Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Services Reliable Messaging and Security Paul Fremantle VP of Technology WSO2.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Web Services Reliable Messaging and Security Paul Fremantle VP of Technology WSO2."— Presentation transcript:

1 Web Services Reliable Messaging and Security Paul Fremantle VP of Technology WSO2

2 © WSO2, Inc, 2006 About me Co-founder and VP of Technology and Partnerships at WSO2 The leading Open Source Web services company Co-Chair of the OASIS WSRX Technical Committee Committer on Apache Synapse Member of the Apache Software Foundation Co-author of Building Web Services in Java 2 nd EditionBuilding Web Services in Java 2 nd Edition http://bloglines.com/blog/paulfremantle Ex IBM Senior Technical Staff Member developed the IBM Web Services Gateway Apache WSIF Apache Axis C/C++ JWSDL/WSDL4J – now Apache Woden

3 © WSO2, Inc, 2006 Contents Introduction to WS-Reliable Messaging Composing WSRM and Security Potential attacks on a reliable exchange Securing the Sequence Summary

4 © WSO2, Inc, 2006 WSRM Aims To help ensure that messages are delivered to their destination Exactly Once In Order is the most common requirement “Composable” with other specifications and existing systems Doesn’t re-implement those aspects Has the ability to work with other standards (security, transactions, addressing)

5 © WSO2, Inc, 2006 History A specification designed by IBM, Microsoft, BEA and Tibco Designed to compose with WS- Addressing, WS-Policy Originally published in March 2003 Refreshed March 2004, Feb 2005 Submitted to OASIS June 2005

6 © WSO2, Inc, 2006 This presentation Mainly based on the public review (CD4) of WSRM 1.1 (OASIS) With appropriate comments on the Submission spec (WSRM 1.0)

7 © WSO2, Inc, 2006 WS-Reliability An alternative specification proposed by Fujitsu, Hitachi, NEC, Oracle, Sun Submitted to OASIS and standardized, currently at v1.1 One available implementation: RM4GS Reliable Messaging for Grid Service A sample/reference implementation

8 © WSO2, Inc, 2006 Confusion WS-R WSRM OASIS WSRM committee WS-RX committee

9 © WSO2, Inc, 2006 WS-RX TC members include representatives of: Actional Corporation Adobe Systems BEA Systems, Inc. BTplc Choreology Ltd. Ericsson Fujitsu Limited Hitachi, Ltd. IBM IONA Technologies JBoss Inc. Microsoft Corporation NEC Corporation Nortel Networks Limited Novell Oracle Corporation SAP AG Sonic Software Corp. Sonoa Systems, Inc. Sun Microsystems Tibco Software Inc. webMethods, Inc. WSO2 While the TC is working from the submitted spec, it aims to meet the requirements of all the TC members within the scope of the charter

10 Introduction to WSRM

11 © WSO2, Inc, 2006 The core model CreateSequence and CreateSequenceResponse Messages allocated to the sequence Acknowledgement Resend of unacknowledged messages TerminateSequence and TerminateSequenceResponse

12 © WSO2, Inc, 2006 Simple example

13 © WSO2, Inc, 2006 WS-RM core model

14 © WSO2, Inc, 2006 Delivery Assurances Previous spec (1.0) explicitly called out the delivery assurances: At least once At most once Exactly once (at least+at most) InOrder 1.1 allows the RMD to specify IncompleteSequenceBehaviour DiscardEntireSequence DiscardFollowingFirstGap NoDiscard

15 © WSO2, Inc, 2006 Verbs SOAP Body: CreateSequence/CreateSequenceResponse CloseSequence*/CloseSequenceResponse* TerminateSequence/TerminateSequenceResponse* SOAP Header: Sequence AckRequested SequenceAcknowledgement * Indicates added since submitted to OASIS

16 © WSO2, Inc, 2006 CreateSequence wsa:EndpointReferenceType xs:duration ? xs:anyURI xs:duration ?... ?...

17 © WSO2, Inc, 2006 CreateSequenceResponse xs:anyURI xs:duration ? ? wsa:EndpointReferenceType ?...

