to support active requestors, federation mechanisms in WS-Federation to support active requestors, such as SOAP-enabled applicationssuch as SOAP-enabled applications

SummarySummary

WS Industry PartnershipWS Industry PartnershipDefining a complete, general-purpose, composable Defining a complete, general-purpose, composable web services architectureweb services architecture

Rich, metadata-driven, capabilities-based security modelRich, metadata-driven, capabilities-based security model

WS-FederationWS-FederationFactored, composable building blocks to enable the Factored, composable building blocks to enable the broadest range of federated security scenariosbroadest range of federated security scenarios

Easy to integrate with existing and future identity systemsEasy to integrate with existing and future identity systems

Support by all the major application server vendorsSupport by all the major application server vendors

ComposabilityComposabilityApplication integrationApplication integration

Time-to-marketTime-to-market

Cost-savingsCost-savings

Future-proofing your architecturesFuture-proofing your architectures

AgendaAgenda


Example ScenarioExample ScenarioScenario OverviewScenario Overview

Specification UsageSpecification Usage



Example TopologyExample Topology

Identity ProviderIdentity Provider Authorization Authorization ServiceService Identity ProviderIdentity Provider

HeatherHeather

Order ServiceOrder Service

Warehouse 1Warehouse 1

Warehouse Warehouse ServiceService


CoordinatorCoordinator

Transaction Transaction CoordinatorCoordinator


StorageStorage

StorageStorage

DealerDealer

ManufacturingManufacturing WarehouseWarehouseRoamingRoaming SupplierSupplier

TonyTony

Inventory Inventory ServiceService

Example ScenarioExample ScenarioBrowser Client Ordering Parts for DealerBrowser Client Ordering Parts for Dealer

Heather Heather Logs InLogs In

Manufacturer Trusts DealerManufacturer Trusts Dealer

TechnologiesTechnologies

SecuritySecurity


Heather Logs OutHeather Logs Out

Tony Tony Logs InLogs In

Example ScenarioExample ScenarioRoaming Smart Client – Vendor Managed InventoryRoaming Smart Client – Vendor Managed Inventory

Identity Flows To ManufacturerIdentity Flows To Manufacturer


SecuritySecurity


WarehouseWarehouse

Places Places OrderOrder

Example ScenarioExample ScenarioRoaming Smart Client – Vendor Managed InventoryRoaming Smart Client – Vendor Managed Inventory

Se

cure

, Rel

iab

le

Se

cure

, Rel

iab

le

Tra

ns

ac

ted

Tra

ns

ac

ted


SecuritySecurity

ReliabilityReliability


Secure, ReliableSecure, Reliable

Selected Message FlowsSelected Message Flows

Heather logs inHeather logs in

Heather logs outHeather logs out

Tony logs inTony logs in

Back-end system processes orderBack-end system processes order

Heather – Example Login Heather – Example Login


HeatherHeather








StorageStorage

StorageStorage

DealerDealer


TonyTony

Inventory Inventory ServiceService11

22

33

44

Heather – Example Logout Heather – Example Logout


HeatherHeather








StorageStorage

StorageStorage

DealerDealer


TonyTony


44

11

22

33

Tony – Example LoginTony – Example Login


HeatherHeather








StorageStorage

StorageStorage

DealerDealer


TonyTony


11

22

Assumes policies are known/cachedAssumes policies are known/cached

Backend ProcessingBackend Processing


HeatherHeather








StorageStorage

StorageStorage

DealerDealer


TonyTony


11

22 33 44

55

55

Specification UsageSpecification Usage

MessagingMessagingSOAPSOAP

DescriptionDescriptionWSDLWSDL

SecuritySecurityWS-SecurityWS-Security

WS-SecureConversationWS-SecureConversation

Reliable MessagingReliable MessagingWS-ReliableMessagingWS-ReliableMessaging

TransactionsTransactionsWS-AtomicTransactionsWS-AtomicTransactions

WS-AddressingWS-Addressing

WS-Policy*WS-Policy*

WS-TrustWS-Trust

WS-FederationWS-Federation

MessagingMessaging

WS-AddressingWS-AddressingUsed to address messages to appropriate Used to address messages to appropriate recipients and provide reply semanticsrecipients and provide reply semantics

Policy FrameworkPolicy Framework

WS-PolicyWS-PolicySpecifies the requirements of each Specifies the requirements of each serviceservice

WS-PolicyAttachmentWS-PolicyAttachmentSome services use WSDLSome services use WSDL

Some have separate policy attachmentsSome have separate policy attachments

WS-PolicyAssertionsWS-PolicyAssertionsUsed to describe basic characteristicsUsed to describe basic characteristics

SecuritySecurity

WS-SecurityWS-SecurityUsed to secure messages, different tokens usedUsed to secure messages, different tokens used

WS-SecurityPolicyWS-SecurityPolicySpecifies security requirementsSpecifies security requirements

WS-TrustWS-TrustUsed to obtain identity and access tokensUsed to obtain identity and access tokens

WS-SecureConversationWS-SecureConversationUsed to create sessions for common Used to create sessions for common communication pathscommunication paths

WS-FederationWS-FederationUsed to broker identities across trust boundariesUsed to broker identities across trust boundaries


WS-ReliableMessagingWS-ReliableMessagingUsed to ensure in-order delivery of Used to ensure in-order delivery of messagesmessages


WS-AtomicTransactionWS-AtomicTransactionUsed to ensure warehouses update Used to ensure warehouses update inventories in a consistent wayinventories in a consistent way

SummarySummary

Complete solution for interoperable Complete solution for interoperable secure, reliable, transacted servicessecure, reliable, transacted services

Enables single sign-onEnables single sign-on

Supports browsers and smart clientsSupports browsers and smart clients

Works with existing infrastructureWorks with existing infrastructure

Integrated into products from the Integrated into products from the leading system, application, & security leading system, application, & security vendorsvendors

