You are on page 1of 56


Sang Shin
Web Services

Java Technology Evangelist

Sun Microsystems, Inc.

Disclaimer & Acknowledgments Revision History

• Even though Sang Shin is a full-time employee of Sun • 02/01/2004: created (Sang Shin)
Microsystems, the contents here are created as his
own personal endeavor and thus does not reflect any
• Things to do
official stance of Sun Microsystems.
• speaker notes need to be added
• Contents need some polishing
• Sun Microsystems is not responsible for any
inaccuracies in the contents.
• Acknowledgments
• Some slides are borrowed from Eve Maler (Sun)
• Some slides are borrowed from Rima Patel (Sun)

? What is security?
? Why new security schemes for Web
? XML-based Web services security
What is Security?
– XML signature
– XML encryption
– XKMS, XACML, SAML, WS-Security
– How they work together

Concrete Forms of Security

? Confidentiality: can prying eyes see it?
? Authentication: are you who you say you
? Trust: have I agreed to work with you? Why New Security
? Non-repudiation: can you claim you didn’t
send it even if you really did?
Schemes for Web Services?
? Integrity: was it altered before I got it?
? Authorization: are you allowed to have it?
? Auditing: can I prove what happened?

Why More Stringent Security for Issues with Current Web

Web Services? Security Schemes
? Point of interaction is more “over the ? SSL/TLS/HTTPS
internet” (as opposed to “within an intranet”) – Transport level security (as opposed to message
? Interaction between partners with no level security)
previously established relationship – Point-to-point security only, does not handle
end-to-end multi-hopped messaging security
? Program to program interaction (as opposed
to human to program interaction) – Security only when data is on the wire, does not
secure data off the wire
? More dynamic interaction (as opposed to
– HTTPS does not support non-repudiation
static interaction)
– HTTP might not be the only transport used
? Larger number of services providers and users
– No element-wise signing and encryption
9 10

Can today’s web security

model handle web services?
? The practical maximum is HTTPS using
– Transient point-to-point encrypted communication
with known trusted parties: authentication of the
parties and confidentiality of the data in motion Web Services
? Web services can and do use this, but it’s
insufficient in several ways
Security Requirements
– Not granular enough: it encrypts everything
– Inflexible about routing; it’s just point-to-point
– No chance for auditing what’s going on
– Can’t avoid repudiation; it’s not signing the data

Granularity, extensibility, Simple

and transparency in SOAP Credit
applying for a

2. send credit
business loan

credit score
1. request
Header A Header A Header A Header A

Header B Header B Header D Header D
4. aggregate data and
Header C Header C Header C send loan request
in need of Bank
cash 6. send response to loan
SOAP body SOAP body SOAP body SOAP body

3. collect 5. log and

inventory data timestamp
Requester Intermediary 1 Intermediary 2 Responder as collateral loan request
13 14

Requirements in this scenario Matching requirements to technologies

? The business needs to prove its identity to the Requirement: Technologies:

credit report company and the bank Confidentiality Key-based digital encryption and decryption
(authentication) Authentication Username/password, key-based digital signing and
signature verification, challenge-response, biometrics,
? The credit report company needs to know that smart cards, etc.
their paying customer won’t back out maliciously Trust Key-based digital signing and signature verification
after sending the request (non-repudiation)
Non-repudiation Key-based digital signing and signature verification,
? The credit report company needs to prove it message reliability

supplied the credit score itself (authentication) Integrity Message digest, itself authenticated with a digital
? All the message content needs to reach its Authorization Application of policy, access control, digital rights
various destinations unchanged (integrity) and be management

safe from competitors’ eyes (confidentiality) Auditing Various forms of logging, themselves secured to avoid
? The bank needs to record the receipt of the
application (auditing) 15 16

New challenges New opportunities

? Inter-enterprise web services are dealing ? The pace of application and service creation is
with incompletely trusted clients increasing
– RPC-style services have special needs: is the caller – How can we make it easier for developers to add high-quality
security features?
authorized to ask for this computer action?
? The web services security infrastructure can
? “End-to-end” isn’t just “point-to-point” take advantage of XML’s granularity
– SOAP intermediaries: the original author wrote – Encrypting or signing selected portions
the payload, but many intermediate senders may – Acting on and rewriting individual headers
touch the message afterwards – Hardware appliances could accelerate these functions

– Long-running choreographed conversations with ? Security-related applications can themselves

multiple requests, responses, and forks become web services
– Providers of security, identity, and provisioning solutions
can interoperate better

17 18

WUST security infrastructure

standards descriptions
authenticated, confidentiality-protected of endpoint
web service messages with potential to be security
authorized requirements
WS-Coordination, WS-Transaction?

