03/29/2004

Sang Shin
Web Services sang.shin@sun.com
Security www.javapassion.com/webservices

Java Technology Evangelist

Sun Microsystems, Inc.

Disclaimer & Acknowledgments Revision History

• Even though Sang Shin is a full-time employee of Sun • 02/01/2004: created (Sang Shin)
Microsystems, the contents here are created as his
own personal endeavor and thus does not reflect any
• Things to do
official stance of Sun Microsystems.
• speaker notes need to be added
• Contents need some polishing
• Sun Microsystems is not responsible for any
inaccuracies in the contents.
• Acknowledgments
• Some slides are borrowed from Eve Maler (Sun)
• Some slides are borrowed from Rima Patel (Sun)
03/29/2004

Agenda
? What is security?
? Why new security schemes for Web
services?
? XML-based Web services security
initiatives
What is Security?
– XML signature
– XML encryption
– XKMS, XACML, SAML, WS-Security
– How they work together

Concrete Forms of Security

? Confidentiality: can prying eyes see it?
? Authentication: are you who you say you
are?
? Trust: have I agreed to work with you? Why New Security
? Non-repudiation: can you claim you didn’t
send it even if you really did?
Schemes for Web Services?
? Integrity: was it altered before I got it?
? Authorization: are you allowed to have it?
? Auditing: can I prove what happened?
7
03/29/2004

Why More Stringent Security for Issues with Current Web

Web Services?
? Point of interaction is more “over the
internet” (as opposed to “within an intranet”)
? Interaction between partners with no
previously established relationship
? Program to program interaction (as opposed
to human to program interaction)
? More dynamic interaction (as opposed to
static interaction)
? Larger number of services providers and users
9 10
Security Schemes
? SSL/TLS/HTTPS
– Transport level security (as opposed to message
level security)
– Point-to-point security only, does not handle
end-to-end multi-hopped messaging security
– Security only when data is on the wire, does not
secure data off the wire
– HTTPS does not support non-repudiation
– HTTP might not be the only transport used
– No element-wise signing and encryption

Can today’s web security

model handle web services?
? The practical maximum is HTTPS using
SSL
– Transient point-to-point encrypted communication
with known trusted parties: authentication of the
parties and confidentiality of the data in motion Web Services
? Web services can and do use this, but it’s
insufficient in several ways
Security Requirements
– Not granular enough: it encrypts everything
– Inflexible about routing; it’s just point-to-point
– No chance for auditing what’s going on
– Can’t avoid repudiation; it’s not signing the data
03/29/2004

Granularity, extensibility, Simple

and transparency in SOAP Credit
scenario:
report
company
applying for a

2. send credit
business loan

credit score
1. request
Header A Header A Header A Header A

score
Header B Header B Header D Header D
4. aggregate data and
Header C Header C Header C send loan request
Business
in need of Bank
cash 6. send response to loan
request
SOAP body SOAP body SOAP body SOAP body

3. collect 5. log and

inventory data timestamp
Requester Intermediary 1 Intermediary 2 Responder as collateral loan request
13 14

Requirements in this scenario Matching requirements to technologies

? The business needs to prove its identity to the Requirement: Technologies:

credit report company and the bank Confidentiality Key-based digital encryption and decryption
(authentication) Authentication Username/password, key-based digital signing and
signature verification, challenge-response, biometrics,
? The credit report company needs to know that smart cards, etc.
their paying customer won’t back out maliciously Trust Key-based digital signing and signature verification
after sending the request (non-repudiation)
Non-repudiation Key-based digital signing and signature verification,
? The credit report company needs to prove it message reliability

supplied the credit score itself (authentication) Integrity Message digest, itself authenticated with a digital
signature
? All the message content needs to reach its Authorization Application of policy, access control, digital rights
various destinations unchanged (integrity) and be management

safe from competitors’ eyes (confidentiality) Auditing Various forms of logging, themselves secured to avoid
tampering
? The bank needs to record the receipt of the
application (auditing) 15 16
03/29/2004

New challenges New opportunities

? Inter-enterprise web services are dealing
with incompletely trusted clients
– RPC-style services have special needs: is the caller
authorized to ask for this computer action?
? “End-to-end” isn’t just “point-to-point”
– SOAP intermediaries: the original author wrote
the payload, but many intermediate senders may
touch the message afterwards
? The pace of application and service creation is
increasing
– How can we make it easier for developers to add high-quality
security features?
? The web services security infrastructure can
take advantage of XML’s granularity
– Encrypting or signing selected portions
– Acting on and rewriting individual headers
– Hardware appliances could accelerate these functions

– Long-running choreographed conversations with ? Security-related applications can themselves

multiple requests, responses, and forks become web services
– Providers of security, identity, and provisioning solutions
can interoperate better

17 18

WUST security infrastructure

standards descriptions
authenticated, confidentiality-protected of endpoint
web service messages with potential to be security
authorized requirements
WS-Coordination, WS-Transaction?

Web Services SAML XrML

Security Frameworks
WS-Security QOP?
Kerberos X.509

XML Signature XML Encryption

SOAP, SwA WSDL

20
03/29/2004

Where these technologies Quick reference

are applied in our scenario Standard: Venue: Status:

XML Signature W3C, IETF Recommendation stage

Credit XML Encryption W3C Recommendation, Candidate Rec stages
report
company
WS-Security OASIS Working drafts; previous private specs; may
2. send credit ultimately include Quality of Protection (QOP) work
credit score
1. request

on top of WSDL
score

Kerberos IETF Well established authentication technology using

symmetric keys
4. aggregate data and
send loan request X.509 ITU, IETF Well established authentication technology using
Business public/private keys
in need of Bank
cash 6. send response to loan SAML OASIS 1.0 in OASIS Standard balloting; expected to pass
request
XrML OASIS Working draft stages; previous private spec; IPR
issues
3. collect 5. log and
inventory data timestamp
as collateral loan request
21 22

Sun™
Web Services Security Tech
Days

The standards ecosystem

ID-FF 1.1
XACML
ID-WSF 1.0
ID-FF 1.2 SAML

XML & Web Services WSPL

WSS
XCBF
XML Enc
XML Sig

Security Standards WS-Policy

Early Draft
XKMS

Mature Draft
C14N

V1 Complete

Stability W3C OASIS Liberty Private

03/29/2004

XML & Web Services Security

Schemes
? XML Digital Signature
? XML Encryption
? XKMS (XML Key Management Specification)
? XACML (eXtensible Access Control Markup
Language) XML Signature
? SAML (Secure Assertion Markup Language)
? WS-Security
? Identity Management & Liberty Project

25

What is XML Digital Signature ? Why XML Digital Signature?