Increases business flexibility and Increases business flexibility and reduces riskreduces risk

AgendaAgenda



Specification SummarySpecification SummaryOverviewOverview

DrilldownDrilldown


Secure, Reliable, TransactedSecure, Reliable, TransactedWeb Services Web Services

Service Composition

ComposableService

Assurances

Description

Messaging

Transports

BPEL4WS

Security

XSD, WSDL, UDDI, Policy, MetadataExchange

XML, SOAP, Addressing

HTTP, HTTP, SMTP

ReliableMessaging

Transactions

From joint IBM/MSFT WS Whitepaper at From joint IBM/MSFT WS Whitepaper at http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnwebsrv/html/wsoverview.asp

http://msdn.microsoft.com/webservices/default.aspx?pull=/library/en-us/dnwebsrv/html/wsoverview.asp

WS-* Specifications TimelineWS-* Specifications Timeline

December2002

WS-Security

WS-Transaction

WS-PolicyAssertions

WS-Coordination

WS-Policy

WS-PolicyAttachment

WS-Trust

WS-SecureConversation

WS-SecurityPolicy

August2002

April2002

June2002

March2003

SecurityRoadmap

WS-ReliableMessaging

WS-Addressing

ReliableMessageRoadmap

June2003

WS-PolicyAssertions

v1.1

WS-Policyv1.1

WS-PolicyAttachment

v1.1

April2003

July2003

WS-Federation

September2003

OASISWS-SecurityV1 Last Call

WS-AtomicTx

WS-Coordination

MessagingMessaging


AddressingAddressing


Describes transport-neutral Describes transport-neutral mechanisms to address Web Services mechanisms to address Web Services and messagesand messages

Identification of Web Service end Identification of Web Service end pointspoints

End point reference: URI + application-End point reference: URI + application-specific informationspecific information

End-to-end identification in messagesEnd-to-end identification in messages


To: …ReplyTo: …

To: …

Policy FrameworkPolicy Framework

PolicyPolicy

PolicyPolicyAttachmentAttachment

PolicyPolicyAssertionsAssertions

WSDLWSDL

WS-PolicyWS-Policy

Flexible and extensible grammar for Flexible and extensible grammar for Web Services to communicate Web Services to communicate requirements, preferences and requirements, preferences and capabilitiescapabilities

Declarative and conditional assertionsDeclarative and conditional assertionsAuthentication schemeAuthentication scheme

Transport protocolTransport protocol

Security policySecurity policy

QoS characteristicsQoS characteristics

……

WS-PolicyWS-Policy

Policy assertions have usage attributesPolicy assertions have usage attributesRequired, Rejected, Optional, Observed, IgnoredRequired, Rejected, Optional, Observed, Ignored

Policy operatorsPolicy operatorsAll - all of its child elements are satisfied All - all of its child elements are satisfied

ExactlyOnce - exactly one of its child elements is ExactlyOnce - exactly one of its child elements is satisfied satisfied

OneOrMore - at least one of its child elements is OneOrMore - at least one of its child elements is satisfied satisfied

PolicyReference element for inclusionPolicyReference element for inclusion

WS-PolicyAssertionsWS-PolicyAssertions

Describes general policy assertions Describes general policy assertions that can be affiliated with a messagethat can be affiliated with a message

TextEncoding assertionTextEncoding assertion

Language assertionLanguage assertion

SpecVersion assertionSpecVersion assertion

MessagePredicate assertionMessagePredicate assertion

Supported by both the Web Service or Supported by both the Web Service or by the clientby the client

WS-PolicyAttachmentWS-PolicyAttachment

Provides a standard mechanism for Provides a standard mechanism for attaching the requirement and attaching the requirement and capability statements to Web Servicescapability statements to Web Services

How to associate policies with specific How to associate policies with specific instances of WSDL servicesinstances of WSDL services

How to reference policies from WSDL How to reference policies from WSDL definitionsdefinitions

How to associate policies with UDDI How to associate policies with UDDI entitiesentities

WS-PolicyAttachmentWS-PolicyAttachment

WS

DL

+P

olic

yW

SD

L+

Po

licy

Po

licy

Po

licy

UD

DI

UD

DI

Po

licy

Po

licy

1133

22

WS

DL

+P

olic

yW

SD

L+

Po

licy

22

SecuritySecurity

SecuritySecurity

SecuritySecurityPolicyPolicy

SecureSecureConversationConversation

TrustTrust


PrivacyPrivacy

AuthorizationAuthorization


WS-SecurityWS-Security

Defines a framework for building Defines a framework for building security protocolssecurity protocols

IntegrityIntegrity

ConfidentialityConfidentiality

Propagation of security tokensPropagation of security tokens

Framework designed for end-to-end Framework designed for end-to-end security of SOAP messagessecurity of SOAP messages

From initial sender, through 0-n From initial sender, through 0-n intermediaries to ultimate receiverintermediaries to ultimate receiver


Leverages existing XML security specsLeverages existing XML security specsXMLDSIG for integrityXMLDSIG for integrity

XMLENC for confidentialityXMLENC for confidentiality

Provides constructs for transmitting Provides constructs for transmitting security tokenssecurity tokens

Supports XML and binary tokensSupports XML and binary tokens

What are Security Tokens?What are Security Tokens?

