iModelsHoldings Reviews KEIKO – Read KEIKO Reviews about iModelsHoldings
Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.
-
Upload
bartholomew-lane -
Category
Documents
-
view
216 -
download
0
Transcript of Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.
![Page 1: Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfd31a28abf838cac3b8/html5/thumbnails/1.jpg)
Secure Systems Research Group - FAU
A Pattern for XML SignaturePresented by Keiko Hashizume
![Page 2: Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfd31a28abf838cac3b8/html5/thumbnails/2.jpg)
Secure Systems Research Group - FAU
Outline
• Introduction• A Pattern for WS-Security• Conclusion
![Page 3: Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfd31a28abf838cac3b8/html5/thumbnails/3.jpg)
Secure Systems Research Group - FAU
Introduction
• Digital signature existed before XML Signature. One of the most common is PKCS#7 Signature.
• Before XML Signature, it was possible to sign XML documents, but it was not possible to express the signature in an XML format. Also, it was not possible to sign only some parts of the document.
• XML Signature was developed by the W3C and the IETF (Internet Engineering Task Force).
![Page 4: Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfd31a28abf838cac3b8/html5/thumbnails/4.jpg)
Secure Systems Research Group - FAU
A Pattern for WS-Security
• XML Signature standard describes the syntax and the process of generating and validating digital signatures. XML Signature provides message integrity, message authentication, and non-repudiation.
• Context– Users of web services send and receive SOAP
messages through insecure channel such as the Internet.
![Page 5: Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfd31a28abf838cac3b8/html5/thumbnails/5.jpg)
Secure Systems Research Group - FAU
Problem
• Because SOAP messages travel through insecure channels, they may be intercepted and modified while they are in transit.
• The solution for this problem is affected by the following forces:– We need to express a digital signature in a
standardized XML format, so interoperability can be ensured between applications.
![Page 6: Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfd31a28abf838cac3b8/html5/thumbnails/6.jpg)
Secure Systems Research Group - FAU
ProblemForces…– Messages may be captured while they are in transit, so we
need to be able to verify if this data was modified. – Messages can be sent and later disavowed, so we need to
prevent senders to deny having sent a specific message.– An XML message, any part of an XML message, or external
resources can be signed. We need a way to refer and locate these elements.
– XML documents may be parsed by different processors, and also XML allows some flexibility without changing the semantic of the message. Thus, we need to convert the data to a standard format.
![Page 7: Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfd31a28abf838cac3b8/html5/thumbnails/7.jpg)
Secure Systems Research Group - FAU
Solution– Structure - Class Diagram
Structure
![Page 8: Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfd31a28abf838cac3b8/html5/thumbnails/8.jpg)
Secure Systems Research Group - FAU
Signature Types
• Enveloping Signature
![Page 9: Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfd31a28abf838cac3b8/html5/thumbnails/9.jpg)
Secure Systems Research Group - FAU
Signature Type
• Enveloped Signature
![Page 10: Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfd31a28abf838cac3b8/html5/thumbnails/10.jpg)
Secure Systems Research Group - FAU
Signature Type
• Detached Signature
![Page 11: Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfd31a28abf838cac3b8/html5/thumbnails/11.jpg)
Secure Systems Research Group - FAU
Signature Type
• Detached Signature
![Page 12: Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfd31a28abf838cac3b8/html5/thumbnails/12.jpg)
Secure Systems Research Group - FAU
– Dynamics
Sequence Diagram for the UC: Sign an XML-Element
![Page 13: Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfd31a28abf838cac3b8/html5/thumbnails/13.jpg)
Secure Systems Research Group - FAU
Consequences• This pattern presents the following advantages:
– XML Signature describes a common framework for digital signatures.
– Using digest algorithms guarantee that any change in the message will invalidate the signature.
– A signature is generated using the sender’s private key. Because the sender is the only one that knows his private key, he cannot deny signing the data.
– The data being signed is referred by its URI (Uniform Resource Identifier), so elements within XML messages and external resources can be located using their identifiers.
– XML Signature uses canonicalization algorithms to ensure that different representations of XML are transformed into a standard format before applying any digest algorithm.
![Page 14: Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfd31a28abf838cac3b8/html5/thumbnails/14.jpg)
Secure Systems Research Group - FAU
Consequences• The pattern also has some (possible) liabilities:
– Large overhead because of the use of many types of algorithms such as digest, canonicalization and signature algorithms.
![Page 15: Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfd31a28abf838cac3b8/html5/thumbnails/15.jpg)
Secure Systems Research Group - FAU
Known UsesSeveral vendors have developed products that support WS-Security.– Xtradyne’s WS-DBC (Web Service Domain Boundary Controller) http://www.xtradyne.com/products/ws-dbc/WSDBCfeatures.htm– IONA Artix www.iona.com/info/aboutus/collateral/Artix%20and%20Security.pdf–Forum Sentry™ http://forumsys.com/products_sentry_specs.htm–SecureXML Digital Signature Web Service http://www.infomosaic.net/Welcome.htm
![Page 16: Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfd31a28abf838cac3b8/html5/thumbnails/16.jpg)
Secure Systems Research Group - FAU
Related Patterns
–WS-Security Standard uses XML Signature.
![Page 17: Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.](https://reader036.fdocuments.us/reader036/viewer/2022062409/5697bfd31a28abf838cac3b8/html5/thumbnails/17.jpg)
Secure Systems Research Group - FAU
Conclusion
• We need to develop patterns for the WS – family such as WS-Policy, WS-Privacy, WS-SecureConversation, WS-Federation, and WS-Authorization.
• We need to develop a pattern diagram describing how this standards are related to each other.