? Authentication, data integrity (tamper-
proofing), non-repudiation
? Joint W3C/IETF effort
– XML syntax for representing signature of web
resources and portions thereof
– Procedures for computing and verifying such
signatures
–
Canonicalization of XML data
– Trust in key is out-of-scope
? Specs: W3C Recommendation, RFC 3075
? JSR-105
? Very flexible, thus can support diverse set
of internet transaction models
– Can sign individual items of a XML document
– Can sign multiple items
– Can sign both local and remote objects
? Allows detached signature that apply to remote, URI-
referenced content
– Can sign both XML and non-XML content
– Allows multiple levels of signing (different signing
semantics) to same content
27
? Sign, co-sign, witness, notarize, etc.
28
03/29/2004

XML Signature Forms

? Enveloped
? Enveloping
? Detached

XML Signature
Types of XML Signature

XML Signature – Enveloped XML Signature – Enveloping

<doc Id="myID"> <Signature>
<myElement> ...
...
</myElement> <Reference URI="#myRefObjectID">
...
<Signature> <Signature> is <Object Id="myRefObjectID" >
...
<Reference URI="#myID"/> enveloped <doc>
<myElement>
... within the ... <Signature>
</Signature>
</doc>
content been </myElement> envelopes the
...
signed </doc> contents to be
</Object> signed
</Signature>
03/29/2004

XML Signature – Detached

<Signature>
...

<Reference URI=
"http://www.buy.com/books/purchaseWS"/>

...

</Signature>
<Signature> is XML Signature
external to the Structure of XML
content that is
signed Signature

Sun™
XML Signature Structure Tech
Days

XML Signature Structure

<Signature>
<SignedInfo>
<CanonicalizationMethod/>
<SignatureMethod/>
<Reference>
<Transforms>
<Transform/> Applied to
<Transform/>
</Transforms> referenced
<DigestMethod/> content
<DigestValue/> Digested
</Reference>
</SignedInfo> Signed
<SignatureValue/>
<KeyInfo/>
</Signature> Signature
Element
Key related
information
03/29/2004

Example of Signed Purchase Order

<Signature> element
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">

<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2000/..." />
• Parent element of XML Signature
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#PurchaseOrder">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
structure
<DigestValue>qZk+nkcGcWq6piVxeFdcbJzQ2JO=</DigestValue>
</Reference>
</SignedInfo>
• Contains
<SignatureValue>
• <SignedInfo>
IWijxQjUrcXBYc0ei4QxjWo9Kg8Dep9tlWoT4SdeRT87GH03dgh
</SignatureValue> • <SignatureValue>
<KeyInfo> • <KeyInfo>
<X509Data>
<X509SubjectName>CN=Alice Smith, STREET=742 Park Avenue,
L=New York, ST=NY, C=US</X509SubjectName>
• <Object>
</X509Data>
</KeyInfo>

</Signature>

37

<SignedInfo> element <CanonicalizationMethod>

element
• Consists of specification of the • Specifies the algorithm (identified
information that is signed
through a URI) used for
• Contains • Canonicalization of XML
• <CanonicalizationMethod>
• <SignatureMethod>
• <Reference> (one or more)
03/29/2004

<SignatureMethod> element <Reference> element

• References the actual data stream
? Specifies the algorithm (identified (through a URI), that would be signed
through a URI) used for • This data stream would be hashed
? generation and validation of signatures
(digested) after applying appropriate
? For e.g. http://www.w3.org/2000/09/xmldsig#dsa-sha1 transformations (if any)
specifies the DSA (Digital Signature • Contains
Algorithm)
• <Transforms>
• <DigestMethod>
• <DigestValue>

<Transforms> element <Transforms> element (Contd.)

• Specifies all the transformations that
would be applied on the to-be signed
content
• The input to first transformation
• is the result of dereferencing the URI attribute
of <Reference> element
• The output of last transformation
• is then digested
• Contains
• A list of <Transform> elements
• Transformation examples
• Base64 encoding (MIME)
• Canonicalization (XML-C14N)
• XSLT
03/29/2004

<Transform> element <Transform> element (Contd.)

• Specifies
• Application specific transformation
algorithm is also allowed
• transformation algorithm in use
• For e.g. A compression routine implemented
• content parameters for the given algorithm, if as Java class specified by a base64 encoded
any content parameter
•
For e.g. Some transformations may require
explicit MIME type or charset (IANA, for instance)
or other such information concerning the data
they receive from an earlier <Transform>

<SignatureValue> element <KeyInfo> element

• Contains the base64 encoded value of • Allows specifying trust information
the digital signature either
• Explicitly, by specifying
•
a raw public key or an X.509 certificate
• Implicitly, by specifying
•
URI of a remotely located public key via
<RetrievalMethod> element
• Optional element
03/29/2004

<KeyInfo> element (Contd.) <KeyInfo> element (Contd.)

• Very important element • Contains
• Leveraged by rest of the security • <KeyName>
specifications i.e. •
A text identifier
•
XML Encryption • <KeyValue>
•
XML Key Management Services •
RSA or DSA public key, in base64
•
Security Assertions Markup Language • <RetrievalMethod>
•
Remotely references the public key via a URI
• <X509Data>
•
X.509 certificates related data

<KeyInfo> element (Contd.) A note on <KeyInfo>

• <PGPData> • Following are out of scope of XML
•
PGP related data Signature
• <SPKIData> • Trust in the key information specified by
•
SPKI certificates related data <KeyInfo>
• <MgmtData> • Verification of key information specified by
•
Key Negotiation algorithms related parameters <KeyInfo>
such as Diffie-Hellman
•
Although, this can be delegated to an XKMS Trust
Service as we will see later
03/29/2004

Canonicalization Canonicalization (Contd.)