Examples include Examples include Username tokenUsername token

X509 CertificateX509 Certificate

Kerberos ticketKerberos ticket

XrML licenseXrML license

SAML assertionSAML assertion

Represent claims about Represent claims about IdentityIdentity

CapabilitiesCapabilities

PrivilegesPrivileges

Security Token ExampleSecurity Token Example

Message claims to be from AliceMessage claims to be from AliceSpecified using Alice's X509 certificateSpecified using Alice's X509 certificate

Proof is based on Alice's private keyProof is based on Alice's private keySigning part of the message with her Signing part of the message with her private key proves that she knows the key private key proves that she knows the key and is therefore Aliceand is therefore Alice

Specifically, that the signed parts are from Specifically, that the signed parts are from AliceAlice


OASIS Web Services Security TCOASIS Web Services Security TC

V1 Candidate DocumentsV1 Candidate DocumentsSOAP Message SecuritySOAP Message Security

Username Token ProfileUsername Token Profile

X.509 Token ProfileX.509 Token Profile

Other active draftsOther active draftsSAML Token ProfileSAML Token Profile

XrML Token ProfileXrML Token Profile

Kerberos Token ProfileKerberos Token Profile

Minimal Message ProfileMinimal Message Profile

Protecting MessagesProtecting Messages

Parts of a message can beParts of a message can besigned for integritysigned for integrityencrypted for confidentialityencrypted for confidentiality

Underlying technologies extensibleUnderlying technologies extensibleEncryptionEncryptionDigestDigestSignatureSignatureCanonicalizationCanonicalizationTransformsTransforms


SenderSender ReceiverReceiverIntermediaryIntermediary IntermediaryIntermediary

……

WS-TrustWS-Trust

Defines how to broker trust Defines how to broker trust relationshipsrelationships

Some trust relationship has to exist Some trust relationship has to exist a a prioripriori

Defines how to exchange security Defines how to exchange security tokenstokens

Defined as an interface specification Defined as an interface specification for a Security Token Servicefor a Security Token Service

Anyone can issue tokens (be a Anyone can issue tokens (be a Security Token Service)Security Token Service)

Getting TokensGetting Tokens

A RequestSecurityToken message is A RequestSecurityToken message is sent to the trust servicesent to the trust service

It responds with a It responds with a RequestSecurityTokenResponseRequestSecurityTokenResponse

Contains required security token and Contains required security token and associated details (e.g. proof)associated details (e.g. proof)

ExampleExample

I want to have secure communication I want to have secure communication with youwith you

I ask the trust service for a token to I ask the trust service for a token to allow me to talk to youallow me to talk to you

The trust service sends two copies of a The trust service sends two copies of a secret keysecret key

One encrypted for me (proof token)One encrypted for me (proof token)

One encrypted for you (requested token)One encrypted for you (requested token)

ExampleExample

11U/P

T1

P1

TrustTrust

22 T2

P2

T1

33T2

Tru

st

Tru

st

T#

P#

Security TokenSecurity TokenProof tokenProof token

ChallengesChallenges

Request TokenRequest Token

Issue ChallengeIssue Challenge

Respond to ChallengeRespond to Challenge

Issue TokenIssue Token

Other Token CharacteristicsOther Token Characteristics

Requester can specify various required Requester can specify various required characteristics of the security tokencharacteristics of the security token

Key type, sizeKey type, size

Delegation constraintsDelegation constraints

……

Trust service can then indicate those Trust service can then indicate those characteristics in the responsecharacteristics in the response

May indicate anything it thinks importantMay indicate anything it thinks important


WS-Security provides for single WS-Security provides for single message securitymessage security

Nodes will often want to exchange Nodes will often want to exchange more than one messagemore than one message

Specifying new symmetric keys for each Specifying new symmetric keys for each message is tedious, verbose, and message is tedious, verbose, and inefficientinefficient

WS-SecureConversation defines WS-SecureConversation defines mechanisms to address thismechanisms to address this


Participants establish a shared contextParticipants establish a shared contextContext contains keys/secrets and other Context contains keys/secrets and other informationinformation

Can be stateless (state embedded in Can be stateless (state embedded in security context token)security context token)

Context established multiple waysContext established multiple waysUsing token exchangeUsing token exchange

Having one party create the contextHaving one party create the context

Through negotiationThrough negotiation

Persisted ContextPersisted Context

SCT

Farm ContextFarm Context

SCT

Derived KeysDerived Keys

Exchanging keys and re-using them Exchanging keys and re-using them has security vulnerabilitieshas security vulnerabilities

Degree of randomness not known to both Degree of randomness not known to both partiesparties

Keys used for extended period and/or Keys used for extended period and/or datadata

More secure to exchange a secret and More secure to exchange a secret and derive keys from itderive keys from it


Spec defines derived keys usageSpec defines derived keys usageAllows multiple keys to be derived from Allows multiple keys to be derived from combination of initial secret, nonces and combination of initial secret, nonces and labels over timelabels over time

Using derived key tokensUsing derived key tokensReferences secret (e.g. security context References secret (e.g. security context token which implies a target)token which implies a target)

Recommended to generate nonces for Recommended to generate nonces for each messageeach message


SCT

DK1 DK2

WS-SecurityPolicyWS-SecurityPolicy

A set of policy assertions related to A set of policy assertions related to concepts defined by other WS-Sec* concepts defined by other WS-Sec* specsspecs

Allows participants to specifyAllows participants to specifyToken typesToken types

Whether integrity and/or confidentiality Whether integrity and/or confidentiality are requiredare required

Algorithms for the aboveAlgorithms for the above

Which message parts need Which message parts need signing/encryptingsigning/encrypting

WS-FederationWS-Federation

““Single Sign-On” access across trust Single Sign-On” access across trust domains using identities from the domains using identities from the different domainsdifferent domainsWS-Federation defines a model for this WS-Federation defines a model for this building on the WS-* security building on the WS-* security specifications:specifications:

Model for trustModel for trustSign out messagesSign out messagesAttribute serviceAttribute servicePseudonym servicePseudonym service

One Protocol, Multiple BindingsOne Protocol, Multiple Bindings

Common protocol (WS-Trust)Common protocol (WS-Trust)

Two “profiles” of the model are definedTwo “profiles” of the model are definedSmart/Active clients (SOAP)Smart/Active clients (SOAP)

