390 likes | 402 Vues
XML Security Standards — Overview for the Non-Specialist. Hal Lockhart Office of the CTO BEA Systems. Topics. Security Introduction Preliminary work at W3C SAML XACML Digital Signature Services WS-Security WS-SecureConversation, WS-Trust & WS-SecurityPolicy Interdependencies.
E N D
XML Security Standards — Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems
Topics • Security Introduction • Preliminary work at W3C • SAML • XACML • Digital Signature Services • WS-Security • WS-SecureConversation, WS-Trust & WS-SecurityPolicy • Interdependencies
Information Security Definition Technologies and procedures intended to implement organizational policy in spite of human efforts to the contrary. • Suggested by Authorization • Applies to all security services • Protection against accidents is incidental • Suggests four areas of attention
Information Security Areas • Policy determination • Expression: code, permissions, ACLs, Language • Evaluation: semantics, architecture, performance • Policy enforcement • Maintain integrity of Trusted Computing Base (TCB) • Enforce variable policy
Security Services • Authentication – confirm asserted identity • Authorization – permit or deny a request • Integrity – prevent undetected modification of data • Confidentiality – prevent unauthorized reading of data • Audit – preserve evidence for accountability • Administration – control configuration • Others …
Topics • Security Introduction • Preliminary work at W3C • SAML • XACML • Digital Signature Services • WS-Security • WS-SecureConversation, WS-Trust & WS-SecurityPolicy • Interdependencies
W3C Security Recommendations • Widespread use of XML – need for integrity & confidentiality • XML Digital Signature WG (1999 to 2002) • Defines rules to sign XML and record parameters and signature value • Support all technologies in common use • Key problem: Immaterial changes to XML documents • Solution: Canonicalization • XML Encryption WG (2001 and 2002) • Defines rules to encrypt XML and record parameters • Support all technologies in common use • Key problem: Encrypted data not Schema-valid • Solution: None
Topics • Security Introduction • Preliminary work at W3C • SAML • XACML • Digital Signature Services • WS-Security • WS-SecureConversation, WS-Trust & WS-SecurityPolicy • Interdependencies
SAML Background • Web Single Signon • Web is stateless • Very inconvenient for security • Use of Web Server Farms • User inconvenience, performance and risk, multiple repositories • Federated Identity • Federation – independent entities maintain user info • The alternative is centralization – impractical • The way the world works • Requires agreed formats and protocols (standards)
SAMLKey Ingredients for Standardization • Web Access Management Vendors • Already solved the problem using proprietary methods (multiple times) • Broad agreement on requirements and solutions • Marketplace • Large scale projects would require standards • Rising tide theory • Willingness to standardize • Random Factors • XML becoming fashionable • OASIS offered favorable environment • (SAML became the first security-related TC at OASIS)
Liberty 1.1 Completed: Jan 2003 SAML 1.1 Completed: May 2003 OASIS Standard: September 2003 Shibboleth OpenSAML 1.0 Completed: June 2003 Shibboleth OpenSAML 1.1 Completed: August 2003 Liberty ID-FF 1.2 Completed: Oct 2003 Oct-2003: SSTC receives Digital ID World “Balancing Innovation & Reality" award SAML 2.0 Completed: January 2005 OASIS Standard: March 2005 SAML Timeline SAML 1.0 Completed: May 2002 OASIS Standard: November 2002 Nov-2002: SAML wins PC Magazine Technology Excellence Award
SAML assertions • Assertions are declarations of fact, according to someone • SAML assertions are compounds of one or more of three kinds of “statement” about “subject” (human or program): • Authentication • Attribute • Authorization decision • You can extend SAML to make your own kinds of assertions and statements • Assertions can be digitally signed
SAML Standards Dependencies • Uses XML Signature to protect assertions from modification • Uses XML Encryption to protect privacy when assertions are stored • Uses SSL and WS-Security to protect assertions on the wire • Is used by WS-Security to identify users and keys
Current Work • Sticking with SAML 2.0 to drive adoption • Profiles reviewed or under review • Metadata Extension for Query Requesters • Protocol Extensions for Third-Party Requests • Attribute Sharing Profile for X.509 Authentication Based Systems • XPath Attribute Profile • SAML V1.x Metadata Profile • Shared Credentials Profiles • Text-based Challenge Response • HTTP POST “SimpleSign” Binding • SAML 2.0 -> ITU-T Recommendation X.1141
Topics • Security Introduction • Preliminary work at W3C • SAML • XACML • Digital Signature Services • WS-Security • WS-SecureConversation, WS-Trust & WS-SecurityPolicy • Interdependencies
XACML TC Charter • Define a core XML schema for representing authorization and entitlement policies • Target - any object - referenced using XML • Fine grained control, characteristics - access requestor, protocol, classes of activities, and content introspection • Consistent with and building upon SAML
XACML TC History • First Meeting – 21 May 2001 • XACML 1.0 - OASIS Standard – 6 February 2003 • XACML 1.1 – Committee Specification – 7 August 2003 • XACML 2.0 – OASIS Standard – 1 February 2005 • XACML 2.0 – ITU/T Recommendation X.1142