Web Services SAML XrML

Security Frameworks
WS-Security QOP?
Kerberos X.509

XML Signature XML Encryption



Where these technologies Quick reference

are applied in our scenario Standard: Venue: Status:

XML Signature W3C, IETF Recommendation stage

Credit XML Encryption W3C Recommendation, Candidate Rec stages
WS-Security OASIS Working drafts; previous private specs; may
2. send credit ultimately include Quality of Protection (QOP) work
credit score
1. request

on top of WSDL

Kerberos IETF Well established authentication technology using

symmetric keys
4. aggregate data and
send loan request X.509 ITU, IETF Well established authentication technology using
Business public/private keys
in need of Bank
cash 6. send response to loan SAML OASIS 1.0 in OASIS Standard balloting; expected to pass
XrML OASIS Working draft stages; previous private spec; IPR
3. collect 5. log and
inventory data timestamp
as collateral loan request
21 22

Web Services Security Tech

The standards ecosystem

ID-FF 1.1
ID-WSF 1.0

XML & Web Services WSPL


Security Standards WS-Policy

Early Draft

Mature Draft

V1 Complete

Stability W3C OASIS Liberty Private


XML & Web Services Security

? XML Digital Signature
? XML Encryption
? XKMS (XML Key Management Specification)
? XACML (eXtensible Access Control Markup
Language) XML Signature
? SAML (Secure Assertion Markup Language)
? WS-Security
? Identity Management & Liberty Project


What is XML Digital Signature ? Why XML Digital Signature?

? Authentication, data integrity (tamper-
proofing), non-repudiation
? Very flexible, thus can support diverse set
of internet transaction models
? Joint W3C/IETF effort – Can sign individual items of a XML document
– XML syntax for representing signature of web
– Can sign multiple items
resources and portions thereof
– Procedures for computing and verifying such – Can sign both local and remote objects
signatures ? Allows detached signature that apply to remote, URI-

referenced content
Canonicalization of XML data
– Can sign both XML and non-XML content
– Trust in key is out-of-scope
– Allows multiple levels of signing (different signing
? Specs: W3C Recommendation, RFC 3075 semantics) to same content
? JSR-105 27
? Sign, co-sign, witness, notarize, etc.

XML Signature Forms

? Enveloped
? Enveloping
? Detached

XML Signature
Types of XML Signature

XML Signature – Enveloped XML Signature – Enveloping

<doc Id="myID"> <Signature>
<myElement> ...
</myElement> <Reference URI="#myRefObjectID">
<Signature> <Signature> is <Object Id="myRefObjectID" >
<Reference URI="#myID"/> enveloped <doc>
... within the ... <Signature>
content been </myElement> envelopes the
signed </doc> contents to be
</Object> signed

XML Signature – Detached


<Reference URI=


<Signature> is XML Signature
external to the Structure of XML
content that is
signed Signature

XML Signature Structure Tech

XML Signature Structure

<Transform/> Applied to
</Transforms> referenced
<DigestMethod/> content
<DigestValue/> Digested
</SignedInfo> Signed
</Signature> Signature
Key related

Example of Signed Purchase Order

<Signature> element
<Signature xmlns="">

<CanonicalizationMethod Algorithm="" />
• Parent element of XML Signature
<SignatureMethod Algorithm=""/>
<Reference URI="#PurchaseOrder">
<DigestMethod Algorithm="" />
• Contains
• <SignedInfo>
</SignatureValue> • <SignatureValue>
<KeyInfo> • <KeyInfo>
<X509SubjectName>CN=Alice Smith, STREET=742 Park Avenue,
L=New York, ST=NY, C=US</X509SubjectName>
• <Object>



<SignedInfo> element <CanonicalizationMethod>

• Consists of specification of the • Specifies the algorithm (identified
information that is signed
through a URI) used for
• Contains • Canonicalization of XML
• <CanonicalizationMethod>
• <SignatureMethod>
• <Reference> (one or more)

<SignatureMethod> element <Reference> element

• References the actual data stream
? Specifies the algorithm (identified (through a URI), that would be signed
through a URI) used for • This data stream would be hashed
? generation and validation of signatures
(digested) after applying appropriate
? For e.g. transformations (if any)
specifies the DSA (Digital Signature • Contains
• <Transforms>
• <DigestMethod>
• <DigestValue>

<Transforms> element <Transforms> element (Contd.)

• Specifies all the transformations that
would be applied on the to-be signed
• The output of last transformation
content • is then digested
• The input to first transformation
• Contains
• A list of <Transform> elements
• is the result of dereferencing the URI attribute
of <Reference> element • Transformation examples
• Base64 encoding (MIME)
• Canonicalization (XML-C14N)

<Transform> element <Transform> element (Contd.)

• Specifies
• Application specific transformation
algorithm is also allowed
• transformation algorithm in use
• For e.g. A compression routine implemented
• content parameters for the given algorithm, if as Java class specified by a base64 encoded
any content parameter

For e.g. Some transformations may require
explicit MIME type or charset (IANA, for instance)
or other such information concerning the data
they receive from an earlier <Transform>

<SignatureValue> element <KeyInfo> element

• Contains the base64 encoded value of • Allows specifying trust information
the digital signature either
• Explicitly, by specifying

a raw public key or an X.509 certificate
• Implicitly, by specifying

URI of a remotely located public key via
<RetrievalMethod> element
• Optional element

<KeyInfo> element (Contd.) <KeyInfo> element (Contd.)