• Canonicalization presents a method • Proving logical equivalence is important
• for testing logical equivalence of XML for application areas such as
documents • Checksums
• It generates physical form a.k.a. • Digital Signatures
Canonical form, of an XML document • Consider XML fragements below:
such that <Reservation Type="Hotel"
Id="12345">
• If two XML documents can be reduced to the <Reservation Id="12345"
same canonical form, they are considered Type="Hotel">
logically equivalent within the given context They are logically equivalent, however will fail
equivalence test in byte comparison.

Canonicalization and XML

Canonical XML
Signature
• Digital Signature over Canonical form
• Defines an algorithm that generates
of an XML document or document canonical form
subset • of a given XML document or document
subset
• Allows signature digest to be oblivious to
changes in the original document's physical • Effort hosted by XML Signature
representation Working Group of W3C
• Provided changes are defined to be logically • Started in 1999
equivalent by XML 1.0 or Namespaces in
XML
• http://www.ietf.org/rfc/rfc3076.txt
03/29/2004

Example of Canonical XML Example of Canonical XML

(Contd.)
<?xml version="1.0"?>
• The Canonical form of the given XML
<?xml-stylesheet href="doc.xsl"
type="text/xsl" ?> would
<!DOCTYPE doc SYSTEM "doc.dtd">
• Loose XML declaration
• Loose DTD
<doc>Hello, world!<!-- Comment 1 --></doc>
• Loose whitespace
<?pi-without-data ?> •
Between PI target and its data
<!-- Comment 2 --> • Comment removal from uncommented
canonical form
<!-- Comment 3 -->

Example of Canonical XML

Process of signing
(Contd.)
<?xml-stylesheet href="doc.xsl"
• Generate references by
type="text/xsl" ?> • Applying transforms (<Transforms>) to data
<doc>Hello, world!</doc>
<?pi-without-data?> Canonical form with all the to be signed, if needed
comments removed. • Calculating digest
<?xml-stylesheet href="doc.xsl"
type="text/xsl" ?>
• Generate signature by
<doc>Hello, world!<!-- Comment 1 --></doc> • Placing <Reference> element into
<?pi-without-data?>
<!-- Comment 2 --> <SignedInfo>
<!-- Comment 3 --> • Calculating <SignatureValue> over
Canonical form with all the
<SignedInfo>
comments. • Placing <SignedInfo> into <Signature>
03/29/2004

Process of Validation
• Validate references by
• Applying transforms <Transforms> to data
source
• Calculating digest and then comparing it to
<DigestValue>
• Validate signature by
• Retrieving key from <KeyInfo> or other
XML Signature
source of key information JSR 105
• Validating <SignatureValue>

Sun™
JSR 105 – XML Signatures in Java Tech
Days

JSR 105 – XML Signatures in Java Example of Enveloped Signature Generation (1)
// First, create a DOM XMLSignatureFactory
XMLSignatureFactory fac = XMLSignatureFactory.getInstance(“DOM”);
? Important JSR 105 APIs
// Specify the algorithms for various things such as Canonicalization
? XMLSignatureFactory DigestMethod dm =
fac.newDigestMethod (DigestMethod.SHA1_URI,null);
? Abstract factory used to create XML Signatures from
CanonicalizationMethod cm = fac.newCanonicalizationMethod
scratch (CanonicalizationMethod.WITH_COMMENTS_URI, null);
?
Implementations support a specific XML mechanism (ex: SignatureMethod sm = fac.newSignatureMethod
“DOM”) (SignatureMethod.RSA_SHA1_URI, null);

?
XMLSignature Transform tm = fac.newTransform(Transform.ENVELOPED_URI, null);

? Contains methods for signing and validating // Create a Reference pointing to the document to be signed
Reference ref = fac.newReference
? XMLSignContext (“”, dm, Collections.singletonList(tm), null, null);

// Create a DOM KeyInfoFactory

? XMLValidateContext KeyInfoFactory kifac = fac.getKeyInfoFactory();
03/29/2004

Sun™ Sun™
JSR 105 – XML Signatures in Java Tech
Days JSR 105 – XML Signatures in Java Tech
Days

Example of Enveloped Signature Generation (2) Example of Enveloped Signature Validation

// Create X509Data KeyInfo type & insert X.509 certification // Create DOM XMLSignatureFactory
X509Data xd = kifac.newX509Data XMLSignatureFactory fac = XMLSignatureFactory.getInstance
(Collections.singletonList(myX509Cert)); (“DOM”);
// Create KeyInfo
KeyInfo ki = kifac.newKeyInfo(Collections.singletonList(xd)); // Create an XMLValidateContext
XMLValidateContext dvc =
// Create SignedInfo new DOMValidateContext (myX509Cert.getPublicKey(),
SignedInfo si = sigElement);
fac.newSignedInfo (cm, sm,Collections.singletonList(ref));

// Create XMLSignature // Unmarshal XMLSignature

XMLSignature signature = fac.newXMLSignature(si, ki); XMLSignature signature = fac.unmarshalXMLSignature(dvc);

// Create XMLSignContext // Validate XMLSignature

XMLSignContext dsc = boolean coreValidity = signature.validate(dvc);
new DOMSignContext(privateKey, doc.getDocumentElement());

// Generate the XMLSignature

signature.sign(dsc);

Status
? W3C Recommendation (Feb. 2002)
? At least 10 vendor implementations
are available
– Java WSDP
– Apache Open source implementation
XML Signature – Most J2EE vendors will support this even
though it is not mandated in J2EE 1.4
Status ? JSR-105 work in progress
– Public review in progress (06/2003)
68
03/29/2004

What is XML Encryption?

? Data privacy (Confidentiality)
? Defines
– XML syntax for encrypted data

XML –
–
Encrypting/decrypting such data
Can encrypt only certain parts of document

Encryption ?

