A Pattern for XML Signature - PowerPoint PPT Presentation

About This Presentation
Title:

A Pattern for XML Signature

Description:

Outline Introduction A Pattern for WS-Security Conclusion Introduction Digital signature existed before XML Signature. ... it was possible to sign XML documents, ... – PowerPoint PPT presentation

Number of Views:74
Avg rating:3.0/5.0
Slides: 18
Provided by: Kei37
Learn more at: https://www.cse.fau.edu
Category:

less

Transcript and Presenter's Notes

Title: A Pattern for XML Signature


1
A Pattern for XML Signature
  • Presented by Keiko Hashizume

2
Outline
  • Introduction
  • A Pattern for WS-Security
  • Conclusion

3
Introduction
  • Digital signature existed before XML Signature.
    One of the most common is PKCS7 Signature.
  • Before XML Signature, it was possible to sign XML
    documents, but it was not possible to express the
    signature in an XML format. Also, it was not
    possible to sign only some parts of the document.
  • XML Signature was developed by the W3C and the
    IETF (Internet Engineering Task Force).

4
A Pattern for WS-Security
  • XML Signature standard describes the syntax and
    the process of generating and validating digital
    signatures. XML Signature provides message
    integrity, message authentication, and
    non-repudiation.
  • Context
  • Users of web services send and receive SOAP
    messages through insecure channel such as the
    Internet.

5
Problem
  • Because SOAP messages travel through insecure
    channels, they may be intercepted and modified
    while they are in transit.
  • The solution for this problem is affected by the
    following forces
  • We need to express a digital signature in a
    standardized XML format, so interoperability can
    be ensured between applications.

6
Problem
  • Forces
  • Messages may be captured while they are in
    transit, so we need to be able to verify if this
    data was modified.
  • Messages can be sent and later disavowed, so we
    need to prevent senders to deny having sent a
    specific message.
  • An XML message, any part of an XML message, or
    external resources can be signed. We need a way
    to refer and locate these elements.
  • XML documents may be parsed by different
    processors, and also XML allows some flexibility
    without changing the semantic of the message.
    Thus, we need to convert the data to a standard
    format.

7
  • Solution
  • Structure - Class Diagram

Structure
8
Signature Types
  • Enveloping Signature

9
Signature Type
  • Enveloped Signature

10
Signature Type
  • Detached Signature

11
Signature Type
  • Detached Signature

12
  • Dynamics

Sequence Diagram for the UC Sign an XML-Element
13
Consequences
  • This pattern presents the following advantages
  • XML Signature describes a common framework for
    digital signatures.
  • Using digest algorithms guarantee that any change
    in the message will invalidate the signature.
  • A signature is generated using the senders
    private key. Because the sender is the only one
    that knows his private key, he cannot deny
    signing the data.
  • The data being signed is referred by its URI
    (Uniform Resource Identifier), so elements within
    XML messages and external resources can be
    located using their identifiers.
  • XML Signature uses canonicalization algorithms to
    ensure that different representations of XML are
    transformed into a standard format before
    applying any digest algorithm.

14
Consequences
  • The pattern also has some (possible) liabilities
  • Large overhead because of the use of many types
    of algorithms such as digest, canonicalization
    and signature algorithms.

15
Known Uses
  • Several vendors have developed products that
    support WS-Security.
  • Xtradynes WS-DBC (Web Service Domain Boundary
    Controller) http//www.xtradyne.com/products/ws-db
    c/WSDBCfeatures.htm
  • IONA Artix www.iona.com/info/aboutus/collateral/A
    rtix20and20Security.pdf
  • Forum Sentry http//forumsys.com/products_sentry_
    specs.htm
  • SecureXML Digital Signature Web Service
    http//www.infomosaic.net/Welcome.htm

16
Related Patterns
  • WS-Security Standard uses XML Signature.

17
Conclusion
  • We need to develop patterns for the WS family
    such as WS-Policy, WS-Privacy, WS-SecureConversati
    on, WS-Federation, and WS-Authorization.
  • We need to develop a pattern diagram describing
    how this standards are related to each other.
Write a Comment
User Comments (0)
About PowerShow.com