Passive clients (Browser – HTTP/S)Passive clients (Browser – HTTP/S)

Supporting services (Supporting services (attribute/pseudonym/…attribute/pseudonym/…))

SecuritySecurityTokenToken

ServiceService

HTTPHTTPReceiverReceiver

HTTP messagesHTTP messages

SOAP messagesSOAP messages

SOAPSOAPReceiverReceiver

Trust TopologiesTrust Topologies

Federation approach must address different Federation approach must address different trust topologiestrust topologies

Model existing business practicesModel existing business practicesLeverage existing infrastructureLeverage existing infrastructure

Sample topologiesSample topologiesDirect trustDirect trust

ExchangeExchangeValidationValidation

Indirect trustIndirect trustDelegationDelegation

Direct TrustDirect TrustToken ExchangeToken Exchange

TrustTrust

Get identityGet identitytokentoken

Get accessGet accesstokentoken11

33

22 Tru

st

Tru

st

Direct TrustDirect TrustToken ValidationToken Validation

TrustTrust

Get identityGet identitytokentoken

Get accessGet accessverificationverification

11

22

33

Tru

st

Tru

st

Indirect TrustIndirect Trust

Trust

TrustTrust

Trust

C trusts B which vouches for A who vouches for clientC trusts B which vouches for A who vouches for client

11

22

Tru

st

Tru

st

Tru

st

Tru

st

CC

BB

AA

DelegationDelegation

TrustTrust

11

33

22

TrustTrust

55

44

Tru

st

Tru

st

Tru

st

Tru

st

Single Sign-OutSingle Sign-Out

11

22

22

22

……

……

Attribute ServiceAttribute Service

Scenario: You ask a weather service for the Scenario: You ask a weather service for the current weather (or visit a weather site), it current weather (or visit a weather site), it provides personalized response because it provides personalized response because it knows your zip codeknows your zip code

Why it worked: Why it worked: Policy indicated an attribute servicePolicy indicated an attribute service

Identity information was used to find zip codeIdentity information was used to find zip code

Weather service was authorized to access zip Weather service was authorized to access zip codecode

Specification defines the concept of an Specification defines the concept of an attribute service but not a specific interfaceattribute service but not a specific interface

Attribute ScopingAttribute Scoping

Zip: 12309Zip: 12309FN: FredFN: FredID: 3442 ID: 3442 Nick: FreddoNick: FreddoID: FJ454ID: FJ454Nick: FredsterNick: FredsterID: 3-55-34ID: 3-55-34……

Model allows for attributes to be scopedModel allows for attributes to be scoped

(fabrikam123.com)(fabrikam123.com)

(business456.com)(business456.com)

(example.com)(example.com)

Attribute DiscoveryAttribute Discovery

Open design modelOpen design modelAny attribute store can be usedAny attribute store can be used

Integration with legacy systemsIntegration with legacy systems

Discovery via policyDiscovery via policyRequestor’s policy Requestor’s policy attribute service attribute service

Attribute service has its own policyAttribute service has its own policy

Communication governed this policyCommunication governed this policy

UDDI is an example storeUDDI is an example store

Attribute DiscoveryAttribute Discovery

Po

licy

Po

licy

Po

licy

Po

licy

11

33

2244 ““Get FN”Get FN”

Attribute ExampleAttribute Example

TrustTrust

11

33

22 44

TrustTrust

Zip: 12309Zip: 12309FN: FredFN: Fred……

Protecting IdentityProtecting Identity

Single sign-on also needs toSingle sign-on also needs toPrevent collusionPrevent collusion

Provide anonymityProvide anonymity

Other forms of collusion still exist:Other forms of collusion still exist:AddressAddress

Phone numberPhone number

Credit cardCredit card

Social security numberSocial security number

Pseudonym ServicePseudonym Service

This service provides a mechanism for This service provides a mechanism for associating alternate identitiesassociating alternate identities

Pseudonyms represent alternate Pseudonyms represent alternate identitiesidentities

Scoped by a domain expressionScoped by a domain expression

Subject to authorization controlSubject to authorization control

Can be accessed by authorized servicesCan be accessed by authorized services

Can be integrated with IP/STSCan be integrated with IP/STS

Pseudonym DiscoveryPseudonym Discovery

Po

licy

Po

licy

Po

licy

Po

licy

11

33

2244

TrustTrust

““Fred” Fred” “A123”“A123”

““A123” A123” “Freddo”“Freddo”

11

22

33

““A123”A123”

Pseudonym Example 1Pseudonym Example 1

Service sets pseudonym for its domainService sets pseudonym for its domain

TrustTrust

““Fred” Fred” “B456”“B456”

““B456” B456” “Freddo”“Freddo”

11

22

33

““B456”B456”


Service fetches pseudonym for its domainService fetches pseudonym for its domain

Pseudonym/STS IntegrationPseudonym/STS Integration

Pseudonym & STS can work togetherPseudonym & STS can work together

Single physical serviceSingle physical service

Separate but tightly coupled servicesSeparate but tightly coupled services

Scope of request selects pseudonymScope of request selects pseudonym

TokenTokenRequestRequest

TrustTrust

““Fred” Fred” “Freddo”“Freddo”

““Fred” Fred” “Freddo” “Freddo”11

33

““Freddo”Freddo”


Use pseudonyms to obtain initial tokenUse pseudonyms to obtain initial token

22

Federation Discovery RecapFederation Discovery Recap

……

Po

licy

Po

licy

Active (Smart Client) ProfileActive (Smart Client) Profile

Describes options with SOAP clientsDescribes options with SOAP clients

Allows rich cachingAllows rich caching

Varied models based on policyVaried models based on policyBusiness needsBusiness needs

Inter-organizationInter-organization

RegulationsRegulations

Strong authentication of all requestsStrong authentication of all requests

Example Flow (SOAP)Example Flow (SOAP)

