The Architectural Framework of a Secure Web Service
Collapse the table of content
Expand the table of content

The Architectural Framework of a Secure Web Service

Visual Studio 2010

Applies to: Windows Communication Foundation

Published: June 2011

Author: Robert Dizon

This topic contains the following sections.

Enterprises are taking increasing advantage of web services to work with subsidiaries, form joint ventures, and to share applications and information with their customers and other businesses. Consequently, it is vital that there be a way to establish trust between web services. Today, the Web Services Security Standards (also known as WS-Security) define how to use mature security technologies such as firewalls, and the Secure Socket Layer (SSL) to create a trusted relationship. However, these older technologies are no longer sufficient to provide the end-to-end security that is necessary when businesses share services.

Some of the security challenges that these new business initiatives present are:

  • A business's application services may be located in different parts of the company, and in some cases outside of the corporate network.

  • A service may not know the identities of consumers beforehand, and a service request can be routed and brokered over a series of nodes.

  • Businesses must establish and adhere to the policies and procedures for trusted services. Together these policies and procedures form a transient trust relationship.

  • Businesses must be able to interoperate across domains, and establish a system of automated trust, where a relationship can be established without human intervention. This is especially true when businesses share legacy and mainframe systems to meet the business demands through secure process, service integration and collaborations.

In addition, Service Oriented Architecture (SOA) security presents unique difficulties:

  • Exposure of key internal application resources to partners as a web services creates a loss of internal security controls.

  • Loosely-coupled applications are systems designed to communicate independently (not process or programmatically bound) also present new challenges for policy, compliance, and enforcement.

  • There have been major changes in how authentication and authorization in corporate trust relationships are performed. In addition, it is now possible to federate credentials along with a process called policy assertion which is a form of service that will generate verifiable assertions about the identity of an entity or its authorizations.

The Gartner Group estimates that 75% of all security breaches and malicious attacks occur at the application level. "Web services will have reopened 70% of the attack paths against Internet affected systems, which were closed by network firewalls in the 1990's." - Ray Wagner, Gartner, Gartner Symposium. A similar sentiment was voiced in a ComputerWorld article titled "How SOA increases your security risk."

This article discusses some ways to address these challenges.

There are three major components to securing a web service. They are the service provider, the service broker, and the service consumer.

A service provider enforces the level of security that is required by a specific application. Security measures may, for example, restrict an authenticated consumer's access to authorized services and ensure that the confidentiality and integrity of messages is preserved. The service consumer must follow the security requirements that the provider specifies for each service. The service broker implements high-level authorization decisions in order to enable secure messaging between consumers and providers. On consumers that require access to legacy services, the service broker abstracts any legacy security protocols for authentication and authorization to the legacy service provider.

The following diagram outlines some of the security controls that are involved when a client uses a web service to interact with a provider.

Referenced Image

Remember that security controls for message encryption and decryption use additional processing bandwidth, and add performance latency if they are implemented on the code level. To conserve processing bandwidth, consider using an XML gateway that is designed to operate with high-traffic web services. An XML gateway is conceptually the same as a firewall, but it is specifically designed for XML messages. To conserve resources, only apply security controls where they are needed. For example, use encryption and decryption when passing sensitive information such as social security number (SSN). Additionally, use digital signatures, authentication credentials, and selected XML fields that requires confidentiality when you transmit the message outside the enterprise boundaries.

A service consumer is comprised of the set of tools that sends messages to the service broker. The following table lists the functions of the service consumer.

Table 1. Service Consumer Functions

Functions

Descriptions

Identity

  • An application-consumer identity is used to communicate with the service broker, and the service provider.

  • An end-user identity is passed to the broker and to the service provider for end-to-end identification.

Authenticate

  • The service consumer credentials authenticate with the broker or the service provider.

  • The service consumer can request a token from the authentication service.

  • The service consumer validates the authentication information that is provided by brokers and service providers.

Authorize

  • Not applicable

Integrity

  • The service consumer encrypts and decrypts all or parts of any messages.

  • The service consumer signs or verifies message signatures for all or parts of any messages.

Service brokers receive and process service requests. The following table lists the functions of the service broker.

Table 2. Service Broker Functions

Functions

Descriptions

Identity

  • An application-broker identity communicates with the service providers and service consumers.

  • The service broker is aware of the consumer and service provider identities for authentication and authorization decisions.

Authenticate

  • The service broker credentials authenticate with the service provider or consumer.

  • The service broker validates the authentication information that is provided by service providers and consumers.

Authorize

  • The service broker determines which consumers and brokers can access which services (this is known as coarse grained authorization).

Integrity

  • The service broker encrypts and decrypts all or parts of a message.

  • The service broker signs or verifies message signatures for all or parts of a message.

A service provider is the platform that provides access to the service, publishes the contract that describes the service's interface, and registers the service with the service broker. The following table lists the functions of the service provider.

Table 3. Service Provider Functions

Functions

Descriptions

Identity

  • An application-provider identity communicates with the service broker, and the service consumer.

  • The service provider is aware of the broker identity for authorization decisions.

Authenticate

  • The service provider credentials are used to authenticate with the service broker or the consumer.

  • The service provider validates the authentication information that is provided by service brokers and consumers.

Authorize

  • The service provider determines which consumers and brokers can access which services (this is coarse grained authorization).

  • The service provider determines, within a service, what a consumer or broker can specifically create, read, update, or delete (this is known as fined grained authorization).

Integrity

  • The service provider encrypts and decrypts all or parts of a message.

  • The service provider signs or verifies message signatures for all or parts of a message.

Show:
© 2016 Microsoft