• Very important element • Contains
• Leveraged by rest of the security • <KeyName>
specifications i.e. •
A text identifier

XML Encryption • <KeyValue>

XML Key Management Services •
RSA or DSA public key, in base64

Security Assertions Markup Language • <RetrievalMethod>

Remotely references the public key via a URI
• <X509Data>

X.509 certificates related data

<KeyInfo> element (Contd.) A note on <KeyInfo>

• <PGPData> • Following are out of scope of XML

PGP related data Signature
• <SPKIData> • Trust in the key information specified by

SPKI certificates related data <KeyInfo>
• <MgmtData> • Verification of key information specified by

Key Negotiation algorithms related parameters <KeyInfo>
such as Diffie-Hellman

Although, this can be delegated to an XKMS Trust
Service as we will see later

Canonicalization Canonicalization (Contd.)

• Canonicalization presents a method • Proving logical equivalence is important
• for testing logical equivalence of XML for application areas such as
documents • Checksums
• It generates physical form a.k.a. • Digital Signatures
Canonical form, of an XML document • Consider XML fragements below:
such that <Reservation Type="Hotel"
• If two XML documents can be reduced to the <Reservation Id="12345"
same canonical form, they are considered Type="Hotel">
logically equivalent within the given context They are logically equivalent, however will fail
equivalence test in byte comparison.

Canonicalization and XML

Canonical XML
• Digital Signature over Canonical form
• Defines an algorithm that generates
of an XML document or document canonical form
subset • of a given XML document or document
• Allows signature digest to be oblivious to
changes in the original document's physical • Effort hosted by XML Signature
representation Working Group of W3C
• Provided changes are defined to be logically • Started in 1999
equivalent by XML 1.0 or Namespaces in

Example of Canonical XML Example of Canonical XML

<?xml version="1.0"?>
• The Canonical form of the given XML
<?xml-stylesheet href="doc.xsl"
type="text/xsl" ?> would
<!DOCTYPE doc SYSTEM "doc.dtd">
• Loose XML declaration
• Loose DTD
<doc>Hello, world!<!-- Comment 1 --></doc>
• Loose whitespace
<?pi-without-data ?> •
Between PI target and its data
<!-- Comment 2 --> • Comment removal from uncommented
canonical form
<!-- Comment 3 -->

Example of Canonical XML

Process of signing
<?xml-stylesheet href="doc.xsl"
• Generate references by
type="text/xsl" ?> • Applying transforms (<Transforms>) to data
<doc>Hello, world!</doc>
<?pi-without-data?> Canonical form with all the to be signed, if needed
comments removed. • Calculating digest
<?xml-stylesheet href="doc.xsl"
type="text/xsl" ?>
• Generate signature by
<doc>Hello, world!<!-- Comment 1 --></doc> • Placing <Reference> element into
<!-- Comment 2 --> <SignedInfo>
<!-- Comment 3 --> • Calculating <SignatureValue> over
Canonical form with all the
comments. • Placing <SignedInfo> into <Signature>

Process of Validation
• Validate references by
• Applying transforms <Transforms> to data
• Calculating digest and then comparing it to
• Validate signature by
• Retrieving key from <KeyInfo> or other
XML Signature
source of key information JSR 105
• Validating <SignatureValue>

JSR 105 – XML Signatures in Java Tech

JSR 105 – XML Signatures in Java Example of Enveloped Signature Generation (1)
// First, create a DOM XMLSignatureFactory
XMLSignatureFactory fac = XMLSignatureFactory.getInstance(“DOM”);
? Important JSR 105 APIs
// Specify the algorithms for various things such as Canonicalization
? XMLSignatureFactory DigestMethod dm =
fac.newDigestMethod (DigestMethod.SHA1_URI,null);
? Abstract factory used to create XML Signatures from
CanonicalizationMethod cm = fac.newCanonicalizationMethod
scratch (CanonicalizationMethod.WITH_COMMENTS_URI, null);
Implementations support a specific XML mechanism (ex: SignatureMethod sm = fac.newSignatureMethod
“DOM”) (SignatureMethod.RSA_SHA1_URI, null);

XMLSignature Transform tm = fac.newTransform(Transform.ENVELOPED_URI, null);

? Contains methods for signing and validating // Create a Reference pointing to the document to be signed
Reference ref = fac.newReference
? XMLSignContext (“”, dm, Collections.singletonList(tm), null, null);

// Create a DOM KeyInfoFactory

? XMLValidateContext KeyInfoFactory kifac = fac.getKeyInfoFactory();

Sun™ Sun™
JSR 105 – XML Signatures in Java Tech
Days JSR 105 – XML Signatures in Java Tech

Example of Enveloped Signature Generation (2) Example of Enveloped Signature Validation

// Create X509Data KeyInfo type & insert X.509 certification // Create DOM XMLSignatureFactory
X509Data xd = kifac.newX509Data XMLSignatureFactory fac = XMLSignatureFactory.getInstance
(Collections.singletonList(myX509Cert)); (“DOM”);
// Create KeyInfo
KeyInfo ki = kifac.newKeyInfo(Collections.singletonList(xd)); // Create an XMLValidateContext
XMLValidateContext dvc =
// Create SignedInfo new DOMValidateContext (myX509Cert.getPublicKey(),
SignedInfo si = sigElement);
fac.newSignedInfo (cm, sm,Collections.singletonList(ref));

// Create XMLSignature // Unmarshal XMLSignature

XMLSignature signature = fac.newXMLSignature(si, ki); XMLSignature signature = fac.unmarshalXMLSignature(dvc);

// Create XMLSignContext // Validate XMLSignature

XMLSignContext dsc = boolean coreValidity = signature.validate(dvc);
new DOMSignContext(privateKey, doc.getDocumentElement());

// Generate the XMLSignature


? W3C Recommendation (Feb. 2002)
? At least 10 vendor implementations
are available
– Java WSDP
– Apache Open source implementation
XML Signature – Most J2EE vendors will support this even
though it is not mandated in J2EE 1.4
Status ? JSR-105 work in progress
– Public review in progress (06/2003)

What is XML Encryption?

