xml security standards — overview for the non-specialist
DESCRIPTION
XML Security Standards — Overview for the Non-Specialist. Hal Lockhart Office of the CTO BEA Systems. Topics. Security Introduction Preliminary work at W3C SAML XACML Digital Signature Services WS-Security WS-SecureConversation, WS-Trust & WS-SecurityPolicy Interdependencies. - PowerPoint PPT PresentationTRANSCRIPT
XML Security Standards — Overview for the Non-Specialist
Hal Lockhart
Office of the CTO
BEA Systems
Topics
Security Introduction
Preliminary work at W3C
SAML
XACML
Digital Signature Services
WS-Security
WS-SecureConversation, WS-Trust & WS-SecurityPolicy
Interdependencies
Information Security Definition
Technologies and procedures intended to implement organizational policy in spite of human efforts to the contrary.
Suggested by Authorization
Applies to all security services
Protection against accidents is incidental
Suggests four areas of attention
Information Security Areas
Policy determination
Expression: code, permissions, ACLs, Language
Evaluation: semantics, architecture, performance
Policy enforcement
Maintain integrity of Trusted Computing Base (TCB)
Enforce variable policy
Security Services
Authentication – confirm asserted identity
Authorization – permit or deny a request
Integrity – prevent undetected modification of data
Confidentiality – prevent unauthorized reading of data
Audit – preserve evidence for accountability
Administration – control configuration
Others …
Topics
Security Introduction
Preliminary work at W3C
SAML
XACML
Digital Signature Services
WS-Security
WS-SecureConversation, WS-Trust & WS-SecurityPolicy
Interdependencies
W3C Security Recommendations
Widespread use of XML – need for integrity & confidentiality
XML Digital Signature WG (1999 to 2002)
Defines rules to sign XML and record parameters and signature value
Support all technologies in common use
Key problem: Immaterial changes to XML documents
Solution: Canonicalization
XML Encryption WG (2001 and 2002)
Defines rules to encrypt XML and record parameters
Support all technologies in common use
Key problem: Encrypted data not Schema-valid
Solution: None
Topics
Security Introduction
Preliminary work at W3C
SAML
XACML
Digital Signature Services
WS-Security
WS-SecureConversation, WS-Trust & WS-SecurityPolicy
Interdependencies
SAML Background
Web Single Signon
Web is stateless
Very inconvenient for security
Use of Web Server Farms
User inconvenience, performance and risk, multiple repositories
Federated Identity
Federation – independent entities maintain user info
The alternative is centralization – impractical
The way the world works
Requires agreed formats and protocols (standards)
SAMLKey Ingredients for Standardization
Web Access Management Vendors
Already solved the problem using proprietary methods (multiple times)
Broad agreement on requirements and solutions
Marketplace
Large scale projects would require standards
Rising tide theory
Willingness to standardize
Random Factors
XML becoming fashionable
OASIS offered favorable environment
(SAML became the first security-related TC at OASIS)
SAML TimelineSAML 1.0Completed: May 2002OASIS Standard: November 2002
SAML 1.1Completed: May 2003OASIS Standard: September 2003
Liberty 1.1Completed: Jan 2003
Shibboleth OpenSAML 1.0Completed: June 2003
SAML 2.0Completed: January 2005OASIS Standard: March 2005
Nov-2002: SAML wins PC Magazine
Technology Excellence Award
Oct-2003: SSTC receives Digital ID World
“Balancing Innovation & Reality" award
Shibboleth OpenSAML 1.1Completed: August 2003
Liberty ID-FF 1.2Completed: Oct 2003
SAML assertions
Assertions are declarations of fact, according to someone
SAML assertions are compounds of one or more of three kinds of “statement” about “subject” (human or program):
Authentication
Attribute
Authorization decision
You can extend SAML to make your own kinds of assertions and statements
Assertions can be digitally signed
SAML protocol for getting assertions
SAML
Assertion
SAML
Response
Assertion
SAML
Request forAssertion ofCertain Type
Response
Assertion
Relying Party
Asserting Party
SAML Standards Dependencies
Uses XML Signature to protect assertions from modification
Uses XML Encryption to protect privacy when assertions are stored
Uses SSL and WS-Security to protect assertions on the wire
Is used by WS-Security to identify users and keys
Current Work
Sticking with SAML 2.0 to drive adoption
Profiles reviewed or under review
Metadata Extension for Query Requesters
Protocol Extensions for Third-Party Requests
Attribute Sharing Profile for X.509 Authentication Based Systems
XPath Attribute Profile
SAML V1.x Metadata Profile
Shared Credentials Profiles
Text-based Challenge Response
HTTP POST “SimpleSign” Binding
SAML 2.0 -> ITU-T Recommendation X.1141
Topics
Security Introduction
Preliminary work at W3C
SAML
XACML
Digital Signature Services
WS-Security
WS-SecureConversation, WS-Trust & WS-SecurityPolicy
Interdependencies
XACML TC Charter
Define a core XML schema for representing authorization and entitlement policies
Target - any object - referenced using XML
Fine grained control, characteristics - access requestor, protocol, classes of activities, and content introspection
Consistent with and building upon SAML
XACML TC History
First Meeting – 21 May 2001
XACML 1.0 - OASIS Standard – 6 February 2003
XACML 1.1 – Committee Specification – 7 August 2003
XACML 2.0 – OASIS Standard – 1 February 2005
XACML 2.0 – ITU/T Recommendation X.1142
Policy Examples
“Anyone view their own 401K information, but nobody else’s”
“The print formatting service can access printers and temporary storage on behalf of any user with the print attribute”
“The primary physician can have any of her patients’ medical records sent to a specialist in the same practice.”
