receipt token profile for web services
DESCRIPTION
Receipt Token Profile for Web Services. Eric Gravengaard Reactivity. What is the problem?. Signatures prove: The signed contents of the message have not been changed since it was signed Receipts prove: The signed contents of a message I sent was received by you as I sent it Example: - PowerPoint PPT PresentationTRANSCRIPT
Receipt Token Profilefor Web Services
Eric GravengaardReactivity
© 2003 Reactivityslide 2
What is the problem?
• Signatures prove: • The signed contents of the message have not been
changed since it was signed
• Receipts prove:• The signed contents of a message I sent was received by
you as I sent it
• Example:• I sign and send: Add(1, 3)• I receive a signed response: 5• Is there a simple and secure way to know that Add(1, 3) =
5?• Can I trust that you really checked my signature? Can I
prove it?
© 2003 Reactivityslide 3
How can receipts be used?
In a simple client/server request/response system:• The Client
• Composes a request• Signs the request with its private key
• The Server• Composes a response and attaches a receipt• Signs the response and receipt with its private key
• Both Parties• Validate signatures• Write logs at each step
John:
Please review my
draft copy of a
declaration of
independence.
Benjamin Frankli
n
BF
Ben:
I received your
draft. Here are
some of my
comments.
John Hancock
JH
© 2003 Reactivityslide 4
What can we prove?
• The secure logs prove:• That a transaction occurred• That our record of the transaction has not been altered
• The signatures prove:• Server can prove that someone with the client’s private
key sent the request• Client can prove that someone with the server’s private
key returned the response and the receipt together
• The receipt proves:• Client can prove that someone with the sender’s private
key received their request and that the response message is in response to the original request
© 2003 Reactivityslide 5
Existing uses of non-repudiation
• Most large business to business transactional systems implement some form of non-repudiation
• Example: EDI• Early mechanisms were proprietary• More recently: AS1/AS2 Standards (RFC #3335, Sept 2002)
• Web Services have no existing mechanism…• …but current specifications provide some good
tools:• XML-Signature <ds:Signature>• Web Service Security: SOAP Message Security
<wsse:Security>• Intermediate Roles (<S:role>)
© 2003 Reactivityslide 6
XML-Signature
• Provides a mechanism for specifying a signature and relevant meta-information
<ds:Signature>
<ds:SignedInfo><ds:SignedInfo>
<ds:SignatureValue>
<ds:KeyInfo>
<ds:Object>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="#c14n"/>
<ds:SignatureMethod Algorithm="#rsa-sha1"/>
<ds:Reference URI="#xpointer(/Envelope/Body)">
<ds:Transforms>
<ds:Transform Algorithm="#c14n"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="#sha1"/>
<ds:DigestValue>I8U/3X26MjaTplqjQeTu1C56Elo=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
© 2003 Reactivityslide 7
Web services security: receipt token profile
• WSS: SOAP Message Security does not provide a mechanism for receipts and secure logging
WSS:RTP is Reactivity’s proposed extension to WSS that:
• Creates a new security token for requesting receipts
• Creates a new security token for receipts• Defines both signed and unsigned receipts
© 2003 Reactivityslide 8
RTP receipt mechanism
• Provide a general purpose receipt request mechanism• <wsnr:ReceiptRequest> provides:
• /ReceiptRequest/@ReceiptFormat : signed or unsigned request• /ReceiptRequest/@CorrelationId : UUID for tracking receipts• /ReceiptRequest/ReceiptTo : how to send receipt• /ReceiptRequest/SignatureRequest : what elements to be signed• /ReceiptRequest/wsu:TimeStamp : when this request was made
• <wsnr:Receipt> provides:• /Receipt/@ReceiptFormat : signed or unsigned receipt• /Receipt/@CorrelationId : same UUID as request• /Receipt/SignatureResponse : signature of receipt generator• /Receipt/wsu:TimeStamp : when this receipt was generated
© 2003 Reactivityslide 9
Receipt example
<wsse:Security>
<ReceiptRequest ReceiptFormat="generalReceipt" CorrelationId="33485">
<ReceiptTo Required="true" Target="response"/>
<wsu:Timestamp>
<wsu:Created>2003-03-11T16:30:17Z</wsu:Created>
</wsu:Timestamp>
</ReceiptRequest>
</wsse:Security>
<wsse:Security>
<Receipt ReceiptFormat="generalReceipt" CorrelationId="33485">
<wsu:Timestamp>
<wsu:Received>2003-03-11T16:33:43Z</wsu:Received>
</wsu:Timestamp>
</Receipt>
</wsse:Security>
Response
Request
© 2003 Reactivityslide 10
Signed receipts
• Main concept: Split the <ds:Signature> into two pieces
• Requestor specifies a <wsnr:SignatureRequest> element:• /SignatureRequest/ds:SignedInfo : specifies algorithms and data
to be signed by receipt generator• /SignatureRequest/ds:Object : allows other data to be included
in the signature
• Responder returns a <wsnr:SignatureResponse> element:• /SignatureResponse/ds:SignatureValue : cryptographic
signature that covers the <ds:SignedInfo> of the request• /SignatureResponse/ds:KeyInfo : specifies information about the
key used to generate the signature
© 2003 Reactivityslide 11
Bringing it all together: an example
<S:Envelope xmlns:S="...">
<S:Header>
<wsse:Security>
<wsnr:ReceiptRequest ReceiptFormat="signedReceipt" Role="ultimateReceiver" CorrelationID="theID“S:mustUnderstand="1">
<wsnr:ReceiptTo Target="response">
<wsnr:SignatureRequest>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="#c14n"/>
<ds:SignatureMethod Algorithm="#hmac-sha1"/>
<ds:Reference URI="#body">
<ds:DigestMethod Algorithm="#sha1"/>
</ds:Reference>
<ds:Reference URI="#timestamp">
<ds:DigestMethod Algorithm="#sha1"/>
</ds:Reference>
</ds:SignedInfo>
</wsnr:SignatureRequest>
</wsnr:ReceiptTo>
<wsu:Timestamp wsu:Id="timestamp">
<wsu:Created>2003-03-11T08:42:00Z</wsu:Created>
</wsu:Timestamp>
</wsnr:ReceiptRequest>
</wsse:Security>
</S:Header>
<S:Body>
<MyRequest wsu:Id="body"/>
</S:Body>
</S:Envelope>
<S:Envelope xmlns:S="...">
<S:Header>
<wsse:Security S:Role="ultimateReceiver">
<wsse:BinarySecurityToken wsu:Id="#theCert“
EncodingType="Base64Binary">
MIIEZzCCA9CgAWIQEmtJZco...
</wsse:BinarySecurityToken>
<wsnr:Receipt ReceiptFormat="signedReceipt“CorrelationID="theID">
<wsnr:SignatureResponse>
<ds:SignatureValue>
ABCDEFG1234567890...
</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#theCert"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</wsnr:SignatureResponse>
<wsu:Timestamp>
<wsu:Received>2003-03-11T08:42:12Z</wsu:Received>
</wsu:Timestamp>
</wsnr:Receipt>
</wsse:Security>
</S:Header>
<S:Body>
<MyResponse/>
</S:Body>
</S:Envelope>
© 2003 Reactivityslide 12
Isn’t this defined in…
• Reliable Messaging• WS-Policy• WS-Addressing• WS-Routing
• …maybe, but none of them offer any form of cryptographic proof of receipt
© 2003 Reactivityslide 13
Proposal
• The TC takes on the work of producing a receipt mechanism to be specified in a token profile, timeframe to be determined
• The TC accepts as an input to this profile the document submitted by Reactivity
• Further work to be done:• Utilize message identifiers from other specifications