?
W3C Recommendation now
JSR 106

70

Examples of using XML

XML Encryption and SSL Encryption – I
• SSL encrypts all the data transmitted
through an SSL channel
John Smith's Credit Info: <EncryptedData>
• XML Encryption can encrypt the John Smith's Purchase Info:
1 Book titled...
portions of data selectively Nile.com
• For e.g. A specific element within an XML
document John

Encryption of credit card info

sent from user to Nile.com
03/29/2004

Examples of using XML

Encryption – II
Encryption of credit card Nile.com
info sent from Nile.com to
creditcardprocessing.com
such that - John Smith's Credit Info: <EncryptedData>
John Smith's Purchase Info:
<EncryptedData>

Later can only decrypt XML Encryption

credit card info and not the
purchase information Creditcardprocessing.com
Structure of XML
Encryption

Example of Encryption (Only credit

card element is encrypted) XML Encryption Structure
<purchaseOrder> <EncryptedData>
<name>Alice Smith</name> <EncryptionMethod> Encryption
<address> ... </address> <ds:KeyInfo> algorithm
<EncryptedKey>
<EncryptedData xmlns='http://www.w3.org/2000/11/temp-xmlenc'> <AgreementMethod>
<EncryptionMethod Algorithm="urn:nist-gov:tripledes-ede-cbc"> <ds:KeyName>
<s0:IV xmlns:s0='http://somens'>ABCD</s0:IV> Key
</EncryptionMethod> <ds:RetrievalMethod> informatio
<KeyInfo xmlns='http://www.w3.org/2000/09/xmldsig#'> </ds:KeyInfo> n
<KeyName>SharedKey</KeyName> <CipherData>
</KeyInfo> <CipherValue>
<CipherData>A23B45C56</CipherData> <CipherReference> Raw
</EncryptedData> encrypted data
</CipherData>
<prodNumber>8a32gh19908</prodNumber> <EncryptionProperties>
<quantity>1</quantity> </EncryptionData> Encryptio
</purchaseOrder> n Element

75
03/29/2004

<EncryptedData> element <EncryptionMethod> element

• Core element in the syntax • Optional element
• Replaces the encrypted data in an XML
document or
• Specifies encryption algorithm applied
• Serves as a new document root to cipher data
• Contains
• If absent, encryption algorithm must
• <EncryptionMethod>
be known to recipient
• <ds:KeyInfo>
• Else decryption will fail
• <CipherData>
• <EncryptionProperties>

<ds:KeyInfo> element <EncryptedKey> element

• Semantics as defined by XML
• Transports encryption keys to known
Signature specification recipient
• Can contain additional elements
• Can be placed either
defined by XML Encryption syntax i.e. • As a standalone XML document
• <EncryptedKey> • Within an application XML document
• <AgreementMethod> • Inside <EncryptedData> element
• As a child of <ds:KeyInfo> element
03/29/2004
<AgreementMethod> element
• Can be used by originator to identify
keys and computational procedures
used to obtain shared encryption key
• Carries an Algorithm attribute to
specify Key Agreement algorithm
• For e.g. Diffie-Hellman
Keying information for
decryption of cipher data
• Can be provided in 3 ways
• <EncryptedData> or <EncryptedKey>
specifying the keying info by <ds:KeyInfo>
• A detached <EncryptedKey> element
specifying
• <EncryptedKey> via <KeyReference> or
•
<EncryptedData> via <DataReference>
• The keying material is automatically
determined by recipient
•
based on the application context
<AgreementMethod> element
(Contd.)
• XML Encryption does not provide an
online key agreement negotiation
protocol
• If agreed key is being used to wrap a
key rather than data then
• <AgreementMethod> appears inside
<ds:KeyInfo> inside <EncryptedKey> element
<CipherData> element
• Provides cipher data either
• In the form of base64 encoded text of
<CipherValue> element or
• By providing a reference to an external
location containing the encrypted octet
sequence specified by <CipherReference>
element
03/29/2004

<CipherReference> element <EncryptionProperties> element

• It identifies source (via URI)
• Which can yield encrypted octet sequence
• Contains
• An optional sequence of <Transforms>
•
Data resulting from dereferencing the URI is
transformed as specified in order to yield
intended cipher value
• Syntax of <Transforms> similar to XML Signature
syntax
• Carries additional information
• concerning the generation of
<EncryptedData> or <EncryptedKey>
element
• For e.g. Serial number of cryptographic
hardware used during encryption
• Contains
• <EncryptedProperty>

Encryption Granularity Example XML Document

• Encryption can be carried out at <?xml version='1.0'?>
<PaymentInfo
following levels xmlns='http://example.org/paymentv2'>

<Name>John Smith</Name>
• Encrypting an XML element <CreditCard Limit='5,000' Currency='USD'>
<Number>4019 2445 0277 5567</Number>
• Encrypting XML Elements containing other <Issuer>Example Bank</Issuer>
<Expiration>04/02</Expiration>
elements </CreditCard>
</PaymentInfo>
• Encrypting XML Element containing
character data
• Encrypting arbitrary data and XML
documents
• Encrypting EncryptedData (Super
Encryption)
03/29/2004

Encrypting XML Element

Encrypting XML Element Contents (Elements)
<?xml version='1.0'?> <?xml version='1.0'?>
<PaymentInfo <PaymentInfo xmlns='http://example.org/paymentv2'>
xmlns='http://example.org/paymentv2'> <Name>John Smith</Name>
<Name>John Smith</Name> <CreditCard Limit='5,000' Currency='USD'>
<EncryptedData Type= <EncryptedData
'http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'
xmlns='http://www.w3.org/2001/04/xmlenc#'> Type='http://www.w3.org/2001/04/xmlenc
#Content'>
<CipherData> <CipherData>
<CipherValue>A23B45C56</CipherValue> <CipherValue>A23B45C56</CipherValue>
</CipherData> </CipherData>
</EncryptedData> </EncryptedData>
</PaymentInfo> </CreditCard>
</PaymentInfo>

Only encrypts the

Encrypting entire <CreditCard> elements of
element <CreditCard> element

Encrypts XML Element Encrypts XML Element

Contents (Character Data) Contents (Character Data)
<?xml version='1.0'?>
<PaymentInfo </Number>
xmlns='http://example.org/paymentv2'> <Issuer>Example Bank</Issuer>
<Name>John Smith</Name>
<CreditCard Limit='5,000' Currency='USD'> <Expiration>04/02</Expiration>
<Number> </CreditCard>
<EncryptedData </PaymentInfo>
xmlns='http://www.w3.org/2001/04/
xmlenc#' Type='http://www.w3.org/
2001/04/xmlenc#Content'>
<CipherData>
<CipherValue>
A23B45C56
</CipherValue>
</CipherData>
</EncryptedData>

