Why Web service security if standards like SSL/TLS exists?
- End-to-end security: Consider an online credit card payment scenario which involves three parties: a cardholder (that’s you), an online merchant, and your bank. Ideally, all parties should be authenticated to one another, and the secure communication path should stretch from the cardholder all the way to the bank. But SSL/TLS is simply not designed for such a scenario; SSL/TLS only handles point-to-point security. Thus, if you rely only on SSL, you cannot send your credit card number to the bank through the merchant without the merchant knowing it. The same goes for Web services, although at a slightly different level. Web service application topologies include all sorts of devices, PCs, proxies, demilitarized zones, gateways, and who knows what else. Consequently, many intermediaries come between two communicating parties. SSL/TLS may secure the path between any two, but not from one end to the other. Something new, therefore, must address this problem.
- Selective encryption: In an online payment scenario, in practice, many messages travel to and fro among the three parties before the payment itself happens, but conceptually, what happens proves simple: a message travels from the consumer to the merchant to the bank. Such a message may contain two things: information about the goods bought and instructions for the bank to pay the merchant. The bank doesn’t need to know about the former, and the merchant doesn’t need to know about the latter. The message, therefore, must be partitioned in such a way that a merchant cannot see the bank’s part of the message, and vice versa. This is difficult to achieve; it’s impossible with S/MIME or PGP because these standards will encrypt the entire XML document. XML Encryption’s selective encryption feature, in contrast, allows an XML-based solution for such problems.
Web service Security:
- Authentication: Authentication is used to ensure that parties within a business transaction are really who they claim to be; thus proof of identity is required. This proof can be claimed in various ways. One simple example is by presenting a user ID along with a secret password. A more complex example is one that uses an X.509 certificate issued from a trusted Certificate Authority (such as Verisign). The certificate contains identity credentials and has a pair of private and public keys associated with it. The proof of identity presented by a party includes the certificate itself and a separate piece of information that is digitally signed using the certificate’s private key. By validating the signed information using the public key associated with the party’s certificate, the receiver can authenticate the sender as being the owner of the certificate, thereby validating their identity. When both parties authenticate each other, this is called mutual authentication and is often done between a web service consumer and a web service provider.
- Data Integrity: In order to validate the integrity of business information exchanged in a transaction ensuring that a message’s content has not been altered or corrupted during its transmission over the Internet, the data can be digitally signed using security keys. This is the second requirement of the security triad. A common practice is to use the private key of the sender’s X.509 certificate to digitally sign the SOAP body of a web service request. Similarly, SOAP header blocks in a request can also be signed to ensure the integrity of information exchanged in a transaction that is outside the scope of the actual business context (for example, message IDs, security tokens). Likewise, a web services response can be digitally signed to ensure data integrity.
- Data Confidentiality: Encryption technology can be used to make the information exchanged in web services requests and responses unreadable. The purpose is to ensure that anyone accessing the data in transit, in memory, or after it has been persisted, would need the appropriate algorithms and security keys to decrypt the data before being able to access the actual information.
Web service Security model:
The public key of the Service Provider’s X.509 certificate must be exchanged with the client and configured into the client’s runtime prior to invoking the Service Provider’s services. For both the Consuming Application and the Service Provider, the root certificate of the Certificate Authority (such as Verisign) that issued the parties’ certificates will need to be imported into the local keystores. The Consuming Application’s keystore will have the root certificate of the Service Provider’s certificate. Likewise, the Service Provider’s keystore will require the root certificate of the Consuming Application’s certificate. This is mandatory and allows validation of the digital signatures of the individual certificates that are passed as binary security tokens in the SOAP messages.