18 © WSO2, Inc, 2006 CreateSequence/Response Sent in the body AcksTo specifies the place where acknowledgements are sent Expires is optional Offer is an optional way of initiating a Sequence in the reverse direction Can respond with CreateSequenceRefused fault

19 © WSO2, Inc, 2006 CloseSequence xs:anyURI... Sent from the RMS to the RMD Added to help close down incomplete sequences After a sequence is closed, no new messages are received But still responds to AckRequested Allowing the final state of the sequence to be ascertained

20 © WSO2, Inc, 2006 TerminateSequence xs:anyURI... Sent from the RMS to the RMD - indicates that the sequence will no longer be used Normally sent when the sequence is complete – all sent messages have been acknowledged Can be sent at any time

21 © WSO2, Inc, 2006 TerminateSequenceResponse This was added by the TC to allow the RMS to know that the RMD successfully terminated the sequence xs:anyURI...

22 © WSO2, Inc, 2006 Sequence Header The primary header – added to every message that is in a Sequence Adds the sequence identifier and the message number xs:anyURI wsrm:MessageNumberType...

23 © WSO2, Inc, 2006 AckRequested xs:anyURI... Allows a RMS to request an acknowledgement from the RMD RMD must reply at once Must be a full acknowledgement (no Partial Answer Mode)

24 © WSO2, Inc, 2006 SequenceAcknowledgement xs:anyURI [ [ [ <wsrm:AcknowledgementRange... Upper="wsrm:MessageNumberType" Lower="wsrm:MessageNumberType"/> + | ] ? ] | wsrm:MessageNumberType + ]... A complete set of ranges May be Final – indicating no more messages will be accepted Or None (may be Final) Or Nacks of individual messages

25 © WSO2, Inc, 2006 “Optimistic” model Because the whole Sequence is acknowledged, it is possible to use WSRM with very little overhead over a sequence of messages CreateSequence Messages flow with Sequence headers, plus occasional acknowledgements TerminateSequence

26 © WSO2, Inc, 2006 Offer and Accept Offered sequence is a way of cutting down the “back-and-forth” There is no specific requirement that the Offered sequence is used for responses But usual behaviour

27 © WSO2, Inc, 2006 WSRM Policy The submitted spec had a number of parameters available in policy. AcknowledgementInterval was moved to CS Dynamic optimization of protocol timing is more effective than static parameters.

28 © WSO2, Inc, 2006 A two-way reliable interaction ClientServer CreateSequence + Offer CreateSequenceResponse(A) + Accept(B) Request 1 Response 1 + ackA1 Request 2 + ackB1 Request 3 + AckB1 Response 3 + ackA123 Response 2 ackB123 TerminateSequence(A) TerminateSequenceResponse + AckA123_Final TerminateSequence(B) TerminateSequenceResponse + AckB123_Final

29 © WSO2, Inc, 2006 Anonymous clients The protocol supports one-way reliability with anonymous clients May be reliable-in/unreliable-out acksTo will be anonymous Uses piggybacked acks

30 © WSO2, Inc, 2006 Anonymous clients and two-way The WSRM1.1 specification has added a new verb to support this: MakeConnection client CS+Offer(seq2) server CSR(seq1)+Accept msg1(seq1) response1(seq2) +ack(seq1) msg2(seq1) + ack(seq2) msg3(seq1) + ack(seq2) response3(seq2) + ack(seq1) MakeConnection(seq2) response2(seq2)

31 © WSO2, Inc, 2006 Uptake Still gated by lack of a “standard” Industry has definitely moved to WSRM spec Examples: Canadian government project built a solution on WSRM spec A major Wall Street bank is looking at widespread adoption of WSRM Ford and Daimler Chrysler are planning major implementations Other groups such as RAMP, FIXprotocol, will profile RM

32 © WSO2, Inc, 2006 Composability with Security WSRM is inherently designed to compose with security systems SSL/TLS WS-Security WS-SecureConversation

33 © WSO2, Inc, 2006 Basic Composability WS-Security WS-ReliableMessaging WS-AtomicTransactions Transactional Secure Transactional Secure Reliable Transactional Secure Reliable

