The Architectural Framework of a Secure Web Service
Applies to: Windows Communication Foundation
Published: June 2011
Author: Robert Dizon
This topic contains the following sections.
Enterprises are taking increasing advantage of web services to work with subsidiaries, form joint ventures, and to share applications and information with their customers and other businesses. Consequently, it is vital that there be a way to establish trust between web services. Today, the Web Services Security Standards (also known as WS-Security) define how to use mature security technologies such as firewalls, and the Secure Socket Layer (SSL) to create a trusted relationship. However, these older technologies are no longer sufficient to provide the end-to-end security that is necessary when businesses share services.
Some of the security challenges that these new business initiatives present are:
A business's application services may be located in different parts of the company, and in some cases outside of the corporate network.
A service may not know the identities of consumers beforehand, and a service request can be routed and brokered over a series of nodes.
Businesses must establish and adhere to the policies and procedures for trusted services. Together these policies and procedures form a transient trust relationship.
Businesses must be able to interoperate across domains, and establish a system of automated trust, where a relationship can be established without human intervention. This is especially true when businesses share legacy and mainframe systems to meet the business demands through secure process, service integration and collaborations.
In addition, Service Oriented Architecture (SOA) security presents unique difficulties:
Exposure of key internal application resources to partners as a web services creates a loss of internal security controls.
Loosely-coupled applications are systems designed to communicate independently (not process or programmatically bound) also present new challenges for policy, compliance, and enforcement.
There have been major changes in how authentication and authorization in corporate trust relationships are performed. In addition, it is now possible to federate credentials along with a process called policy assertion which is a form of service that will generate verifiable assertions about the identity of an entity or its authorizations.
The Gartner Group estimates that 75% of all security breaches and malicious attacks occur at the application level. "Web services will have reopened 70% of the attack paths against Internet affected systems, which were closed by network firewalls in the 1990's." - Ray Wagner, Gartner, Gartner Symposium. A similar sentiment was voiced in a ComputerWorld article titled "How SOA increases your security risk."
This article discusses some ways to address these challenges.
There are three major components to securing a web service. They are the service provider, the service broker, and the service consumer.
A service provider enforces the level of security that is required by a specific application. Security measures may, for example, restrict an authenticated consumer's access to authorized services and ensure that the confidentiality and integrity of messages is preserved. The service consumer must follow the security requirements that the provider specifies for each service. The service broker implements high-level authorization decisions in order to enable secure messaging between consumers and providers. On consumers that require access to legacy services, the service broker abstracts any legacy security protocols for authentication and authorization to the legacy service provider.
The following diagram outlines some of the security controls that are involved when a client uses a web service to interact with a provider.
Remember that security controls for message encryption and decryption use additional processing bandwidth, and add performance latency if they are implemented on the code level. To conserve processing bandwidth, consider using an XML gateway that is designed to operate with high-traffic web services. An XML gateway is conceptually the same as a firewall, but it is specifically designed for XML messages. To conserve resources, only apply security controls where they are needed. For example, use encryption and decryption when passing sensitive information such as social security number (SSN). Additionally, use digital signatures, authentication credentials, and selected XML fields that requires confidentiality when you transmit the message outside the enterprise boundaries.
A service consumer is comprised of the set of tools that sends messages to the service broker. The following table lists the functions of the service consumer.
Service brokers receive and process service requests. The following table lists the functions of the service broker.
A service provider is the platform that provides access to the service, publishes the contract that describes the service's interface, and registers the service with the service broker. The following table lists the functions of the service provider.
Continue on to the next article: Transport Level Security