? Data privacy (Confidentiality)
? Defines
– XML syntax for encrypted data


Encrypting/decrypting such data
Can encrypt only certain parts of document

Encryption ?

W3C Recommendation now
JSR 106


Examples of using XML

XML Encryption and SSL Encryption – I
• SSL encrypts all the data transmitted
through an SSL channel
John Smith's Credit Info: <EncryptedData>
• XML Encryption can encrypt the John Smith's Purchase Info:
1 Book titled...
portions of data selectively
• For e.g. A specific element within an XML
document John

Encryption of credit card info

sent from user to

Examples of using XML

Encryption – II
Encryption of credit card
info sent from to
such that - John Smith's Credit Info: <EncryptedData>
John Smith's Purchase Info:

Later can only decrypt XML Encryption

credit card info and not the
purchase information
Structure of XML

Example of Encryption (Only credit

card element is encrypted) XML Encryption Structure
<purchaseOrder> <EncryptedData>
<name>Alice Smith</name> <EncryptionMethod> Encryption
<address> ... </address> <ds:KeyInfo> algorithm
<EncryptedData xmlns=''> <AgreementMethod>
<EncryptionMethod Algorithm="urn:nist-gov:tripledes-ede-cbc"> <ds:KeyName>
<s0:IV xmlns:s0='http://somens'>ABCD</s0:IV> Key
</EncryptionMethod> <ds:RetrievalMethod> informatio
<KeyInfo xmlns=''> </ds:KeyInfo> n
<KeyName>SharedKey</KeyName> <CipherData>
</KeyInfo> <CipherValue>
<CipherData>A23B45C56</CipherData> <CipherReference> Raw
</EncryptedData> encrypted data
<prodNumber>8a32gh19908</prodNumber> <EncryptionProperties>
<quantity>1</quantity> </EncryptionData> Encryptio
</purchaseOrder> n Element


<EncryptedData> element <EncryptionMethod> element

• Core element in the syntax • Optional element
• Replaces the encrypted data in an XML
document or
• Specifies encryption algorithm applied
• Serves as a new document root to cipher data
• Contains
• If absent, encryption algorithm must
• <EncryptionMethod>
be known to recipient
• <ds:KeyInfo>
• Else decryption will fail
• <CipherData>
• <EncryptionProperties>

<ds:KeyInfo> element <EncryptedKey> element

• Semantics as defined by XML
• Transports encryption keys to known
Signature specification recipient
• Can contain additional elements
• Can be placed either
defined by XML Encryption syntax i.e. • As a standalone XML document
• <EncryptedKey> • Within an application XML document
• <AgreementMethod> • Inside <EncryptedData> element
• As a child of <ds:KeyInfo> element

<AgreementMethod> element <AgreementMethod> element

• Can be used by originator to identify • XML Encryption does not provide an
keys and computational procedures online key agreement negotiation
used to obtain shared encryption key protocol
• Carries an Algorithm attribute to • If agreed key is being used to wrap a
specify Key Agreement algorithm key rather than data then
• For e.g. Diffie-Hellman • <AgreementMethod> appears inside
<ds:KeyInfo> inside <EncryptedKey> element

Keying information for

decryption of cipher data <CipherData> element
• Provides cipher data either
• Can be provided in 3 ways
• In the form of base64 encoded text of
• <EncryptedData> or <EncryptedKey> <CipherValue> element or
specifying the keying info by <ds:KeyInfo>
• By providing a reference to an external
• A detached <EncryptedKey> element location containing the encrypted octet
sequence specified by <CipherReference>
• <EncryptedKey> via <KeyReference> or element

<EncryptedData> via <DataReference>
• The keying material is automatically
determined by recipient

based on the application context

<CipherReference> element <EncryptionProperties> element

• It identifies source (via URI) • Carries additional information
• Which can yield encrypted octet sequence • concerning the generation of
• Contains <EncryptedData> or <EncryptedKey>
• An optional sequence of <Transforms>

Data resulting from dereferencing the URI is
• For e.g. Serial number of cryptographic
transformed as specified in order to yield hardware used during encryption
intended cipher value • Contains
• Syntax of <Transforms> similar to XML Signature
syntax • <EncryptedProperty>

Encryption Granularity Example XML Document

• Encryption can be carried out at <?xml version='1.0'?>
following levels xmlns=''>

<Name>John Smith</Name>
• Encrypting an XML element <CreditCard Limit='5,000' Currency='USD'>
<Number>4019 2445 0277 5567</Number>
• Encrypting XML Elements containing other <Issuer>Example Bank</Issuer>
elements </CreditCard>
• Encrypting XML Element containing
character data
• Encrypting arbitrary data and XML
• Encrypting EncryptedData (Super