RequestingService

Requestor’sIP/STS

TargetService

Target’sIP/STS

Acquire policy

Request token

Return token

Request token

Return token

Send secured request

Return secured response

Passive ProfilePassive Profile

Describes options with browsersDescribes options with browsersPure redirect with GETPure redirect with GET

URL-onlyURL-only

POST bodyPOST body

Uses redirection to effect messagesUses redirection to effect messages

Tunnels WS-Trust messagesTunnels WS-Trust messagesImplicitlyImplicitly

ExplicitlyExplicitly

Allows custom caching mechanismsAllows custom caching mechanisms

Example Flow (Browser)Example Flow (Browser)Requesting

BrowserRequestor’s

IP/STSTarget

ResourceTarget’sIP/STS

Get resource

Detect realm

Redirect to resource’s IP/STS

Redirect to requestor’s IP/STS

Login

Return identity token

Return resource token

Return secured response

Federating SecurityFederating SecuritySummarySummary

Generic token acquisitionGeneric token acquisitionEnables different trust topologiesEnables different trust topologies

Integrates with existing infrastructuresIntegrates with existing infrastructuresBusiness modelBusiness model

Token formatsToken formats

Attribute storesAttribute stores

Directory servicesDirectory services


Identity Protection and PrivacyIdentity Protection and PrivacyVarying levels supportedVarying levels supported

Allows true anonymityAllows true anonymity

Supports multiple privacy languagesSupports multiple privacy languages

Rich privacy optionsRich privacy options

End-to-end, no HTTPS requiredEnd-to-end, no HTTPS required

Public review and participationPublic review and participation

Free to implementFree to implement


Together with the other WS-* Together with the other WS-* specifications, provides a rich fabric specifications, provides a rich fabric for building secure, reliable, transacted for building secure, reliable, transacted systems across federation boundariessystems across federation boundaries

SOAP composability model allows SOAP composability model allows layering of vertical and value-add layering of vertical and value-add applications and protocolsapplications and protocols


SecuritySecurity



PolicyPolicy

WS-ReliableMessagingWS-ReliableMessaging

End-to-end delivery of messages with specific End-to-end delivery of messages with specific quality-of-service characteristics among two partiesquality-of-service characteristics among two parties

Identification of sequences of messagesIdentification of sequences of messages

Specification of delivery assurancesSpecification of delivery assurancesAt most once, Exactly once, and In-order deliveryAt most once, Exactly once, and In-order delivery

From initial sender, through 0-n intermediaries to ultimate From initial sender, through 0-n intermediaries to ultimate receiverreceiver

No restriction on the number of in-flight messagesNo restriction on the number of in-flight messages

Transport-independentTransport-independent

Integrated with WS-* security mechanismsIntegrated with WS-* security mechanisms

WS-ReliableMessagingWS-ReliableMessaging

Send message #1Send message #1



Acknowledge #1-2Acknowledge #1-2

……


1- 4 1-21- 4 1-2

……

1-3 1-21-3 1-2


SecuritySecurity

CoordinationCoordination


PolicyPolicy

Atomic TransactionsAtomic Transactions Business ActivitiesBusiness Activities

WS-CoordinationWS-Coordination

Defines protocols to create an activity Defines protocols to create an activity and to register with an activityand to register with an activity

These operations are the key mechanism These operations are the key mechanism to coordinate activities between Web to coordinate activities between Web ServicesServices

They enable “wiring together” Web They enable “wiring together” Web ServicesServices

Behaviors have URIsBehaviors have URIs

Good for P2P and for coordinated Good for P2P and for coordinated servicesservices

WS-AtomicTransactionWS-AtomicTransaction

The “good old” ACID ones …The “good old” ACID ones …

Completion – initiates commitment Completion – initiates commitment processing beginning with volatile 2PC processing beginning with volatile 2PC and then durable 2PCand then durable 2PC

Two-Phase Commit (2PC)Two-Phase Commit (2PC)Volatile 2PC – participants managing Volatile 2PC – participants managing volatile resources such as a cache should volatile resources such as a cache should register for this oneregister for this one

Durable 2PC – participants managing Durable 2PC – participants managing durable resources such as a DB should durable resources such as a DB should register for this oneregister for this one

WS-BusinessActivitiesWS-BusinessActivities

Based on the open-nested transaction Based on the open-nested transaction model with compensating actionsmodel with compensating actions

Establishes a parent-child agreementEstablishes a parent-child agreementA protocol for coordination agreementA protocol for coordination agreement

Analogous to Robert’s Rules of Order for Analogous to Robert’s Rules of Order for parliamentary procedures but much parliamentary procedures but much simplersimpler

AT/BA only differ in the ability of the AT/BA only differ in the ability of the child to unilaterally know when the child to unilaterally know when the “unit of work” is complete“unit of work” is complete

WS-BusinessActivitiesWS-BusinessActivities

Captures application-level interactionsCaptures application-level interactionsProvides for full encapsulation of Provides for full encapsulation of autonomous activitiesautonomous activities

Get the pesky fiefdoms to work togetherGet the pesky fiefdoms to work together

Supports the possibility that a unit of Supports the possibility that a unit of work is not completed and that a work is not completed and that a “business exception” is to be generated“business exception” is to be generated

Enables uniform failure recoveryEnables uniform failure recovery

Requires that participants record in Requires that participants record in stable store all the agreement stable store all the agreement coordination protocol state transitionscoordination protocol state transitions

SummarySummary

Composable complete solution for Composable complete solution for interoperable secure, reliable, transacted interoperable secure, reliable, transacted servicesservices

General-purposeGeneral-purpose

Works with existing infrastructureWorks with existing infrastructure

Integrated into products from the leading Integrated into products from the leading system, application, & security vendorssystem, application, & security vendors

Enables single sign-onEnables single sign-on

Increases your business flexibility and Increases your business flexibility and reduces your riskreduces your risk

AgendaAgenda




Federation DrilldownFederation DrilldownHow is Federation Accomplished?How is Federation Accomplished?

