Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption

 <  Day Day Up  >  

In subsequent chapters, you will find detailed discussions of the core specifications and standards surrounding Web services security. We've dedicated entire chapters to XML Signature, XML Encryption, SAML, and WS-Security, respectively. Table 2.1 defines the core security specifications covered in this book.

Table 2.1. The Web Services Specifications in This Book

Specification

Description

XML Signature

XML Signature is the standard that defines how to guarantee XML message integrity. Additionally, this is the mechanism that provides for non- repudiation that the sender is the one who really sent a message and that the receiver is the one who really received it. This specification is the subject of Chapter 4.

XML Encryption

XML Encryption is the standard that defines how to guarantee XML message confidentiality. It prevents eavesdropping on any message being transported ”even on an open , insecure network. This specification is the subject of Chapter 5.

SAML

The Security Assertion Markup Language is an XML-based framework for exchanging security information. This security information is expressed in the form of assertions about subjects, where a subject is an entity (either human or computer) that has an identity in some security domain. A typical example of a subject is a person, identified by his email address in a particular Internet DNS domain. This important OASIS standard is covered in Chapter 6.

XACML

The eXtensible Access Control Markup Language is a proposed OASIS standard for an XML specification to express policies for information access over the Internet. XACML is expected to address fine-grained control of authorized activities, the effect of characteristics of the access requestor , the protocol over which the request is made, authorization based on classes of activities, and content introspection. This OASIS activity is covered in Chapter 9.

XrML

The eXtensible Rights Markup Language fills the need for rights specification for digital media. The goals for an OASIS XrML standard are that it be capable of expressing simple and complex rights and that it be capable of describing rights for any type of digital content or service. This OASIS activity is covered in Chapter 9.

XKMS

The XML Key Management Specification is a W3C submission composed of protocols for distributing and registering public keys, suitable for use in conjunction with XML Signature and XML Encryption. XKMS is made up of two parts : the XML Key Information Service Specification (X-KISS) and the XML Key Registration Service Specification (X-KRSS). This specification is covered in Chapter 9.

WS-Security

This comprehensive security specification is built on and utilizes XML Signature and XML Encryption as fundamental components . This OASIS draft specification describes enhancements to the SOAP messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies. This specification also provides a general-purpose mechanism for associating security tokens with messages. Chapter 7 is dedicated to this important standard.

WS-Policy

WS-Policy provides a general-purpose model and syntax to describe and communicate the policies of a Web service. It defines a base set of constructs that can be used and extended by other Web services specifications to describe a broad range of service requirements, preferences, and capabilities. The goal is a common language for describing the rules for interacting with a Web service, or what a client requires of a Web service, regardless of whether the domain is security, privacy, transactions, or any other category. WS-Policy is not very far along yet in the standards process, but we felt an early understanding of it so important that we created an entire chapter on the topic ”Chapter 8.

 <  Day Day Up  >  

Категории