Encrypting XML Element

Encrypting XML Element Contents (Elements)
<?xml version='1.0'?> <?xml version='1.0'?>
<PaymentInfo <PaymentInfo xmlns=''>
xmlns=''> <Name>John Smith</Name>
<Name>John Smith</Name> <CreditCard Limit='5,000' Currency='USD'>
<EncryptedData Type= <EncryptedData
'' xmlns=''
xmlns=''> Type='
<CipherData> <CipherData>
<CipherValue>A23B45C56</CipherValue> <CipherValue>A23B45C56</CipherValue>
</CipherData> </CipherData>
</EncryptedData> </EncryptedData>
</PaymentInfo> </CreditCard>

Only encrypts the

Encrypting entire <CreditCard> elements of
element <CreditCard> element

Encrypts XML Element Encrypts XML Element

Contents (Character Data) Contents (Character Data)
<?xml version='1.0'?>
<PaymentInfo </Number>
xmlns=''> <Issuer>Example Bank</Issuer>
<Name>John Smith</Name>
<CreditCard Limit='5,000' Currency='USD'> <Expiration>04/02</Expiration>
<Number> </CreditCard>
<EncryptedData </PaymentInfo>
xmlenc#' Type='

Only encrypts credit

card number

Encrypting Arbitrary Data and Encrypting <EncryptedData>

XML Documents Super Encryption
<?xml version='1.0'?> xmlns:pay=''>
MimeType='text/xml'> <EncryptedData Id='ED1'
<CipherData> xmlns=''
<CipherValue>A23B45C56</CipherValue> Type=''>
</CipherData> <CipherData>
</EncryptedData> <CipherValue>
If the application scenario requires all </CipherData>
information to be encrypted, the whole </pay:PaymentInfo>
document is encrypted as an octet sequence.
This applies to arbitrary data as well as XML A valid super encryption of ED1 is shown on
documents. next slide ->

Encrypting <EncryptedData>
Super Encryption

<EncryptedData Id='ED2'

</CipherValue> Here <CipherValue>
'newEncryptedData' is the XML Encryption
</pay:PaymentInfo> base64 encoding of the
encrypted octet sequence JSR 106
resulting from encrypting the
<EncryptedData> element
with ID='ED1'

JSR 106 – XML Encryption in

? Standard Java API for W3C XML
Encryption standard
? Programming model similar to JSR 105
? Important JSR 106 APIs
? XMLEncryptionFactory
? EncryptedData
? EncryptedKey
XML Signature
? XMLEncryptContext Status
? XMLDecryptContext

Status and Resources (XML

? W3C Note status on XML Encryption
? Implementations are not yet widely
available XKMS
? JSR-106 work in progress (XML Key
W3C XML Encryption home page

Management Spec.)


Sun™ Sun™
What is XKMS? Tech
Why XKMS? Tech

? Defines protocol between XKMS

? PKI is very important to Web services &
client and XKMS server for E-commerce
performing PKI operations
? PKI operations are too expensive to
? public key registration
small devices
? public key validation
? XKMS reduces the processing burden by
? public key discovery moving it to a XKMS server
? public key revocation ? PKI operations are too complex to
? XKMS server provides trust service in many applications
the form of a Web service ? XKMS eases the integration of PKI by moving
? Used along with XML digital signing the complexity of PKI operation to a XKMS
and encryption

XKMS Specifications Tech

X-KISS Protocol: Public Key

Binding Validation Request
XKISS: XML Key Information Service
Spec. <Validate>
? Defines a protocol for validation of public <ds:KeyInfo>
keys <ds:KeyName>...</ds:KeyName>
? XKRSS: XML Key Registration Service </ds:KeyInfo>
Spec. <Respond>
? Defines a protocol for registration, <string>KeyValue</string>
revocation, recovery of public keys </Validate>

X-KISS Protocol: Public Key

Status and Resources (XKMS)
Binding Validation Response
<Result>Success</Result> ? W3C is making good progress
? JSR-104 work in progress
</KeyID> ? W3C XKMS Home page
<ds:KeyName>...</ds:KeyName> –

Java Implementations XKMS

? Verisign: Trust Services Integration Kit
? Entrust: XKMS toolkit
? Phaos (eXtensible Access Control
– Markup Language)


What is XACML? Why XACML?

? Standardize access control language in XML
? Define core schema and namespace for
– Extensible language with flexible semantics
authorization policies in XML:
– Used against XML elements in XML document
? Lower costs
– Extensible – No need to develop app-specific languages
? Closely aligned with SAML effort – No need to write policy in several languages
– Policy Decision Points (PDPs) involved in SAML
? Simpler
might consult policies encoded in XACML to – Admins only need to understand one language
determine whether access will be granted to a
? Policy composition
– Policies written by different parties can be
109 110

XACML Use Case Status and Resources (XACML)

? A patient has patient record including
psychiatric notes ? OASIS Standard (Feb. 2003)
? The patient grants access right to ? Java-based open source implementation
psychiatric notes only to primary care available (donated from Sun)
doctor –
? The primary care doctor grants access to ? No JSR effort yet
patient record to covering doctor, with
access restriction following the
transmitted documents so that covering
doctor has no access to psychiatric notes
111 112