Only encrypts credit

card number
03/29/2004

Encrypting Arbitrary Data and Encrypting <EncryptedData>

XML Documents Super Encryption
<pay:PaymentInfo
<?xml version='1.0'?> xmlns:pay='http://example.org/paymentv2'>
<EncryptedData
xmlns='http://www.w3.org/2001/04/xmlenc#'
MimeType='text/xml'> <EncryptedData Id='ED1'
<CipherData> xmlns='http://www.w3.org/2001/04/xmlenc#'
<CipherValue>A23B45C56</CipherValue> Type='http://www.w3.org/2001/04/xmlenc#Element'>
</CipherData> <CipherData>
</EncryptedData> <CipherValue>
originalEncryptedData
</CipherValue>
If the application scenario requires all </CipherData>
</EncryptedData>
information to be encrypted, the whole </pay:PaymentInfo>
document is encrypted as an octet sequence.
This applies to arbitrary data as well as XML A valid super encryption of ED1 is shown on
documents. next slide ->

Encrypting <EncryptedData>
Super Encryption
<pay:PaymentInfo
xmlns:pay='http://example.org/paymentv2'>

<EncryptedData Id='ED2'
xmlns='http://www.w3.org/2001/04/xmlenc#'
Type='http://www.w3.org/2001/04/xmlenc#Element'>

<CipherData>
<CipherValue>
newEncryptedData
</CipherValue> Here <CipherValue>
</CipherData>
</EncryptedData>
'newEncryptedData' is the XML Encryption
</pay:PaymentInfo> base64 encoding of the
encrypted octet sequence JSR 106
resulting from encrypting the
<EncryptedData> element
with ID='ED1'
03/29/2004

JSR 106 – XML Encryption in

Java
? Standard Java API for W3C XML
Encryption standard
? Programming model similar to JSR 105
? Important JSR 106 APIs
? XMLEncryptionFactory
? EncryptedData
? EncryptedKey
XML Signature
? XMLEncryptContext Status
? XMLDecryptContext

Status and Resources (XML

Encryption)
? W3C Note status on XML Encryption
Requirements
? Implementations are not yet widely
available XKMS
? JSR-106 work in progress (XML Key
W3C XML Encryption home page
?

– www.w3.org/Encryption/
Management Spec.)

99
03/29/2004

Sun™ Sun™
What is XKMS? Tech
Days
Why XKMS? Tech
Days

? Defines protocol between XKMS

? PKI is very important to Web services &
client and XKMS server for E-commerce
performing PKI operations
? PKI operations are too expensive to
? public key registration
small devices
? public key validation
? XKMS reduces the processing burden by
? public key discovery moving it to a XKMS server
? public key revocation ? PKI operations are too complex to
? XKMS server provides trust service in many applications
the form of a Web service ? XKMS eases the integration of PKI by moving
? Used along with XML digital signing the complexity of PKI operation to a XKMS
server
and encryption

Sun™
XKMS Specifications Tech
Days

X-KISS Protocol: Public Key

?
Binding Validation Request
XKISS: XML Key Information Service
Spec. <Validate>
<Query>
<Status>Valid</Status>
? Defines a protocol for validation of public <ds:KeyInfo>
keys <ds:KeyName>...</ds:KeyName>
<ds:KeyValue>...</ds:KeyValue>
? XKRSS: XML Key Registration Service </ds:KeyInfo>
</Query>
Spec. <Respond>
<string>KeyName</string>
? Defines a protocol for registration, <string>KeyValue</string>
</Respond>
revocation, recovery of public keys </Validate>
03/29/2004

X-KISS Protocol: Public Key

Status and Resources (XKMS)
Binding Validation Response
<ValidateResult>
<Result>Success</Result> ? W3C is making good progress
<Answer>
<KeyBinding>
<Status>Valid</Status>
? JSR-104 work in progress
<KeyID>http://www.xmltrustcenter.org/assert/20010120-39
</KeyID> ? W3C XKMS Home page
<ds:KeyInfo>
<ds:KeyName>...</ds:KeyName> – http://www.w3.org/TR/xkms/
<ds:KeyValue>...</ds:KeyValue>
</ds:KeyInfo>
<ValidityInterval>
<NotBefore>2000-09-20T12:00:00</NotBefore>
<NotAfter>2000-10-20T12:00:00</NotAfter>
</ValidityInterval>
</KeyBinding>
</Answer>
</ValidateResult>
106

Java Implementations XKMS

? Verisign: Trust Services Integration Kit
– www.xmltrustcenter.org/developer/verisign/tsik/
? Entrust: XKMS toolkit
– xkms.entrust.com/xkms/
XACML
? Phaos (eXtensible Access Control
– www.phaos.com/products/xkms/xkms.html Markup Language)

107
03/29/2004

What is XACML? Why XACML?

? Standardize access control language in XML
? Define core schema and namespace for
– Extensible language with flexible semantics
authorization policies in XML:
– Used against XML elements in XML document
? Lower costs
– Extensible – No need to develop app-specific languages
? Closely aligned with SAML effort – No need to write policy in several languages
– Policy Decision Points (PDPs) involved in SAML
? Simpler
might consult policies encoded in XACML to – Admins only need to understand one language
determine whether access will be granted to a
resource
? Policy composition
– Policies written by different parties can be
combined
109 110

XACML Use Case Status and Resources (XACML)

? A patient has patient record including
psychiatric notes ? OASIS Standard (Feb. 2003)
? The patient grants access right to ? Java-based open source implementation
psychiatric notes only to primary care available (donated from Sun)
doctor – http://sunxacml.sourceforge.net/
? The primary care doctor grants access to ? No JSR effort yet
patient record to covering doctor, with
access restriction following the
transmitted documents so that covering
doctor has no access to psychiatric notes
111 112
03/29/2004

