Cross Domain authentication and Data Confidentiality. from Abdul Khader on 2006-02-03 (www-xkms@w3.org from February 2006)

From: Abdul Khader <khabf04@itu.dk>
Date: Fri, 3 Feb 2006 14:42:19 +0100 (CET)
To: www-xkms@w3.org
Message-ID: <46001.194.255.14.97.1138974139.squirrel@secure.itu.dk>

Hello everybody,
We have been working with the problems of cross domain authentication and
confidentiality of messages. After reading various XML webservices
standards and technologies, we managed to design an
architecture(Design-O-Thera) that we think will ensure safe exchange of
messages in SOA.In the later part, I describe the architecture.We would
like the readers to provide us with suggestions and feedback about the
design.

Architecture(attached with this mail):

Roles : Company A,B,C....and so on
Communication : A <-> B <-> C ......and so on
Scenario:   'A' requesting a service from 'B'. 'B' inturn getting the
            service from 'C' and returning the response to A. All the three
            services are located in different security domains.

Problem: How can one company ensure Data origin authentication, integrity
         and confidentiality while the data is on the air.

Proposed Solution:

          An intermediary service(Security Token service - STS) identifies
 its clients from different domains(using X.509 cert). It acts
as a central service whose aim is to bring services from
different domains into ONE federated security domain(NATIVE).
Another role played by this service is to generate shared keys
that are given out to its client whenever client sends data to
other clients within the same fedarated NATIVE domain.

Security Challenges:

Data Integrity & Confidentiality:

         When company A wants to send data to company B. It requests a
shared key from STS. On receiving the shared key and nonce(unique
Timestamp),it encrypts the data with sharedkey(Encrypted bundle)
and again encrypts it(encrypted bundle) with STS public key.
company A will not include the shared key inside the encrypted
soap message rather it will include the nonce. The data is then
sent to B. If B doesnt need to process the request.it simply
routes the recieved soap message to C. On receiving, C routes the
request to STS for authentication and requests the shared key
with the given nounce(unique Timestamp) to decrypt message. STS
authenticates both the parties and provides C with the shared
key. C uses that shared key to decrypt the request and encrypt
the response before sending it to company B   (B ->A).

Communication with the STS is handled by public keys of the sender and
receiver.

Authenticating Data Originator:

         The requesting party is authenticated at the STS by its X.509 cert.

Message Uniqueness:

         Each message is identified by the nounce(unique TimeStamp) and is
checked at the STS for redundancy.

Best regards,
Abdul Khader.

Attachments

application/msword attachment: Design-O-Thera.doc

Received on Friday, 3 February 2006 22:31:00 UTC