HomeSecurity Page 7 - Trust, Access Control, and Rights for Web Services Part 1
WS-* Security Specifications for Interoperability - Security
Several other important standards are derived from and are complementary to WS-Security; they relate to such fundamental security topics as trust, access control, and rights. In this chapter, we review the family of WS-Security–related technologies. This is part 1 of chapter 9 from Securing Web Services with WS-Security, by Rosenberg and Remy (ISBN 0672326515, Sams, 2004).
The following sections address the two WS-* security specifications for interoperability. First, we briefly review WS-Policy and then cover WS-SecureConversation.
WS-Policy was the subject of Chapter 8; we include a brief review of it here for its context within the WS-* family of specifications.
WS-Policy is a family of three specifications. Version 1.1 of the WS-Policy documents include Web Services Policy Framework (WS-Policy), Web Services Policy Assertions Language (WS-PolicyAssertions), and Web Services Policy Attachment (WS-PolicyAttachment).
The top level of these specifications is WS-Policy. It forms the framework by providing a general-purpose model and corresponding syntax to describe and communicate the policies of a Web service. WS-Policy defines a base set of constructs that can be used and extended by other Web services specifications to describe a broad range of service requirements, preferences, and capabilities.
WS-PolicyAssertions specifies a set of common message policy assertions that can be specified within a policy.
WS-PolicyAttachment specifies three specific attachment mechanisms for using policy expressions with existing XML Web service technologies. Specifically, it defines how to associate policy expressions with WSDL-type definitions and UDDI entities. It also defines how to associate implementation-specific policy with all or part of a WSDL portType when exposed from a specific implementation.
Overall, the WS-Policy family describes a language for expressing requirements of Web services senders, receivers, and endpoints. One type of policy requirement that will be placed on senders, receivers, and endpoints is the security of the extended conversation implemented in a Web service. Sounds like a requirement for a "secure conversation," doesn't it? As you will see, WS-SecureConversation does indeed sit on top of WS-Policy, reinforcing the statement that WS-Policy is a framework for richer Web Services Security constructs.
WS-SecureConversation, developed by IBM, Microsoft, RSA, and VeriSign, is in initial public draft form last published in December 2002. What SSL does at the transport layer in point-to-point communication, WS-SecureConversation does at the SOAP layer. It makes efficient what would otherwise be individual SOAP messages carrying authentication information in tokens that would have to be evaluated and checked against security policy. In contrast, WS-SecureConversation establishes a mutually authenticated security context in which a series of messages are exchanged. Despite being at the top of the stack and therefore initially considered one of the later specifications to be published, a draft of WS-SecureConversation3 was published fairly early on.
WS-Security secures SOAP and thereby has a message-level security focus. But many Web service conversations span multiple messages and need an efficient way to secure those conversations. Furthermore, WS-Security is subject to certain kinds of attacks that can be thoroughly addressed only by authenticating a series of messages, not just one message at a time. WS-Security focuses on a single message authentication model in which the message itself must contain everything necessary to authenticate itself. This model can be inefficient considering that, if the exact same message comes in again and again, each time it would go through the same authentication/verification process, which is computationally expensive. WS-Security is well suited for coarse-grained messaging in which a single message at a time (or few in number) from the same requestor are received. When multiple messages are to be exchanged, establishing a security context can greatly improve efficiency. This security context, which contains a shared secret used by both parties to encrypt and/or sign, is shared among the communicating parties until the session expires.
Like SSL, WS-SecureConversation uses public key (asymmetric) encryption to establish a shared secret key and from then on uses shared key (symmetric) encryption for efficiency. The same shared key is used to encrypt a series of SOAP messages.
This chapter is from Securing Web Services Security with WS-Security, by Jothy Rosenberg and David Remy (Sams, 2004, ISBN: 0672326515). Check it out at your favorite bookstore today.