Policy Examples • “Anyone view their own 401K information, but nobody else’s” • “The print formatting service can access printers and temporary storage on behalf of any user with the print attribute” • “The primary physician can have any of her patients’ medical records sent to a specialist in the same practice.” • “Anyone can use web servers with the ‘spare’ property between 12:00 AM and 4:00 AM” • “Salespeople can create orders, but if the total cost is greater that $1M, a supervisor must approve”
XACML Objectives • Ability to locate policies in distributed environment • Ability to federate administration of policies about the same resource • Base decisions on wide range of inputs • Multiple subjects, resource properties • Decision expressions of unlimited complexity • Ability to do policy-based delegation • Usable in many different environments • Types of Resources, Subjects, Actions • Policy location and combination
Novel XACML Features • Large Scale Environment • Subjects, Resources, Attributes, etc. not necessarily exist or be known at Policy Creation time • Multiple Administrators - potentially conflicting policy results • Combining algorithms • Request centric • Use any information available at access request time • Zero, one or more Subjects • No invented concepts (privilege, role, etc.) • Dynamically bound to request • Not limited to Resource binding • Only tell what policies apply in context of Request • Two stage evaluation
XACML Profiles • Digital Signature • Integrity protection of Policies • Hierarchical Resources • Using XACML to protect files, directory entries, web pages • Privacy • Determine “purpose” of access • RBAC • Support ANSI RBAC Profile with XACML • SAML Integration • XACML-based decision request • Fetch applicable policies • Attribute alignment
XACML Standards Dependencies • XACML uses SAML assertions structure and protocols to protect and distribute policies therefore it: • Uses XML Signature to protect assertions from modification • Uses XML Encryption to protect privacy when assertions are stored • Uses SSL and WS-Security to protect assertions on the wire • XACML is also referenced by a number of other specifications as the access control mechanism
XACML Version 3.0 • Administrative policies • “HR-Admins can create policies concerning the Payroll servers” • Policy delegation • “Jack can approve expenses while Mary is on vacation” • Policy provisioning • Enhanced Obligation processing • Policy queries • Revocation
Topics • Security Introduction • Preliminary work at W3C • SAML • XACML • Digital Signature Services • WS-Security • WS-SecureConversation, WS-Trust & WS-SecurityPolicy • Interdependencies
www.oasis-open.org Digital Signature Services (DSS) • Web Service to create / verify signatures & timestamps on behalf of users • Complexities & security issues of key management etc taken from user • Supports range of signature formats including: • W3C XML Signatures • CMS (RFC 3852) Signatures • RFC 3161 Timestamps • Intended primarily where signatures have lasting significance • Electronic Commerce • Aligned with legal requirements in various venues
DSS Specifications • Core • Generic protocol and core features • Profiles • Selects options from Core and extends if necessary • Current DSS profiles • Time-stamping • Asynchronous operation • Code signing • Entity seal • Electronic Post Mark • German signature law • Advanced electronic signature • Signature gateway
DSS Status • Core at 3rd CD takes into account • Interoperability trials • Feedback from implementers within & outside group • Profiles updated to align with 3rd CD • Currently in public review • To be followed by OASIS Std Vote
Topics • Security Introduction • Preliminary work at W3C • SAML • XACML • Digital Signature Services • WS-Security • WS-SecureConversation, WS-Trust & WS-SecurityPolicy • Interdependencies
WS-Security Overview • Basic SOAP Message Protection • Signatures, Encryption, Timestamps • Multiple token types • Username, X.509, Kerberos, SAML, REL • Token References
Web Services Security History • Submitted to OASIS September 2002 • Interoperability testing began Summer 2003 • OASIS Standard - April 2004 • Core Specification + Username and X.509 Profiles • SAML & REL Profiles OASIS Standard - December 2004 • Public Interoperability Demo – April 2005 • WSS 1.1 – OASIS Standard February 2006 • Includes Attachments & Kerberos • Formal WSS 1.1 Errata approved November 2006 • Vote to Close TC • WS-I Basic Security Profile 1.0 & 1.1
Topics • Security Introduction • Preliminary work at W3C • SAML • XACML • Digital Signature Services • WS-Security • WS-SecureConversation, WS-Trust & WS-SecurityPolicy • Interdependencies
WS-SX Overview • Three new security specifications building on WS-Security • WS-Trust • Mechanisms to issue tokens and associated keys • WS-SecureConversation • Allows establishment of secure session (think SSL for SOAP) • WS-SecurityPolicy • Allows Web Service to express Security Policies
WS-SX TC History • New TC formed December 2005 • Under new IPR policy (RF-RAND) • Privately published specifications • Substantial interop & review of WS-SC & WS-Trust prior to TC start • WS-SP is much less mature
WS-SX Currently • Charter goal: complete in 18 months • 2nd F2F Meeting held in April 2006 • Weekly con calls • Interop testing of WS-SecCon & WS-Trust over summer • 60 day Public Review complete Dec 2 • Interop of WS-SecurityPolicy underway • Public review this winter • Submission to OASIS for vote as a Standard • Security Policy Usecases also under development
Topics • Security Introduction • Preliminary work at W3C • SAML • XACML • Digital Signature Services • WS-Security • WS-SecureConversation, WS-Trust & WS-SecurityPolicy • Interdependencies
Security Standards Interdependencies WS-SecurityPolicy WS-SecureConversation WS-Trust WSS DSS XACML SAML XML Digital Signature XML Encryption