Web Services Security and WS-Addressing Provide End-to-End Message-Level Security
The WS-Security specification, now ratified as a standard by OASIS [1] describes how to secure Web services at the message level, rather than at the transport protocol or wire level. Existing transport-level solutions such as SSL/TLS provide solid point-to-point data encryption and authentication but have limitations if a message needs to be processed or examined by an intermediate service. For example, many organizations deploy an application-layer-filtering firewall to examine traffic before it is passed along to an internal network.
If a message needs to go through multiple points to reach its destination, each intermediate point must forward the message over a new SSL connection (see Figure 1). In this model the original message from the client is not cryptographically protected as it traverses intermediate servers and additional computationally expensive cryptographic operations are performed for every new SSL connection that is established.
How Does WS-Security Work?
WS-Security defines how to achieve message integrity, confidentiality, and authentication with SOAP messaging. Authentication is concerned with identifying the caller. WS-Security uses security tokens to hold this information with a security header of the SOAP message. Message integrity is achieved with XML Digital Signatures to ensure that parts of the message have not been tampered with since it was signed by the originator. Message confidentiality is based on the XML Encryption specification and ensures that corresponding parts of the message can only be understood by the intended recipient(s).
상세 내용이 궁금해지네요. 어떻게 구현했을까나.
p.s. WS-SECURITY는 OASIS에 의해 인가 받았고, WS-ADDRESSING은 W3C에 서브밋 되었다고 하네요.
Leave a Reply