What is SAML?
? Define an XML framework for
exchanging authentication and

SAML authorization information

– Various XML security assertions: credentials,
(Security Assertion –
authentication, attribute, authorization, etc...
Request & response protocol
Markup Language) ? Enables Single Sign-On (SSO)
? OASIS Standard
? JSR-155

Why SAML? Use cases for sharing security

information thru SAML
? Standards are emerging for many
facets of collaborative e-commerce, • SAML developed three “use cases” to
such as: drive its requirements and design:
– Business transactions (e.g., ebXML) – Single sign-on (SSO)
– Software interactions (e.g., SOAP) – Distributed transaction
? But communicating security – Authorization service
properties of these interactions isn’t
well standardized
– Low interoperability between PMI solutions
– Tight coupling within components
03/29/2004

#1 Single Sign On (SSO) #2 Distributed Transaction

? Logged-in (authenticated) users of Smith.com ? A car buyer also purchases an auto insurance
are allowed to access to sister site Johns.com from insurance.com which is affiliated with
without relogin cars.com

Authenticate Smith.com cars.com

Buy a car

SAML SAML SAML

Assertion SAML
Assertion Assertion Assertion
Request Response Response
Request

Use secured Johns.com Buy insurance insurance.com

resource without re-login

#3 Authorization Service SAML in a nutshell

? An employ of Works.com orders office supplies
directly from Office.com, which performs its own
? It’s an XML-based framework for
authorization exchanging security information
– XML-encoded security “assertions”
Works.com – XML-encoded request/response protocol
– Rules on using assertions with standard
SAML SAML transport and messaging frameworks
Employee of Assertion Assertion
Request Response
Works.com

Office.com
03/29/2004

SAML Assertions Authentication statement

• Assertions are declarations of fact,
according to someone
? An issuing authority asserts that
– subject S was authenticated
• SAML assertions are compounds of one
– by means M
or more of three kinds of “statement”
– at time T
about “subject” (human or program)
– Authentication
? Targeted towards Single Sign On uses
– Attribute
– Authorization

Example assertion with

authentication statement Attribute statement
<saml:Assertion …>
<saml:AuthenticationStatement
? An issuing authority asserts that
AuthenticationMethod=“password” (By means M)
AuthenticationInstant=“2001-12-03T10:02:00Z”>(At time T) – Subject S is associated with
<saml:Subject> (Subject S)
<saml:NameIdentifier – attributes A, B, … with values “a”, “b”, “c”…
SecurityDomain=“sun.com”
Name=“Sang” /> ? Useful for distributed transactions and
<saml:ConfirmationMethod>
http://…core-25/sender-vouches authorization services
</saml:ConfirmationMethod>
</saml:Subject>
</saml:AuthenticationStatement>
</saml:Assertion>
03/29/2004

Example assertion with two

attribute statements Authorization statement
<saml:Assertion …>
<saml:AttributeStatement>
<saml:Subject>..Sang..</saml:Subject>
? An issuing authority decides
<saml:Attribute – whether to grant the request by subject S
AttributeName=“PaidStatus” (attribute A)
AttributeNamespace=“http://smithco.com”> – for access type A to resource R
<saml:AttributeValue> (with value a)
PaidUp
</saml:AttributeValue> – given evidence E
</saml:Attribute>
<saml:Attribute ? The subject could be a human or a
AttributeName=“CreditLimit” (attribute B)
AttributeNamespace=“http://smithco.com”> program
<saml:AttributeValue> (with value b)
<my:amount currency=“USD”>500.00
</my:amount>
? The resource could be a web page or
</saml:AttributeValue>
</saml:Attribute> a web service, for example
</saml:AttributeStatement>
</saml:Assertion>

Example assertion with Protocol for Requesting &

authorization statement Receiving Assertions
<saml:Assertion …>
<saml:AuthorizationStatement
Decision=“Permit” (Whether to grant request) Asserting Party (Issuing Party)
Resource=“http://jonesco.com/rpt_12345.html”> (for res. R)
<saml:Subject>…</saml:Subject> (by Subject S)
<saml:Actions
ActionNamespace=“http://…core-25/rwedc ”>
<saml:Action>Read</saml:Action> (for access type A)
</saml:Actions> SAML Assertion SAML Assertion
</saml:AuthorizationStatement> Request Response
</saml:Assertion>

Relying Party (Requesting Party)

03/29/2004

WS-Security Specification
• Set of SOAP extensions for end-to-end SOAP
messaging security
– Security schemes at message level
• Signing and encrypting SOAP messages by
attaching security tokens to SOAP messages
WS-Security – Any combination of message parts: Header blocks,
body, attachments

130

WS-Security
• Multiple security models
– username/password
– certificate
• Multiple security technologies
– Kerberos How They Work
– PKI

• Multiple types of security tokens

together
– Kerberos ticket
– X509 certificate
– SAML assertions
131
03/29/2004

SAML and Other Standards SAML and Other Standards

• SAML and XML DSig
• SAML and XKMS
– XML DSig is used for digitally signing and
canonicalizing SAML assertions – SAML traffic could be secured by XKMS-
– Authenticating, tamper-proofing (integrity), based PKI (or by other PKI implementation,
non-repudiating SAML assertions or by other means entirely)
• SAML and XACML
• SAML and XML Encryption
– XACML could be used to define access
– XML Encryption is used for encrypting and
control/policy as a basis for handling SAML
decrypting SMAL assertions
assertion request
– Enforcing privacy (confidentiality) of SAML
assertions

SAML and Other Standards

• SAML and WS-Security
– SAML Assertions can be carried as security
tokens defined in WS-Security
• SAML and Liberty Project
– SAML is used as security information
exchange protocol among Liberty
participants
03/29/2004

Resources
? W3C XML Digital Signature
– www.w3.org/Signature/
? W3C XML Encryption
– www.w3.org/Encryption/
? XKMS
Resources ?
– www.w3.org/TR/xkms/
XACML
– www.oasis-open.org/committees/xacml/
? SAML
– oasis-open.org/committees/security

138

Resources
? WS-Security
– www.oasisopen.org/committees/wss/
? ebXML Message Services
– www.ebxml.org
? Liberty Project
– www.projectliberty.org Thank You!