Sample Flows RevisitedSample Flows Revisited

Demonstration of messagesDemonstration of messages

Scenario Review Scenario Review


HeatherHeather








StorageStorage

StorageStorage

DealerDealer


TonyTony


How is Federation Accomplished?How is Federation Accomplished?TrustTrust

Direct Trusts:Direct Trusts:Manufacturer trusts dealer for identityManufacturer trusts dealer for identity

Manufacturer trusts dealer to assert rightsManufacturer trusts dealer to assert rights

Token ExchangeToken ExchangeManufacturer exchanges dealer tokenManufacturer exchanges dealer token

Brokered TrustBrokered TrustSupplier trusts manufacturer on identifySupplier trusts manufacturer on identify

Warehouse trusts supplier on identifyWarehouse trusts supplier on identify

How is Federation Accomplished?How is Federation Accomplished?MechanismMechanism

Token RequestToken RequestWS-Trust protocol is usedWS-Trust protocol is used

Either SOAP or HTTP bindingEither SOAP or HTTP binding

Can issue, exchange, or authenticate using Can issue, exchange, or authenticate using the same protocolthe same protocol

Independent of any token typeIndependent of any token type

Message SecurityMessage SecurityWS-Security is used to affix/prove tokensWS-Security is used to affix/prove tokens

How is Federation Accomplished?How is Federation Accomplished?CompositionComposition

Security information orthogonalSecurity information orthogonalComposes with TransactionsComposes with Transactions

Composes with Reliable MessagingComposes with Reliable Messaging

Multiple security credentials allowedMultiple security credentials allowedIdentity tokensIdentity tokens

Authorization tokensAuthorization tokens

Attribute tokensAttribute tokens

Etc.Etc.

How is Federation Accomplished?How is Federation Accomplished?Models Business NeedsModels Business Needs

Integrates with existing systemsIntegrates with existing systemsX.509X.509

KerberosKerberos

Username/passwordUsername/password

SAMLSAML

CustomCustom

Etc.Etc.

Flexible format allows different trust Flexible format allows different trust models to mirror business processmodels to mirror business process

Sample Flows RevisitedSample Flows Revisited

Heather logs inHeather logs in

Heather logs outHeather logs out

Tony logs inTony logs in

Back-end system processes orderBack-end system processes order

Heather – Example Login Heather – Example Login


HeatherHeather








StorageStorage

StorageStorage

DealerDealer


TonyTony

Inventory Inventory ServiceService11

22

33

44

Heather – Example LoginHeather – Example Login

Heather accesses dealer portalHeather accesses dealer portal

She is redirected to a login pageShe is redirected to a login page

She enters her information and POSTsShe enters her information and POSTs

A cookie is save with her her IDA cookie is save with her her ID

She is redirected back to the portalShe is redirected back to the portal

The cookie authorizes her to the portalThe cookie authorizes her to the portal


GET /Dealer/portalGET /Dealer/portal

302 302 /Dealer/login /Dealer/login

POST /Dealer/loginPOST /Dealer/login

POST /Dealer/portalPOST /Dealer/portalUses script to generate POSTUses script to generate POST


Heather access the manufacturer siteHeather access the manufacturer site

She has no credentials at the siteShe has no credentials at the site

She is redirected to the authz serverShe is redirected to the authz server

The authz server doesn’t know herThe authz server doesn’t know her

She is redirected to her login siteShe is redirected to her login site

Her ID is returned (e.g. as SAML token)Her ID is returned (e.g. as SAML token)

Authz server saves ID in cookieAuthz server saves ID in cookie

Authz server creates custom tokenAuthz server creates custom token

She is redirected to manufacturer siteShe is redirected to manufacturer site


GET /Manufacturer/portalGET /Manufacturer/portal

302 302 /Manufactuer/authz /Manufactuer/authz

302 302 /Dealer/login /Dealer/loginRedirect could be based on selection, Redirect could be based on selection, policy, source address, etc.policy, source address, etc.

POST /Manufacturer/authzPOST /Manufacturer/authz

POST /Manufacturer/portalPOST /Manufacturer/portal

200 Portal page200 Portal page

Heather – Example Logout Heather – Example Logout


HeatherHeather








StorageStorage

StorageStorage

DealerDealer


TonyTony


44

11

22

33

Heather – Example LogoutHeather – Example Logout

Heather logs out of manufacturer siteHeather logs out of manufacturer siteCleans up state at that manufacturer Cleans up state at that manufacturer portalportal

She is redirected to authz siteShe is redirected to authz siteCleans up state at that authz siteCleans up state at that authz site

May or may not choose to redirect to May or may not choose to redirect to issuing siteissuing site

Cleans up state at delaer login siteCleans up state at delaer login site

Give a “all clear” indicatorGive a “all clear” indicator

Heather – Example LogoutHeather – Example Logout

GET /Manufacturer/logoutGET /Manufacturer/logout

302 302 /Manufacturer/authz/logout /Manufacturer/authz/logout

302 302 /Dealer/logout /Dealer/logout

200 Logout notification200 Logout notification



HeatherHeather








StorageStorage

StorageStorage

DealerDealer


TonyTony


11

22

Assumes policies are known/cachedAssumes policies are known/cached


Tony sends request to identity provider Tony sends request to identity provider at home company for tokenat home company for token

IP returns a ID token (e.g. SAML)IP returns a ID token (e.g. SAML)

Tony presents ID token to Tony presents ID token to authorization service at dealerauthorization service at dealer

Federation trust accepts ID tokenFederation trust accepts ID token

Authorization token is returnedAuthorization token is returned

Authorization token is provided (and Authorization token is provided (and proved) on messages to dealer proved) on messages to dealer servicesservices