34 © WSO2, Inc, 2006 Composability works! Numerous demonstrations of WSRM + WSSecurity WSRM and WSSecureConversation WSO2’s Web Service App Server fully supports these combinations

35 © WSO2, Inc, 2006 Composability isn’t enough Unfortunately, there is a problem Composability ensures that the application can be secured But doesn’t secure the sequence

36 © WSO2, Inc, 2006 Why isn’t SSL or WSSec enough? Party 1 Authorized RM enabled system RM Sequence Party 2 Authorized Attack on Sequence

37 © WSO2, Inc, 2006 Sequence attacks are real Probably the most famous hack ever was a sequence attack TCP Sequence Prediction Based on predicting the correct sequence number for a packet and getting your packets in first First identified by Robert Morris in 1985 but thought impractical and unlikely Actually implemented by Kevin Mitnick against Tsutomu Shimomura on Christmas Day 1994

38 © WSO2, Inc, 2006 So what can we learn from this? 1. Don’t login on Christmas Day 2. Protect your sequence

39 © WSO2, Inc, 2006 Integrity Threats Any modification to any of the RM protocol messages Countermeasures Signing the headers To prevent headers being swapped, Sequence headers should be signed with the body

40 © WSO2, Inc, 2006 Denial of Service Threat Many unused CreateSequences Target an in-order sequence with missing messages Countermeasures Restrict sequence creation to authorized parties Monitor sequences for DoS attacks Similar to secure TCP stacks

41 © WSO2, Inc, 2006 Sequence Spoofing Threats Hijacking Injecting fake or wrong messages into a sequence Incorrectly acknowledging messages Countermeasures Tie the Sequence to a security context Each side associates the sequence with security credentials used during creation Only accepts Sequence Traffic from the same entity

42 © WSO2, Inc, 2006 SSL/TLS example RMSRMD Create SSL/TLS session(s) Send CreateSequence over TLS session Sequence Traffic / TLS Sequence Traffic / different TLS  Sequence Ack / TLS Sequence Ack / different TLS  CreateSequenceResponse over TLS

43 © WSO2, Inc, 2006 Ensuring that the Sequence is secure Add this header block The mustUnderstand ensures that the RMD “agrees” to the contract Otherwise it should fault

44 © WSO2, Inc, 2006 Restrictions SSL / TLS is only point-to-point Any intermediaries must be trusted to maintain integrity The sequence must last no longer than the SSL/TLS session

45 © WSO2, Inc, 2006 WS-Security Provides SOAP message security Authentication Encryption Message and header digital signatures Message level security

46 © WSO2, Inc, 2006 SecureConversation An extension to WS-Security that allows a secure context to be established between two parties Potentially used together with WS- Trust

47 © WSO2, Inc, 2006 Secure Conversation

48 © WSO2, Inc, 2006 Benefits over just WS-Security In WS-Security, a public key is used for every message Highly inefficient

49 © WSO2, Inc, 2006 WS-SecureConversation in RM …...

50 © WSO2, Inc, 2006 SecureConversation example RMSRMD Create WSSC secure context Send CreateSequence including STReference Sequence Traffic, signed headers and body Sequence Traffic / different SecurityContext  Sequence Ack including STReference Sequence Ack / different context  CreateSequenceResponse

51 © WSO2, Inc, 2006 Ensuring that this model is in place This forces the RMD to ensure that the sequence is secured using the supplied STR

52 © WSO2, Inc, 2006 WS-I RSP Reliable Secure Profile Proposed by IBM, Ford, DaimlerChrysler Aiming at creating a supplier network based on secure reliable SOAP WSRM 1.1 WS-SecureConversation 1.3

53 © WSO2, Inc, 2006 RX TC Status and Roadmap 60-day Public Review completed Aiming to have dealt with all comments by the end of year Aiming for a standard Q1 2007