139
03/29/2004
Sun™
JAX-RPC Message-Level Security Tech
Days

Sang Shin
Technology Evangelist
03/29/2004
Sun™
Tech
JAX-RPC Message Level Security Days

Implementation in Java WSDP 1.3

? Implements portions of OASIS Web Services
Security
? Implements only XML Signature
? no encryption
? runs over plain HTTP
? Signing and verification are implemented as
SOAP message handlers at both client and server
? Only programmatic security is supported
? no declarative support (via deployment descriptor)
03/29/2004
Sun™
Transport vs. Message Level Security Tech
Days

Transport Level Message

• Uses SSL
• DoesLevel
not use SSL

• Point-to-Point :
• Data Chunks are
Protects the “pipe” protected

• Does not work with

• Intended to work with
Intermediaries Intermediaries

• Ubiquitous
• Standards still under
development

SOAP based communications introduces the notion

of Message-level security
03/29/2004
Sun™
Sample Applications Tech
Days

? dump
? prints out both the client and server request and response
SOAP messages
? sign
? the response is signed by the server and verified by the client
? sign2
? the client signs the request, the message is dumped out, the
message travels over the network, the server verifies the
signature, the business method is called, the server signs the
response, the message travels back over the network, and
the client verifies the response
? retrieves calling client identity
03/29/2004
Sun™
Steps of Signing (at the Client) Tech
Days

? Get client proxy object

? Create ClientHelper object and bind it with the
client proxy object
? Use the createFor() static factory method to create an
instance of a ClientHelper
? Configure the ClientHelper for the actions you
want to take
? SOAP message handlers are configured
? Sign client request
? Verify server response
? Call business methods
03/29/2004
Sun™
ClientHelper Class Tech
Days

? There could be several kinds of ClientHelper's

depending on the kind of credentials the client
uses
? A ClientHelper has no credentials associated
with it, while a CertificateClientHelper carries
X509 certificate credentials
03/29/2004
Sun™
JAX-RPC Client Side (from sign2) Tech
Days

public class StaticHelloClient {

public static void main(String[] args) throws Exception {
Remote proxy = (Remote) createProxy();

// Create a CertificateClientHelper for a client-side stub/proxy

CertificateClientHelper cch = CertificateClientHelper.createFor(proxy);

// Sign the request and then dump the message for debugging
cch.addSignRequest().addDumpRequest();

// Verify the response which was signed by the server

cch.addVerifyResponse();

// Call the business method

HelloIF hello = (HelloIF) proxy;
System.out.println(hello.sayHello("to Duke!"));
}

private static Stub createProxy() {

// Note: MyHello_Impl is implementation-specific.
Stub stub = (Stub) (new Hello_Impl().getHelloIFPort());
return stub;
}
}
03/29/2004
Sun™
Steps of Verification (at the Server) Tech
Days

? On the server side, there is only one kind of

credential, an X509 Certificate credential, which
means that there is only one ServerHelper class
? Create ServerHelper object and bind it with the
endpoint
? Usually done inside of init() method of ServiceLifeCycle
interface which is implemented by the endpoint
? Configure the ServerHelper object with security
configuration
? Verify client request
? Sign response
03/29/2004
Sun™
JAX-RPC Secure Endpoint (sign2) Tech
Days

public class HelloImpl implements HelloIF, ServiceLifecycle{

private ServerHelper sh;

public String sayHello (String s){
...
}

public void init (Object context)

throws ServiceException{

// Create ServerHelper object and bind it

// with endpoint
sh = ServerHelper.createFor(context);

// Config server security actions - verify client

// request and sign response
sh.addVerifyRequest().addSignResponse();
}
}
03/29/2004
Sun™
Extracting Client Principal Tech
Days

? Once client is authenticated, client's Subject

and Principal's are set
? Subject identifies the source of request
? Subject has multiple Principals
03/29/2004
Sun™
Extracting Client Principal (sign2) Tech
Days

public class HelloImpl implements HelloIF, ServiceLifecycle{

private ServerHelper sh;

public String sayHello (String s){

return (prompt + s + " and also to " +
sh.getClientPrincipal());
}

public void init (Object context)

throws ServiceException{

...
}
}
SunNetworkSM Conference 2002

Identity Management & Sang Shin

Liberty Project sang.shin@sun.com
Java ™ Technology Evangelist
Sun Microsystems, Inc.

Disclaimer & Acknowledgments Revision History

• Even though Sang Shin is a full-time employee • 02/01/2004: created (Sang Shin)
of Sun Microsystems, the contents here are • Things to do
created as his own personal endeavor and • speaker notes need to be added
thus does not reflect any official stance of Sun • Contents need some polishment
Microsystems.
• Sun Microsystems is not responsible for any
inaccuracies in the contents.
SunNetworkSM Conference 2002
Agenda
• What is and Why Identity Management?
• Identity Management architectural options
• Liberty project
• Identity Management evolution
• Java Technology and Identity What is & Why
Management
• Status of Liberty project Identity Management?

What Is Identity? Why Identity Management?

Customer Name John Smith
Email alias jsmith2@freemail.com Policy-Based Trusted Network
User ID js@eng.sun.com
Credit card number
Social security number Context-Sensitive Authentication,
Drivers license Attributes, and Authorization
The set of Passport
Retinal Scan
attributes that DNA
describe Entertainment preferences
Technology
Notification preferences
profile(s) of an Employee Authorization Employees Customers Business Devices
Partners
individual or Business Calendar
Dinning preferences
business entity Affinity program
Friends and associates
or program Education History
Medical History
Financial Assets…
Identity is the foundation for the next
generation of highly personalized web services
SunNetworkSM Conference 2002
Network Identity Components Network Identity Is The Foundation
Upon Which Web Services Are Built
COMPONENT DEFINITION EXAMPLE
Web Services
ATTRIBUTES: Traits, profiles, • Personal consumer preferences
(e.g., travel, entertainment,
preferences of an dining)
identity, device, or • Identity-specific histories (e.g., Network Identity
business partner purchases, medical records, etc.)
• Device capabilities information Business policy: liability, assurance for transactions
(e.g., text-only, video, etc.) Relationships between people, groups, and organizations
AUTHENTICATION: A level of security • Services based on attributes (e.g,.