Token RequestToken Request<Envelope><Envelope> <Header> <Header> <MessageID>uuid:eda82a93-6c56-4c94-818d-44210f085f2c</MessageID> <MessageID>uuid:eda82a93-6c56-4c94-818d-44210f085f2c</MessageID> <Action>…/RequestSecurityToken</Action> <Action>…/RequestSecurityToken</Action> <From>…</From> <From>…</From> <To>…</To> <To>…</To> <Security> <Security> <Timestamp> <Timestamp> <Created>2003-10-11T00:37:45Z</Created> <Created>2003-10-11T00:37:45Z</Created> </Timestamp> </Timestamp> <SecurityContextToken Id=“sct”>…</SecurityContextToken> <SecurityContextToken Id=“sct”>…</SecurityContextToken> <Signature>…</Signature> <Signature>…</Signature> <UsernameToken Id=“userid”>…</UsernameToken> <UsernameToken Id=“userid”>…</UsernameToken> </Security> </Security> </Header> </Header> <Body> <Body> <RequestSecurityToken><RequestSecurityToken> <TokenType>saml:Assertion</TokenType> <TokenType>saml:Assertion</TokenType> <RequestType>wsse:ReqIssue</RequestType> <RequestType>wsse:ReqIssue</RequestType> <Base><Address URI=“#userid”/></Base> <Base><Address URI=“#userid”/></Base> </RequestSecurityToken> </RequestSecurityToken> </Body></Body></Envelope></Envelope>

Token ResponseToken Response<Envelope><Envelope> <Header> <Header> <MessageID>uuid:drt82a93-6c56-4c94-818d-44310f085f2c</MessageID> <MessageID>uuid:drt82a93-6c56-4c94-818d-44310f085f2c</MessageID> <Action>…/RequestSecurityTokenResponse</Action> <Action>…/RequestSecurityTokenResponse</Action> <From>…</From> <From>…</From> <To>…</To> <To>…</To> <Security> <Security> <Timestamp> <Timestamp> <Created>2003-10-11T00:37:55Z</Created> <Created>2003-10-11T00:37:55Z</Created> </Timestamp> </Timestamp> <SecurityContextToken Id=“sct”>…</SecurityContextToken> <SecurityContextToken Id=“sct”>…</SecurityContextToken> <Signature>…</Signature> <Signature>…</Signature> </Security> </Security> </Header> </Header> <Body> <Body> <RequestSecurityTokenResponse><RequestSecurityTokenResponse> <RequestedSecurityToken> <RequestedSecurityToken> <saml:Assertion>…</saml:Assertion> <saml:Assertion>…</saml:Assertion> </RequestedSecurityToken> </RequestedSecurityToken> <RequestedProofToken>…</RequestedProofToken> <RequestedProofToken>…</RequestedProofToken> </RequestSecurityTokenResponse> </RequestSecurityTokenResponse> </Body></Body></Envelope></Envelope>



HeatherHeather








StorageStorage

StorageStorage

DealerDealer


TonyTony


11

22 33 44

55

55


Tony sends message to manufacturerTony sends message to manufacturerSecured with authorization tokenSecured with authorization token

Manufacturer sends message to supplierManufacturer sends message to supplierSecured with service/context tokenSecured with service/context token

Supplier sends message to warehouseSupplier sends message to warehouseSecured with service/context tokenSecured with service/context tokenUses reliability contextUses reliability context

Warehouse sends messages to storesWarehouse sends messages to storesSecured with service/context tokenSecured with service/context tokenUses reliability contextUses reliability contextUses transaction contextUses transaction context

Initial RequestInitial Request<Envelope><Envelope> <Header> <Header> <MessageID>uuid:eda82a93-6c56-4c94-818d-44210f085f2c</MessageID> <MessageID>uuid:eda82a93-6c56-4c94-818d-44210f085f2c</MessageID> <Action>…/SubmitPO</Action> <Action>…/SubmitPO</Action> <From>…</From> <From>…</From> <To>…</To> <To>…</To> <Security><Security> <Timestamp> <Timestamp> <Created>2003-10-11T00:37:45Z</Created> <Created>2003-10-11T00:37:45Z</Created> </Timestamp> </Timestamp> <saml:Assertion Id=“sct”>…</saml:Assertion> <saml:Assertion Id=“sct”>…</saml:Assertion> <Signature>…</Signature> <Signature>…</Signature> </Security> </Security> </Header> </Header> <Body> <Body> <SubmitPO> …<SubmitPO> <SubmitPO> …<SubmitPO> </Body></Body></Envelope></Envelope>

Manufacturer Manufacturer Supplier Supplier<Envelope><Envelope> <Header> <Header> <MessageID>uuid:qwe95a93-6c56-4c94-818d-44210f085f2c</MessageID> <MessageID>uuid:qwe95a93-6c56-4c94-818d-44210f085f2c</MessageID> <Action>…/SubmitPO</Action> <Action>…/SubmitPO</Action> <From>…</From> <From>…</From> <To>…</To> <To>…</To> <Security> <Security> <Timestamp> <Timestamp> <Created>2003-10-11T00:37:55Z</Created> <Created>2003-10-11T00:37:55Z</Created> </Timestamp> </Timestamp> <BinarySecurityToken Id=“bst”>…</BinarySecurityToken> <BinarySecurityToken Id=“bst”>…</BinarySecurityToken> <Signature>…</Signature> <Signature>…</Signature> </Security> </Security> </Header> </Header> <Body> <Body> <SubmitPO> …<SubmitPO> <SubmitPO> …<SubmitPO> </Body></Body></Envelope></Envelope>

