XML, Extensible Security Markups

Hilarie Orman

PurpleStreak Development

Tolga AcarNovell, Inc.

SOAP and Security

XML, Extensible Markup and Much More

• Like HTML, a tagged data language– <NAME>Hilarie Orman</NAME>– Strictly parsed into a tree

• Brought to you by the W3C• Widely used for database/Web page

interactions• Extensibility means it can do just about

anything• Including digital signatures, encryption, etc.

XML Security Overview

• Any “part” of an XML document can be signed with a digital signature

• Any “part” can be encrypted

• All the information that a recipient (or third party) needs is encoded in XML

XML: Extra Massive Luggage

• A set of inter-related documents

• XML Documents

• Data types: DTD’s and Schema

• Xpath, a language for XML trees

• Xpointers, for referencing XML parts

• Transformations: XSLT and XSL; CSS

• and XML security schema

XML and Security in the News(Infoworld, Oct. 14)

Addressing corporate security concerns, Kontiki this week announced the integration of its DMS with VeriSign's new Access Management System for user authentication, authorization, and management.

Achieved through an XML network connector coupled with Web services standards including SOAP, the integration provides encryption for digital video and documents after they arrive on a PC desktop.

Academics Notice XML• Journal of the ACM (a small computer

professionals society)• May 20002• “On XML Integrity Constraints in the

Presence of DTDs”• W. Fan and L. Libkin• Factoid: there are DTD’s for which there is

no finite XML document instance

Understanding XML Mechanisms

• Three interrelated topics:– XML representation – Representing signatures, keys, the crypto

methods, etc.– XML document structure– and …– What XML security accomplishes

• We’ll proceed in reverse order

Encryption, the Confidentiality Mechanism

• Key encrypts data, produces random-looking data - ciphertext

• Unique key decrypts ciphertext, produces data

This is data whichmust be kept from

prying eyes

7aY28afWeoH7YHJ8798UJJH3TYGjhhgu6

76ytGby6tLfT56red1er

Algorithmand key

Inversealgorithmand key

Authentication, Signatures

• Data may not be secret, but the sender is very important

This is data which isimportant only if it

comes from someonewho is important

This is data which isimportant only if it

comes from someonewho is important

Signature of I.M. Important

is9sad082fcBEs3re0dHf

Algorithmand public key

Usage ExampleDescription ofservices, amountdue, data Signed by J. Contractor

Payment authorization Check signed by CFO signed by J. Contractor

BankAccount No Pay to J. Contractor Amount

Signed by Treasurer

Related Standards

• S/MIME. Secure message formats– Very similar to XML security, but not

extensible, less flexible

• SSL, TLS protocols– These don’t have digital signatures– Data protection is only during transit– XML documents can be stored, processed later

Signatures and Hashes

• A document can be very long

• Public key algorithms take a long time to encrypt one “block” of data– 1K bits, about 1 millisecond

• Reduce document to a single block using a one-way hash function

• Sign the hash

• It’s easy to verify that “binary string” = Hash(doc)

What Does an XML Sig Sign?• A Signature Value is the result of applying the

Signature Method to the SignedInfo data item• The SignedInfo contains one or more

References• A Reference tells you how to find the stuff to

sign and what its DigestValue is• If the DigestValue doesn’t match the data, the

signature doesn’t mean anything!

XML Security Syntax• http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/

xmldsig-core-schema.xsd• Namespace www.w3.org/2001/09/xmldsig#

• Signature contains this stuff:– Signed Info

• Canonicalization Method, Signature Method, References– Signature Value (base64binary)– Key Info (optional)

• Name, value, retrieval method, X509Data, etc.– Object (optional)

• ID, Mime type, Data

XML Document

Sign Anything, Here or There

XML SignatureSigned Info

ObjectSigned Data

Reference

Reference

XML Document

Reference

Processing Flow For a ReferenceXML Document

Select anode set

Canonicalize

Digest(Hash)

Integer Value

Sig Valuebase64binary

Sign

Create XML SignedInfo

A Reference<Reference URI=…>

<DigestMethodAlgorithm=MD5>

<transforms><transform Algorithm=base64>

<DigestValue>H7s2L9FF3x71mO87ZaIw3</DigestValue>

URI can beto the wholedocument,a pointer toan ID,a URL,or omitted!

Selecting Parts, XPath• NB, it’s optional

• A regular expression language for trees

• Lets you select a set of node by reference and refer to them as a single object

• Ancestor relations

• Predicates

• String matching (all nodes with ID beginning with “mydigitalsignature”)

The Manifest (optional feature)

• Like a table of contents for SignedInfo

• There are no Objects, only References– References include digests (one-way hashes)

• By signing the manifest you sign the digests of the References

• If the digests don’t match the data, application can decide to selectively reject items

Namespaces

• A namespace disambiguiates label names

• “telephone_number” might be in many schema

• somenamespace:telephone_number helps with parsing

• namespace declarations in XML docs establish nested scopes

• should a signature include all the namespace scopes above it?

Canonicalization:A Pitfall for XML

• Serialize and Encode the Data

• It’s why MIME uses BASE64– protects the data from other protocols– removes ambiguities about end of line, tab, etc.

• XML has two special case complications– namespaces, to include or not to include?– Schema can change lexigraphic properties

• String termination, tag delimiters• Must have full parse tree and node delimiters!

Key Management:A Man’s Reach Must Exceed His Grasp

• Slow road to standardization, XKMS• Key retrieval, key information, signature validation,

key registration– XML encoding, query/response protocol uses SOAP

• X-KISS, the information service– hides X.509v3 complexity, bridges directory services,

handles revocation, understands trust chains

• X-KRSS, the key registration service– for storing new keys and their information

Other Topics• ETSI, Advanced XML Signatures• Encryption and Algorithm Details• Access Control, P3P Privacy, Digital Rights

Management• Applications (e.g., SOAP)• SDK’s

– RSA, Inc. (?), Dot-Net

• Books– XML Security (RSA), Secure XML (Eastlake & Niles), Advanced

SOAP for Web Development (Livingston)

Conclusion• XML, a rich set of tools• (Maybe too rich)• Security for XML documents can be defined

using XML • Can protect documents in transit or in storage• Reusable• On to SOAP, an XML application