54 © WSO2, Inc, 2006 Implementations Microsoft Windows Comm Framework WCF aka Indigo Supports the submitted spec IBM WebSphere 6.1 “IBM intends to make a fully supported Web Services Reliable Messaging solution available for WebSphere Application Server V6.1 early in 2007” Apache Sandesha 1.0 Supports the submitted spec and CD3 of WSRM 1.1 WSO2 Tungsten Supported package of Apache Axis2, WSS4J, Sandesha2 Plus implementations from: Systinet, Oracle, SAP, Sun, BEA

55 © WSO2, Inc, 2006 OASIS March Interop results IBM, MSFT, WSO2, SAP, Oracle RMS\ RMD P1P2P3P4P5 P1 1.1 1.2 1.3 1.4 2.1 2.2 2.3 P2 1.1 1.2 1.3 1.4 2.1 2.2 2.3 P3 1.1 1.2 1.3 1.4 2.1 2.2 2.3 P4 1.1 1.2 1.3 1.4 2.1 2.2 2.3 P5 1.1 1.2 1.3 1.4 2.1 2.2 2.3

56 © WSO2, Inc, 2006 Resources WSRX TC Homepage http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ws-rx Submitted specification http://www.oasis-open.org/committees/download.php/16889/ Cover pages Reliable Messaging http://xml.coverpages.org/reliableMessaging.html Apache Sandesha http://ws.apache.org/sandesha2/

Download ppt "Web Services Reliable Messaging and Security Paul Fremantle VP of Technology WSO2."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.

ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.
© 2003 2004 IBM Corporation OASIS Symposium: Reliable Infrastructures for XML Critical Comparison of WS-RM and WS-R April 27, 2004 Christopher Ferris Senior.

© IBM Corporation OASIS Symposium: Reliable Infrastructures for XML Critical Comparison of WS-RM and WS-R April 27, 2004 Christopher Ferris Senior.
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
0 Web Service Security JongSu Bae. 1  Introduction 2. Web Service Security 3. Web Service Security Mechanism 4. Tool Support 5. Q&A  Contents.

0 Web Service Security JongSu Bae. 1  Introduction 2. Web Service Security 3. Web Service Security Mechanism 4. Tool Support 5. Q&A  Contents.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.

SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Reliable Messaging in the Real World Paul Fremantle Co-chair, OASIS WS-RX TC VP and Founder, WSO2 Inc OASIS Adoption Forum Ditton Manor, October 29 th.

Reliable Messaging in the Real World Paul Fremantle Co-chair, OASIS WS-RX TC VP and Founder, WSO2 Inc OASIS Adoption Forum Ditton Manor, October 29 th.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
Secure Web Services Akylbek Zhumabayev Rochester Institute of Technologies.

Secure Web Services Akylbek Zhumabayev Rochester Institute of Technologies.
Module 13: WCF Receive Adapters. Overview Lesson 1: Introduction to WCF Receive Adapters Lesson 2: Configuring a WCF Receive Adapter Lesson 3: Using the.

Module 13: WCF Receive Adapters. Overview Lesson 1: Introduction to WCF Receive Adapters Lesson 2: Configuring a WCF Receive Adapter Lesson 3: Using the.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
The Early Life of WS-ReliableMessaging Where we are, and how we got here Jorgen Thelin Program Manager – WS-* Workshops Microsoft Corporation.

The Early Life of WS-ReliableMessaging Where we are, and how we got here Jorgen Thelin Program Manager – WS-* Workshops Microsoft Corporation.
Windows Communications Foundation (Indigo): Web Services Interoperability With Java/J2EE Kirill Gavrylyuk Simon Guest COM423 Microsoft Corporation.

Windows Communications Foundation ("Indigo"): Web Services Interoperability With Java/J2EE Kirill Gavrylyuk Simon Guest COM423 Microsoft Corporation.
1 © NOKIA Web Service Reliability NOKIA. 2 © NOKIA Content What is reliability ? Guaranteed Delivery Duplicate Elimination Ordering Crash tolerance State.

1 © NOKIA Web Service Reliability NOKIA. 2 © NOKIA Content What is reliability ? Guaranteed Delivery Duplicate Elimination Ordering Crash tolerance State.
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen

1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen

Similar presentations

Ads by Google