“Anyone can use web servers with the ‘spare’ property between 12:00 AM and 4:00 AM”
“Salespeople can create orders, but if the total cost is greater that $1M, a supervisor must approve”
XACML Objectives
Ability to locate policies in distributed environment
Ability to federate administration of policies about the same resource
Base decisions on wide range of inputs
Multiple subjects, resource properties
Decision expressions of unlimited complexity
Ability to do policy-based delegation
Usable in many different environments
Types of Resources, Subjects, Actions
Policy location and combination
Novel XACML Features
Large Scale Environment
Subjects, Resources, Attributes, etc. not necessarily exist or be known at Policy Creation time
Multiple Administrators - potentially conflicting policy results
Combining algorithms
Request centric
Use any information available at access request time
Zero, one or more Subjects
No invented concepts (privilege, role, etc.)
Dynamically bound to request
Not limited to Resource binding
Only tell what policies apply in context of Request
Two stage evaluation
Request and Response Context
domain-specificinputs
domain-specificoutputs
xacml Context/Request.xml
xacml Context/Response.xml
PDP
xacmlPolicy.xml
XACML Profiles
Digital Signature
Integrity protection of Policies
Hierarchical Resources
Using XACML to protect files, directory entries, web pages
Privacy
Determine “purpose” of access
RBAC
Support ANSI RBAC Profile with XACML
SAML Integration
XACML-based decision request
Fetch applicable policies
Attribute alignment
XACML Standards Dependencies
XACML uses SAML assertions structure and protocols to protect and distribute policies
therefore it:
Uses XML Signature to protect assertions from modification
Uses XML Encryption to protect privacy when assertions are stored
Uses SSL and WS-Security to protect assertions on the wire
XACML is also referenced by a number of other specifications as the access control mechanism
XACML Version 3.0
Administrative policies
“HR-Admins can create policies concerning the Payroll servers”
Policy delegation
“Jack can approve expenses while Mary is on vacation”
Policy provisioning
Enhanced Obligation processing
Policy queries
Revocation
Topics
Security Introduction
Preliminary work at W3C
SAML
XACML
Digital Signature Services
WS-Security
WS-SecureConversation, WS-Trust & WS-SecurityPolicy
Interdependencies
www.oasis-open.org
Digital Signature Services (DSS)
Web Service to create / verify signatures & timestamps on behalf of users
Complexities & security issues of key management etc taken from user
Supports range of signature formats including:
W3C XML Signatures
CMS (RFC 3852) Signatures
RFC 3161 Timestamps
Intended primarily where signatures have lasting significance
Electronic Commerce
Aligned with legal requirements in various venues
DSS Specifications
Core
Generic protocol and core features
Profiles
Selects options from Core and extends if necessary
Current DSS profiles
Time-stamping
Asynchronous operation
Code signing
Entity seal
Electronic Post Mark
German signature law
Advanced electronic signature
Signature gateway
DSS Status
Core at 3rd CD takes into account
Interoperability trials
Feedback from implementers within & outside group
Profiles updated to align with 3rd CD
Currently in public review
To be followed by OASIS Std Vote
Topics
Security Introduction
Preliminary work at W3C
SAML
XACML
Digital Signature Services
WS-Security
WS-SecureConversation, WS-Trust & WS-SecurityPolicy
Interdependencies
WS-Security Overview
Basic SOAP Message Protection
Signatures, Encryption, Timestamps
Multiple token types
Username, X.509, Kerberos, SAML, REL
Token References
Web Services Security History
Submitted to OASIS September 2002
Interoperability testing began Summer 2003
OASIS Standard - April 2004
Core Specification + Username and X.509 Profiles
SAML & REL Profiles OASIS Standard - December 2004
Public Interoperability Demo – April 2005
WSS 1.1 – OASIS Standard February 2006
Includes Attachments & Kerberos
Formal WSS 1.1 Errata approved November 2006
Vote to Close TC
WS-I Basic Security Profile 1.0 & 1.1
Topics
Security Introduction
Preliminary work at W3C
SAML
XACML
Digital Signature Services
WS-Security
WS-SecureConversation, WS-Trust & WS-SecurityPolicy
Interdependencies
WS-SX Overview
Three new security specifications building on WS-Security
WS-Trust
Mechanisms to issue tokens and associated keys
WS-SecureConversation
Allows establishment of secure session (think SSL for SOAP)
WS-SecurityPolicy
Allows Web Service to express Security Policies
WS-SX TC History
New TC formed December 2005
Under new IPR policy (RF-RAND)
Privately published specifications
Substantial interop & review of WS-SC & WS-Trust prior to TC start
WS-SP is much less mature
WS-SX Currently
Charter goal: complete in 18 months
2nd F2F Meeting held in April 2006
Weekly con calls
Interop testing of WS-SecCon & WS-Trust over summer
60 day Public Review complete Dec 2
Interop of WS-SecurityPolicy underway
Public review this winter
Submission to OASIS for vote as a Standard
Security Policy Usecases also under development
Topics
Security Introduction
Preliminary work at W3C
SAML
XACML
Digital Signature Services
WS-Security
WS-SecureConversation, WS-Trust & WS-SecurityPolicy
Interdependencies
Security Standards Interdependencies
XML EncryptionXML Digital Signature
DSSXACML
SAML
WSS
WS-Trust
WS-SecureConversation
WS-SecurityPolicy
Questions?