What is SAML?
? Define an XML framework for
exchanging authentication and

SAML authorization information

– Various XML security assertions: credentials,
(Security Assertion –
authentication, attribute, authorization, etc...
Request & response protocol
Markup Language) ? Enables Single Sign-On (SSO)
? OASIS Standard
? JSR-155

Why SAML? Use cases for sharing security

information thru SAML
? Standards are emerging for many
facets of collaborative e-commerce, • SAML developed three “use cases” to
such as: drive its requirements and design:
– Business transactions (e.g., ebXML) – Single sign-on (SSO)
– Software interactions (e.g., SOAP) – Distributed transaction
? But communicating security – Authorization service
properties of these interactions isn’t
well standardized
– Low interoperability between PMI solutions
– Tight coupling within components

#1 Single Sign On (SSO) #2 Distributed Transaction

? Logged-in (authenticated) users of ? A car buyer also purchases an auto insurance
are allowed to access to sister site from which is affiliated with
without relogin


Buy a car


Assertion SAML
Assertion Assertion Assertion
Request Response Response

Use secured Buy insurance

resource without re-login

#3 Authorization Service SAML in a nutshell

? An employ of orders office supplies
directly from, which performs its own
? It’s an XML-based framework for
authorization exchanging security information
– XML-encoded security “assertions” – XML-encoded request/response protocol
– Rules on using assertions with standard
SAML SAML transport and messaging frameworks
Employee of Assertion Assertion
Request Response

SAML Assertions Authentication statement

• Assertions are declarations of fact,
according to someone
? An issuing authority asserts that
– subject S was authenticated
• SAML assertions are compounds of one
– by means M
or more of three kinds of “statement”
– at time T
about “subject” (human or program)
– Authentication
? Targeted towards Single Sign On uses
– Attribute
– Authorization

Example assertion with

authentication statement Attribute statement
<saml:Assertion …>
? An issuing authority asserts that
AuthenticationMethod=“password” (By means M)
AuthenticationInstant=“2001-12-03T10:02:00Z”>(At time T) – Subject S is associated with
<saml:Subject> (Subject S)
<saml:NameIdentifier – attributes A, B, … with values “a”, “b”, “c”…
Name=“Sang” /> ? Useful for distributed transactions and
http://…core-25/sender-vouches authorization services

Example assertion with two

attribute statements Authorization statement
<saml:Assertion …>
? An issuing authority decides
<saml:Attribute – whether to grant the request by subject S
AttributeName=“PaidStatus” (attribute A)
AttributeNamespace=“”> – for access type A to resource R
<saml:AttributeValue> (with value a)
</saml:AttributeValue> – given evidence E
<saml:Attribute ? The subject could be a human or a
AttributeName=“CreditLimit” (attribute B)
AttributeNamespace=“”> program
<saml:AttributeValue> (with value b)
<my:amount currency=“USD”>500.00
? The resource could be a web page or
</saml:Attribute> a web service, for example

Example assertion with Protocol for Requesting &

authorization statement Receiving Assertions
<saml:Assertion …>
Decision=“Permit” (Whether to grant request) Asserting Party (Issuing Party)
Resource=“”> (for res. R)
<saml:Subject>…</saml:Subject> (by Subject S)
ActionNamespace=“http://…core-25/rwedc ”>
<saml:Action>Read</saml:Action> (for access type A)
</saml:Actions> SAML Assertion SAML Assertion
</saml:AuthorizationStatement> Request Response

Relying Party (Requesting Party)


WS-Security Specification
• Set of SOAP extensions for end-to-end SOAP
messaging security
– Security schemes at message level
• Signing and encrypting SOAP messages by
attaching security tokens to SOAP messages
WS-Security – Any combination of message parts: Header blocks,
body, attachments


• Multiple security models
– username/password
– certificate
• Multiple security technologies
– Kerberos How They Work

• Multiple types of security tokens

– Kerberos ticket
– X509 certificate
– SAML assertions

SAML and Other Standards SAML and Other Standards

• SAML and XML DSig
– XML DSig is used for digitally signing and
canonicalizing SAML assertions – SAML traffic could be secured by XKMS-
– Authenticating, tamper-proofing (integrity), based PKI (or by other PKI implementation,
non-repudiating SAML assertions or by other means entirely)
• SAML and XML Encryption
– XACML could be used to define access
– XML Encryption is used for encrypting and
control/policy as a basis for handling SAML
decrypting SMAL assertions
assertion request
– Enforcing privacy (confidentiality) of SAML

SAML and Other Standards

• SAML and WS-Security
– SAML Assertions can be carried as security
tokens defined in WS-Security
• SAML and Liberty Project
– SAML is used as security information
exchange protocol among Liberty

? W3C XML Digital Signature
? W3C XML Encryption
Resources ?


? WS-Security
? ebXML Message Services
? Liberty Project
– Thank You!