Travel, entertainment, dining) Applications and services: Access and Authorization

guaranteeing the • Transaction consummation
validity of an identity Relationships between identities and information
• Gradient levels of service (e.g.,

representation based on employee level)

Presentation/Personalization: What the User Sees
Defining relationships through quality of experience
The provisioning of Govt issued (Drivers license,
AUTHORIZATION: services or
•

social security, Passport)

• Biometric (Fingerprint, Retinal
activities based Scan, DNA) Authenticated Identity
upon an • Self-selected (PIN number, secret
(person, application, group, organization)
password)
authenticated
identity

Source: Burton Group

Identity Crisis—Silos of Identity Why Identity Is Important

Single sign-on should be

It should be available
an accelerant for Internet
on anything attached
commerce, not a
to the Internet
bottleneck or toll booth
SunNetworkSM Conference 2002

Enterprise Identity Challenges What Individuals Care About

? Many incompatible identity
standards
• Security and
? Same for authentication safety
? No standard for policy based • Comfort
provisioning of services
? Building your on-line directory – • Convenience and
before your competitors do it for ubiquity
you
? Mining your directory
? Privacy, public policy, regulation
? Interoperability – within and
between enterprises

Identity Value Chain

Content & Service Business

Creation Promotion
Delivery Management Factors

APIs Hosting Financial Preferences Billing

Services
Identity Management
Schema Portal History Usage
SW Platform Ingredient Business Services Access Discounts
Device Specific Brand Supply Chain Rewards Payments
Security Services Authentication Authorization
Tools
Entertainment
Aggregation Architectural Options
Communication
Notification
SunNetworkSM Conference 2002
Possible Identity Solutions Centralized Architecture Single Identity
Operator

Centralized • Overview
Open Federated Model
Model Financial Svcs
– “User” & Nodes enroll with ID operator
Customer –
Single Identity Community ID operator issues (GUID) global unique identifier
Operator – “User” can access all operator sites
Online Wireless
Community Community
• Pros
– Single source of control/auditability
Retail
Telecommunications Community • Cons
Community
– Security/Privacy controlled by one operator
Travel – Operator controls some profile data
Entertainment Community
Community – Profile sharing/tracking possible without permission
– Single point of security failure
– Danger for "Tollgateíng"

BANK

Federated Architecture RETAILER TELCOM

• Overview INSURANCE AIRLINE

YOU PORTAL
– Account chaining based
– “User” & Nodes need explicit linking
– No common GUID
• Pros
– User has complete control on who/what to share
– Businesses have complete on “user” profile data
–
–
Incremental profile sharing possible
Creates market opportunity for identity service Liberty Project
providers
• Cons
– Expensive to do without standards
– Profile data inconsistency possible
SunNetworkSM Conference 2002
Liberty Project Liberty Alliance*
• Create an open standard for identity,
authentication and authorization
• Objective: lower costs, accelerate commercial
opportunities, and increase customer satisfaction
• Federated standard will enable every
business to:
• Maintain their own customer/employee/device
data
• Tie data to an individual’s or business’s identity
• Share data with partners according to its business
objectives, and customer’s preferences
* today. And growing.

Views of Federated Identity Federated Identity Premises

Services •
Providers that
Distributed identity data stays with “rightful”
Multiple
are equal and owner
Identity interoperable
• Multiple authenticators (Identity providers)
Providers
• They compete for consumer trust
Control over •
ownership
Manage privacy Delineation between authentication (identity
and preferences
and disclosure providers) and authorization(merchants)
• Merchants retain control of transaction requirements
Multiple
Individuals • Consumer is in control of who can access
Service with Multiple
Profiles information
Providers
• Multiple modes: Always, Within group, per transaction, …
• Gradient levels of authentication within network
SunNetworkSM Conference 2002
Circles of Trust
Supplier Supplier
A C
Name:
ID Accts Supplier
Preferences: Payable Supply B
…… .
App External
Chain Services
Primary
Aggregator
Trust External
Authority Services
(my company)
Calendar
External
Work Services
Profile
Employee Circle of Trust

Identity Management Secondary

NI
News
Source

News
News
Source

Trust NI Source

Evolution
Authority Enabled Service
(e.g., my airline)
Merchants Aggregator
Primary
Trust
Authority
(e.g., my bank) Friends & External
Home NI Services
Family
Profile
Name: Enabled Notification
ID
Preferences:
Services External
…… . Services

External
Consumer Circles of Trust Services

Network Identity Organic Evolution Evolution of Identity Networks

Separate login Separate login Seamless login

for each site for each network across networks
SunNetworkSM Conference 2002
Analogous to ATM Networks

Java Technology &

Identity Management
Separate card Separate card for Seamless access
for each bank each network across networks

Java Platform and Liberty

• J2EE
• New Liberty JSR
• Inclusion in Java Web Services Developer Pack
• Tracked for J2EE 1.5
• J2SE
• Liberty digital signing via Java Web start
Status of
• J2ME Liberty Project
• Liberty digital signing via MIDP
• JavaCard
• Liberty certificates stored in Java Card
SunNetworkSM Conference 2002
Status of Liberty Project
• Liberty version 1.0 specification was
released in July, 2002
• First Liberty-enabled products are
expected to be available by the end of
2002 Liberty Project Concept
• Liberty version 2.0 work has been already
started Demo
• More than x members right now

Key Points of the Demo

? Signing into a portal for the first time
? Opting-in to a federated identity network
? Providing that identity network with
additional data and preferences
? Performing context-sensitive online banking Resources
? A sophisticated airline affinity program
? Online web service notification
? How one's personal identity follows them
across multiple devices
SunNetworkSM Conference 2002
Resources
? W3C XML Digital Signature
– http://www.w3.org/Signature/
? W3C XML Encryption
– www.w3.org/Encryption/
? XKMS and its relatives (now at W3C)
– www.w3.org/TR/xkms/ Passion!
? XACML
– www.oasis-open.org/committees/xacml/
? Liberty Alliance
– www.projectliberty.org