Supplier Supplier Warehouse Warehouse<Envelope><Envelope> <Header> <Header> <MessageID>uuid:trw23a93-6c56-4c94-818d-44210f085f2c</MessageID> <MessageID>uuid:trw23a93-6c56-4c94-818d-44210f085f2c</MessageID> <Action>…/SubmitPO</Action> <Action>…/SubmitPO</Action> <From>…</From> <From>…</From> <To>…</To> <To>…</To> <Sequence><Sequence> <Identifier>uuid:1c6122f0-36c5-457c-9318-d1b01424469d</Identifier> <Identifier>uuid:1c6122f0-36c5-457c-9318-d1b01424469d</Identifier> <MessageNumber>1</MessageNumber> <MessageNumber>1</MessageNumber> </Sequence></Sequence> <Security> <Security> <Timestamp> <Timestamp> <Created>2003-10-11T00:38:05Z</Created> <Created>2003-10-11T00:38:05Z</Created> </Timestamp> </Timestamp> <SecurityContextToken Id=“sct”>…</SecurityContextToken> <SecurityContextToken Id=“sct”>…</SecurityContextToken> <Signature>…</Signature> <Signature>…</Signature> </Security> </Security> </Header> </Header> <Body> <Body> <SubmitPO> …<SubmitPO> <SubmitPO> …<SubmitPO> </Body></Body></Envelope></Envelope>

Warehouse Warehouse Supplier Supplier<Envelope><Envelope> <Header> <Header> <MessageID>uuid:vhs05a93-6c56-4c94-818d-44210f085f2c</MessageID> <MessageID>uuid:vhs05a93-6c56-4c94-818d-44210f085f2c</MessageID> <Action>…rm#SequenceAcknowledgement</Action> <Action>…rm#SequenceAcknowledgement</Action> <From>…</From> <From>…</From> <To>…</To> <To>…</To> <SequenceAcknowledgement> <SequenceAcknowledgement> <Identifier>uuid:24f122f0-36c5-457c-9318-d1b01424469d</Identifier> <Identifier>uuid:24f122f0-36c5-457c-9318-d1b01424469d</Identifier> <AcknowledgementRange Upper="1" Lower="1" /> <AcknowledgementRange Upper="1" Lower="1" /> </SequenceAcknowledgement> </SequenceAcknowledgement> <Security> <Security> <Timestamp> <Timestamp> <Created>2003-10-11T00:38:41Z</Created> <Created>2003-10-11T00:38:41Z</Created> </Timestamp> </Timestamp> <SecurityContextToken Id=“sct”>…</SecurityContextToken> <SecurityContextToken Id=“sct”>…</SecurityContextToken> <Signature>…</Signature> <Signature>…</Signature> </Security> </Security> </Header> </Header> <Body/> <Body/></Envelope></Envelope>

Warehouse Warehouse Stores Stores<Envelope><Envelope> <Header> <Header> <MessageID>uuid:trw23a93-6c56-4c94-818d-44210f085f2c</MessageID> <MessageID>uuid:trw23a93-6c56-4c94-818d-44210f085f2c</MessageID> <Action>…/SubmitPO</Action> <Action>…/SubmitPO</Action> <From>…</From> <From>…</From> <To>…</To> <To>…</To> <CoordinationContextType><CoordinationContextType> <Expires>2003-10-10T17:41:51.4402976-07:00</Expires> <Expires>2003-10-10T17:41:51.4402976-07:00</Expires> <Identifier>uuid:03f09679-77c7-469e-8abd-993304299b76</Identifier> <Identifier>uuid:03f09679-77c7-469e-8abd-993304299b76</Identifier> <CoordinationType>…/wsat</CoordinationType> <CoordinationType>…/wsat</CoordinationType> <RegistrationService>…</RegistrationService> <RegistrationService>…</RegistrationService> <IsolationLevel>Serializable</IsolationLevel> <IsolationLevel>Serializable</IsolationLevel> <Description>R2F0ZXM…</Description> <Description>R2F0ZXM…</Description> <LocalTransactionId>03f09679-77c7-469</LocalTransactionId> <LocalTransactionId>03f09679-77c7-469</LocalTransactionId> </CoordinationContextType> </CoordinationContextType> <Sequence> <Sequence> <Identifier>uuid:7e3122f0-36c5-457c-9318-d1b01424469d</Identifier> <Identifier>uuid:7e3122f0-36c5-457c-9318-d1b01424469d</Identifier> <MessageNumber>1</MessageNumber> <MessageNumber>1</MessageNumber> </Sequence></Sequence>

Warehouse Warehouse Stores Stores <Security><Security> <Timestamp> <Timestamp> <Created>2003-10-11T00:38:05Z</Created> <Created>2003-10-11T00:38:05Z</Created> </Timestamp> </Timestamp> <SecurityContextToken Id=“sct”>…</SecurityContextToken> <SecurityContextToken Id=“sct”>…</SecurityContextToken> <Signature>…</Signature> <Signature>…</Signature> </Security> </Security> </Header> </Header> <Body> <Body> <SubmitPO> …<SubmitPO> <SubmitPO> …<SubmitPO> </Body></Body></Envelope></Envelope>

BackupBackup

WS-CoordinationWS-CoordinationExample of BehaviorsExample of Behaviors

The need is to establish a sessionThe need is to establish a sessionB1: Three leg handshakeB1: Three leg handshake

Hello, ACK of hello, ACK of ACK of helloHello, ACK of hello, ACK of ACK of hello

B2: Fire and forgetB2: Fire and forgetHelloHello

The activity may also have a policy:The activity may also have a policy:If B2 then must use reliable messagingIf B2 then must use reliable messaging

If using unreliable datagram messages If using unreliable datagram messages then must use B1then must use B1

Protocol : 2PCProtocol : 2PC

Active Ended

AbortingRegisterResponse

PreparingPrepare

Figure AT5: 2PC Protocol State Diagram

Prepared CommittingPrepared Committed

Aborted ReadOnlyor

Aborted

Aborted

Commit

Rollback

Rollback

Participant generatedCoordinator generated

Rollback