RE: Security and Privacy - SSL? from Cutler, Roger (RogerCutler) on 2005-08-24 (www-ws-arch@w3.org from August 2005)

From: Cutler, Roger (RogerCutler) <RogerCutler@chevron.com>
Date: Wed, 24 Aug 2005 10:41:41 -0500
To: www-ws-arch@w3.org, daniel@ruoso.com
Message-ID: <0C237C50B244FD44BE47B8DCE23A305277A07A@HOU150NTXC2MC.hou150.chevrontexaco.net>

I believe that the use of SSL for security is considered somewhat
limited because the keys tend to be associated with the message
transmission itself.  This is fine as far as it goes, but it makes it
makes it kind of tough if you want to keep them, for example for
non-repudiation purposes.  In addition, with SSL you encrypt the entire
messge, period.  There are scenarios where it is desired to encrypt only
portions of a message.  For these reasons as well as others it is
generally felt that the added flexibility of handling these issues in
the SOAP headers, as specified by WS-Securiy for example, adds a lot of
flexibility and value.  That doesn't mean there's anything wrong with
SSL, just that as the business requirements get more complex one finds
that it's not quite enough.

-----Original Message-----
From: www-ws-arch-request@w3.org [mailto:www-ws-arch-request@w3.org] On
Behalf Of Daniel Ruoso
Sent: Tuesday, August 23, 2005 5:22 PM
To: www-ws-arch@w3.org
Cc: daniel@ruoso.com
Subject: Security and Privacy - SSL?



Hi,

After reading the current version of the document, I noticed (and it's
actually stated ther) that these two questions are not defined. As I'm
thinking a lot about all of these things, I'd like to share my view on
the matter.

SSL keys, specially X509 keys, are widely used today, indeed, the
brazillian government is adopting this standard as the legal digital
signature. As you know, it's possible not just to encrypt (privacy)
messages, but also to certify authenticity (security).

I've been thinking that is possible to build a web-of-trust between the
agents in this architecture, allowing, for instance, the agent to sign a
temporary key, or even use the key itself to transfer the messages. The
big deal is it won't demand a change in WSDL or SOAP, but the transport
will have a way to certify the autenticity of the message before parsing
the XML.

Also, when signing a key, you can specify the trust level, in a way you
can apply a policy that some resources/services are available only for
keys with N "trust points". In this way, an agent running in a secured
environment (a data center) would have more "trust points" than a agent
running in a desktop computer.

What do you think?

daniel

P.S.: Please include-me as CCs in all replies, as I'm not subscribed to
this list.

Received on Wednesday, 24 August 2005 15:41:58 UTC