JAX-RPC Message-Level Security Tech

Sang Shin
Technology Evangelist
JAX-RPC Message Level Security Days

Implementation in Java WSDP 1.3

? Implements portions of OASIS Web Services
? Implements only XML Signature
? no encryption
? runs over plain HTTP
? Signing and verification are implemented as
SOAP message handlers at both client and server
? Only programmatic security is supported
? no declarative support (via deployment descriptor)
Transport vs. Message Level Security Tech

Transport Level Message

• Uses SSL
• DoesLevel
not use SSL

• Point-to-Point :
• Data Chunks are
Protects the “pipe” protected

• Does not work with

• Intended to work with
Intermediaries Intermediaries

• Ubiquitous
• Standards still under

SOAP based communications introduces the notion

of Message-level security
Sample Applications Tech

? dump
? prints out both the client and server request and response
SOAP messages
? sign
? the response is signed by the server and verified by the client
? sign2
? the client signs the request, the message is dumped out, the
message travels over the network, the server verifies the
signature, the business method is called, the server signs the
response, the message travels back over the network, and
the client verifies the response
? retrieves calling client identity
Steps of Signing (at the Client) Tech

? Get client proxy object

? Create ClientHelper object and bind it with the
client proxy object
? Use the createFor() static factory method to create an
instance of a ClientHelper
? Configure the ClientHelper for the actions you
want to take
? SOAP message handlers are configured
? Sign client request
? Verify server response
? Call business methods
ClientHelper Class Tech

? There could be several kinds of ClientHelper's

depending on the kind of credentials the client
? A ClientHelper has no credentials associated
with it, while a CertificateClientHelper carries
X509 certificate credentials
JAX-RPC Client Side (from sign2) Tech

public class StaticHelloClient {

public static void main(String[] args) throws Exception {
Remote proxy = (Remote) createProxy();

// Create a CertificateClientHelper for a client-side stub/proxy

CertificateClientHelper cch = CertificateClientHelper.createFor(proxy);

// Sign the request and then dump the message for debugging

// Verify the response which was signed by the server


// Call the business method

HelloIF hello = (HelloIF) proxy;
System.out.println(hello.sayHello("to Duke!"));

private static Stub createProxy() {

// Note: MyHello_Impl is implementation-specific.
Stub stub = (Stub) (new Hello_Impl().getHelloIFPort());
return stub;
Steps of Verification (at the Server) Tech

? On the server side, there is only one kind of

credential, an X509 Certificate credential, which
means that there is only one ServerHelper class
? Create ServerHelper object and bind it with the
? Usually done inside of init() method of ServiceLifeCycle
interface which is implemented by the endpoint
? Configure the ServerHelper object with security
? Verify client request
? Sign response
JAX-RPC Secure Endpoint (sign2) Tech

public class HelloImpl implements HelloIF, ServiceLifecycle{

private ServerHelper sh;

public String sayHello (String s){

public void init (Object context)

throws ServiceException{

// Create ServerHelper object and bind it

// with endpoint
sh = ServerHelper.createFor(context);

// Config server security actions - verify client

// request and sign response
Extracting Client Principal Tech

? Once client is authenticated, client's Subject

and Principal's are set
? Subject identifies the source of request
? Subject has multiple Principals
Extracting Client Principal (sign2) Tech

public class HelloImpl implements HelloIF, ServiceLifecycle{

private ServerHelper sh;

public String sayHello (String s){

return (prompt + s + " and also to " +

public void init (Object context)

throws ServiceException{

SunNetworkSM Conference 2002

Identity Management & Sang Shin

Liberty Project
Java ™ Technology Evangelist
Sun Microsystems, Inc.

Disclaimer & Acknowledgments Revision History

• Even though Sang Shin is a full-time employee • 02/01/2004: created (Sang Shin)
of Sun Microsystems, the contents here are • Things to do
created as his own personal endeavor and • speaker notes need to be added
thus does not reflect any official stance of Sun • Contents need some polishment
• Sun Microsystems is not responsible for any
inaccuracies in the contents.
SunNetworkSM Conference 2002
• What is and Why Identity Management?
• Identity Management architectural options
• Liberty project
• Identity Management evolution
• Java Technology and Identity What is & Why
• Status of Liberty project Identity Management?

What Is Identity? Why Identity Management?

Customer Name John Smith
Email alias Policy-Based Trusted Network
User ID
Credit card number
Social security number Context-Sensitive Authentication,
Drivers license Attributes, and Authorization
The set of Passport
Retinal Scan
attributes that DNA
describe Entertainment preferences
Notification preferences
profile(s) of an Employee Authorization Employees Customers Business Devices
individual or Business Calendar
Dinning preferences
business entity Affinity program
Friends and associates
or program Education History
Medical History
Financial Assets…
Identity is the foundation for the next
generation of highly personalized web services
SunNetworkSM Conference 2002
Network Identity Components Network Identity Is The Foundation
Upon Which Web Services Are Built
Web Services
ATTRIBUTES: Traits, profiles, • Personal consumer preferences
(e.g., travel, entertainment,
preferences of an dining)
identity, device, or • Identity-specific histories (e.g., Network Identity
business partner purchases, medical records, etc.)
• Device capabilities information Business policy: liability, assurance for transactions
(e.g., text-only, video, etc.) Relationships between people, groups, and organizations
AUTHENTICATION: A level of security • Services based on attributes (e.g,.

