1 / 13

Receipt Token Profile for Web Services

Receipt Token Profile for Web Services. Eric Gravengaard Reactivity. What is the problem?. Signatures prove: The signed contents of the message have not been changed since it was signed Receipts prove: The signed contents of a message I sent was received by you as I sent it Example:

amena-dorsey
Download Presentation

Receipt Token Profile for Web Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Receipt Token Profilefor Web Services Eric Gravengaard Reactivity

  2. What is the problem? • Signatures prove: • The signed contents of the message have not been changed since it was signed • Receipts prove: • The signed contents of a message I sent was received by you as I sent it • Example: • I sign and send: Add(1, 3) • I receive a signed response: 5 • Is there a simple and secure way to know that Add(1, 3) = 5? • Can I trust that you really checked my signature? Can I prove it?

  3. Ben: I received your draft. Here are some of my comments. John Hancock JH John: Please review my draft copy of a declaration of independence. Benjamin Franklin BF How can receipts be used? In a simple client/server request/response system: • The Client • Composes a request • Signs the request with its private key • The Server • Composes a response and attaches a receipt • Signs the response and receipt with its private key • Both Parties • Validate signatures • Write logs at each step

  4. What can we prove? • The secure logs prove: • That a transaction occurred • That our record of the transaction has not been altered • The signatures prove: • Server can prove that someone with the client’s private key sent the request • Client can prove that someone with the server’s private key returned the response and the receipt together • The receipt proves: • Client can prove that someone with the sender’s private key received their request and that the response message is in response to the original request

  5. Existing uses of non-repudiation • Most large business to business transactional systems implement some form of non-repudiation • Example: EDI • Early mechanisms were proprietary • More recently: AS1/AS2 Standards (RFC #3335, Sept 2002) • Web Services have no existing mechanism… • …but current specifications provide some good tools: • XML-Signature <ds:Signature> • Web Service Security: SOAP Message Security <wsse:Security> • Intermediate Roles (<S:role>)

  6. XML-Signature • Provides a mechanism for specifying a signature and relevant meta-information <ds:Signature> <ds:SignedInfo> <ds:SignatureValue> <ds:KeyInfo> <ds:Object>

  7. Web services security: receipt token profile • WSS: SOAP Message Security does not provide a mechanism for receipts and secure logging WSS:RTP is Reactivity’s proposed extension to WSS that: • Creates a new security token for requesting receipts • Creates a new security token for receipts • Defines both signed and unsigned receipts

  8. RTP receipt mechanism • Provide a general purpose receipt request mechanism • <wsnr:ReceiptRequest> provides: • /ReceiptRequest/@ReceiptFormat : signed or unsigned request • /ReceiptRequest/@CorrelationId : UUID for tracking receipts • /ReceiptRequest/ReceiptTo : how to send receipt • /ReceiptRequest/SignatureRequest : what elements to be signed • /ReceiptRequest/wsu:TimeStamp : when this request was made • <wsnr:Receipt> provides: • /Receipt/@ReceiptFormat : signed or unsigned receipt • /Receipt/@CorrelationId : same UUID as request • /Receipt/SignatureResponse : signature of receipt generator • /Receipt/wsu:TimeStamp : when this receipt was generated

  9. Receipt example Request Response

  10. Signed receipts • Main concept: Split the <ds:Signature> into two pieces • Requestor specifies a <wsnr:SignatureRequest> element: • /SignatureRequest/ds:SignedInfo : specifies algorithms and data to be signed by receipt generator • /SignatureRequest/ds:Object : allows other data to be included in the signature • Responder returns a <wsnr:SignatureResponse> element: • /SignatureResponse/ds:SignatureValue : cryptographic signature that covers the <ds:SignedInfo> of the request • /SignatureResponse/ds:KeyInfo : specifies information about the key used to generate the signature

  11. Bringing it all together: an example

  12. Isn’t this defined in… • Reliable Messaging • WS-Policy • WS-Addressing • WS-Routing • …maybe, but none of them offer any form of cryptographic proof of receipt

  13. Proposal • The TC takes on the work of producing a receipt mechanism to be specified in a token profile, timeframe to be determined • The TC accepts as an input to this profile the document submitted by Reactivity • Further work to be done: • Utilize message identifiers from other specifications

More Related