HomeSecurity Page 3 - Trust, Access Control, and Rights for Web Services Part 1
WS-* Security Specifications for Trust Relationships - Security
Several other important standards are derived from and are complementary to WS-Security; they relate to such fundamental security topics as trust, access control, and rights. In this chapter, we review the family of WS-Security–related technologies. This is part 1 of chapter 9 from Securing Web Services with WS-Security, by Rosenberg and Remy (ISBN 0672326515, Sams, 2004).
The following sections address the two specifications for trust relationships. First, we cover WS-Trust and then WS-Privacy.
Throughout this book, we have described the technical issues around securing Web services. Although these issues can be complex, they are still only technical issues. By far, the most difficult issues arise around the more subtle business and personal issues of trust. Think about your own definition of trust and how you determine whom to trust. Do you trust someone who has been referred by someone else you trust? Do you trust in some people in relatively low-risk situations but not in a high-risk situation? How you determine trust might be called your personal trust model. A lot of work and thought has gone into defining, describing, and implementing trust models, and much of the complexity in Public Key Infrastructure technology derives from the complexity of modeling trust.
A major Web services trust problem arises when credentials are issued in one trust domain and then presented in another. Say your employer, ABC Supply, is a supplier to XYZ Truck Company, and XYZ Truck Company has decided to expose its critical business systems to its suppliers. One strategy could be for XYZ Truck Company to directly issue credentials to each individual within every supplier and take on the management of these credentials. This would mean that, even if you do not work for XYZ, you would receive a credential from the company to present to its Web service when using its Bid for Order Web service. But how would XYZ Truck Company know if you were to be fired from ABC Supply or change positions? It would be very difficult, if not impossible, for XYZ Truck Company to manage the credentials given to those privileged few employees of ABC Supply allowed to directly order at XYZ.
Another approach that XYZ could choose is to blindly trust ABC Supply (and all its employees). From a technical perspective, this strategy might mean that X.509 certificates issued by ABC Supply (probably with certain attributes) could be presented to XYZ Truck Company for access to its Web services. You can probably see the trust issues here immediately. Perhaps these are highly sensitive capabilities that XYZ Truck Company is allowing access to, so much so that even its own employees must show up in person to be granted a credential. Suppose XYZ Truck Company has tight procedures for periodically refreshing credentials and revoking them when they are lost or the employee changes responsibilities. If ABC Supply Company does not have similar rigorous procedures, XYZ Company has seriously degraded its security by opening up the company to ABC's much lower standards. This level of trust becomes the arena of contracts and law because that is the way that companies express their trust, or lack thereof, and the way violations of that trust become enforceable.
This chapter is from Securing Web Services Security with WS-Security, by Jothy Rosenberg and David Remy (Sams, 2004, ISBN: 0672326515). Check it out at your favorite bookstore today.