A full implementation of all three security requirements would include:
- The senders of the web services request or response
- Signing the message with the private key of their X.509 certificate
- Encrypting the message with the public key of the receiver’s X.509 certificate to ensure that only they can access the message content
- The receivers of the web services request or response
- Verifying the signature of the message using the public key of sender to authenticate the sender and to verify integrity of the message
- Decrypting the message with the private key of their X.509 certificate
Web service Security use case:
1. Consuming Application processing of web services request
Typically, the Consuming Application will have a Service Proxy or a JAX-RPC stub component that has been generated from an Integrated Development Environment (such as WebSphere Studio Application Developer) using the Service Provider’s WSDL. When a web services invocation is made, the proxy or SOAP runtime on the client system performs the WS-Security functions prior to sending the request.
- First, the SOAP message is digitally signed. The SOAP runtime may access a keystore to retrieve security keys and certificates as needed. Depending on the WS-Security support your environment provides, you might be able to sign just the SOAP body, or you might be able to sign individual elements within the body.
- In addition, SOAP header blocks might be signed. The signature is performed using the private key of the Consuming Application’s X.509 certificate. Once the message has been signed, the X.509 certificate itself is included in the SOAP header as a binary security token.
- The message is encrypted using a symmetric algorithm with a shared key. The key used for the data encryption is encrypted itself using an asymmetric algorithm with the public key associated with the Service Provider’s X.509 certificate. Once the message and shared key have been encrypted, a reference to the X.509 certificate of the Service Provider to whom the request is being sent is included in the SOAP header. This is done because the Service Provider might be using multiple certificates.
2. Service Provider processing of web services request
When a Service Provider receives a web services request, the request is directed to the SOAP processing engine (SOAP runtime) based on the request’s URL (published access point for the service).
- The message data and shared key passed in the request are encrypted, so the first step is to identify the X.509 certificate referenced in the SOAP header and retrieve its private key from a keystore. Once the private key is obtained, the shared key can be decrypted using an asymmetric algorithm. With the shared key in the open, the message data can be decrypted using a symmetric algorithm.
- With the entire message now in the open, the X.509 certificate passed in the SOAP header can be accessed to retrieve its public key. The message’s digital signature is performed with the Consuming Application’s public key. As a result of the the signature’s successful validation, the Service Provider SOAP runtime not only validates the message integrity but also is ensured that the Consuming Application actually signed the message. This process also authenticates the message’s origin/sender because only the sender who owns the certificate has access to the private key used to sign the message. Once the message has been decrypted and the signature validates the SOAP runtime calls the web services implementation.
3. Service Provider processing of web services response
Once the business logic of the service implementation has executed and a response is available, the same WS-Security operations take place for the web services response message. However, the roles of X.509 key pairs are reversed for digital signature and encryption. The Service Provider’s SOAP runtime digitally signs the message using the private key of its own X.509 certificate. The certificate is included in the SOAP message, and the message is encrypted using a shared key. The key used for the data encryption could be the same key passed in the original request or another randomly generated key, the latter being more typical. The encryption of the shared key is performed using the public key of the certificate that was passed in the request; thus only the sender of the request who has access to the certificate’s private key is the only party that can decrypt the message. Once the message has been signed and encrypted, the Service Provider’s SOAP runtime sends the response to the Consuming Application.
4. Consuming Application processing of web services response
The Consuming Application’s WS-Security processing of the web services response is very similar to what the Service provider for the request performed.
The Consuming Application receives a web services response with the response directed to the SOAP processing engine (SOAP runtime) based on the original HTTP session. The message data and shared key passed in the response are encrypted. Therefore, the initial step is to retrieve the private key of the certificate associated with the corresponding request to decrypt the shared key using an asymmetric algorithm. With the shared key in the open, the message data can be decrypted using a symmetric algorithm. After the entire message is in the open, the X.509 certificate passed in the SOAP header can be accessed to retrieve its public key. The response message’s digital signature is performed with the Service Provider’s public key. Following the signature’s successful validation, the Consuming Application’s SOAP runtime not only validates the message integrity, but also is ensured that the Service Provider actually signed the message. This process also authenticates the message’s origin/sender because only the sender who owns the certificate has access to the private key used to sign the message. Once the message has been decrypted and the signature validated, the SOAP runtime forwards the response to the Consuming Application.