Travel, entertainment, dining) Applications and services: Access and Authorization

guaranteeing the • Transaction consummation
validity of an identity Relationships between identities and information
• Gradient levels of service (e.g.,

representation based on employee level)

Presentation/Personalization: What the User Sees
Defining relationships through quality of experience
The provisioning of Govt issued (Drivers license,
AUTHORIZATION: services or

social security, Passport)

• Biometric (Fingerprint, Retinal
activities based Scan, DNA) Authenticated Identity
upon an • Self-selected (PIN number, secret
(person, application, group, organization)

Source: Burton Group

Identity Crisis—Silos of Identity Why Identity Is Important

Single sign-on should be

It should be available
an accelerant for Internet
on anything attached
commerce, not a
to the Internet
bottleneck or toll booth
SunNetworkSM Conference 2002

Enterprise Identity Challenges What Individuals Care About

? Many incompatible identity
• Security and
? Same for authentication safety
? No standard for policy based • Comfort
provisioning of services
? Building your on-line directory – • Convenience and
before your competitors do it for ubiquity
? Mining your directory
? Privacy, public policy, regulation
? Interoperability – within and
between enterprises

Identity Value Chain

Content & Service Business

Creation Promotion
Delivery Management Factors

APIs Hosting Financial Preferences Billing

Identity Management
Schema Portal History Usage
SW Platform Ingredient Business Services Access Discounts
Device Specific Brand Supply Chain Rewards Payments
Security Services Authentication Authorization
Aggregation Architectural Options
SunNetworkSM Conference 2002
Possible Identity Solutions Centralized Architecture Single Identity

Centralized • Overview
Open Federated Model
Model Financial Svcs
– “User” & Nodes enroll with ID operator
Customer –
Single Identity Community ID operator issues (GUID) global unique identifier
Operator – “User” can access all operator sites
Online Wireless
Community Community
• Pros
– Single source of control/auditability
Telecommunications Community • Cons
– Security/Privacy controlled by one operator
Travel – Operator controls some profile data
Entertainment Community
Community – Profile sharing/tracking possible without permission
– Single point of security failure
– Danger for "Tollgateíng"


Federated Architecture RETAILER TELCOM


– Account chaining based
– “User” & Nodes need explicit linking
– No common GUID
• Pros
– User has complete control on who/what to share
– Businesses have complete on “user” profile data

Incremental profile sharing possible
Creates market opportunity for identity service Liberty Project
• Cons
– Expensive to do without standards
– Profile data inconsistency possible
SunNetworkSM Conference 2002
Liberty Project Liberty Alliance*
• Create an open standard for identity,
authentication and authorization
• Objective: lower costs, accelerate commercial
opportunities, and increase customer satisfaction
• Federated standard will enable every
business to:
• Maintain their own customer/employee/device
• Tie data to an individual’s or business’s identity
• Share data with partners according to its business
objectives, and customer’s preferences
* today. And growing.

Views of Federated Identity Federated Identity Premises

Services •
Providers that
Distributed identity data stays with “rightful”
are equal and owner
Identity interoperable
• Multiple authenticators (Identity providers)
• They compete for consumer trust
Control over •
Manage privacy Delineation between authentication (identity
and preferences
and disclosure providers) and authorization(merchants)
• Merchants retain control of transaction requirements
Individuals • Consumer is in control of who can access
Service with Multiple
Profiles information
• Multiple modes: Always, Within group, per transaction, …
• Gradient levels of authentication within network
SunNetworkSM Conference 2002
Circles of Trust
Supplier Supplier
ID Accts Supplier
Preferences: Payable Supply B
…… .
App External
Chain Services
Trust External
Authority Services
(my company)
Work Services
Employee Circle of Trust

Identity Management Secondary



Trust NI Source

Authority Enabled Service
(e.g., my airline)
Merchants Aggregator
(e.g., my bank) Friends & External
Home NI Services
Name: Enabled Notification
Services External
…… . Services

Consumer Circles of Trust Services

Network Identity Organic Evolution Evolution of Identity Networks

Separate login Separate login Seamless login

for each site for each network across networks
SunNetworkSM Conference 2002
Analogous to ATM Networks

Java Technology &

Identity Management
Separate card Separate card for Seamless access
for each bank each network across networks

Java Platform and Liberty

• J2EE
• New Liberty JSR
• Inclusion in Java Web Services Developer Pack
• Tracked for J2EE 1.5
• J2SE
• Liberty digital signing via Java Web start
Status of
• J2ME Liberty Project
• Liberty digital signing via MIDP
• JavaCard
• Liberty certificates stored in Java Card
SunNetworkSM Conference 2002
Status of Liberty Project
• Liberty version 1.0 specification was
released in July, 2002
• First Liberty-enabled products are
expected to be available by the end of
2002 Liberty Project Concept
• Liberty version 2.0 work has been already
started Demo
• More than x members right now

Key Points of the Demo

? Signing into a portal for the first time
? Opting-in to a federated identity network
? Providing that identity network with
additional data and preferences
? Performing context-sensitive online banking Resources
? A sophisticated airline affinity program
? Online web service notification
? How one's personal identity follows them
across multiple devices
SunNetworkSM Conference 2002
? W3C XML Digital Signature
? W3C XML Encryption
? XKMS and its relatives (now at W3C)
– Passion!
? Liberty Alliance