To answer this, first let me define what I mean by end-to-end security. Let me use an example where A passes a message to B which passes a message to C. End-to-end security is security which applies across the entire chain from A to C. If we looked at SSL for a moment, SSL is a transport-level security protocol, so it could give you security from A to B, and security from B to C, but not from A to C. That is, the A to B security is entirely separate from the B to C security.
In terms of end-to-end security standards, there are a number of different parts of the security puzzle to consider:
- Identity (who the caller is). There are a number of standards for end-to-end identity (typically referred to as single-sign-on or identity management). The most common is SAML ("security assertion markup language"). Many large vendors and customers are adopting SAML. Beyond SAML, there is also Kerberos (where the Kerberos "tokens" would be transmitted in a WS-Security envelope). The use of Kerberos becomes important and valuable because Kerberos is the "native" security mechanism of Windows. So, if you have Windows desktops, you are probably already using Kerberos. Note that identity can be used actively in order to authorize use of the services in the "chain" or passively to track who is doing what for auditing purposes.
- Privacy. End-to-end privacy makes it possible for A to send information to C without B being able to read it (even though B is in the middle of the message flow). The key standards for end-to-end privacy are XML Encryption together with WS-Security. XML Encryption lets you encrypt part or all of a message payload, and only those who have the right keys can decrypt it. So, you can choose to encrypt only the most sensitive information in the message. However, a middleman (such as B) can still act on the parts of the message which are not encrypted.
- Integrity. End-to-end integrity ensures that the message is not tampered with anywhere from A to C. The key standards for end-to-end integrity are XML Signature and WS-
- Security. As with XML Encryption, you can choose to sign part or all of the message payload. Anyone who has access to the sender's public key can validate that the message has not been tampered with.
Beyond these three key areas, you may also consider how to have central control over authentication, authorization, auditing, etc. This is typically the realm of vendor-specific products. There are few standards in these areas. The one exception being XACML ("XML access control markup language"), whose adoption as a universal standard is still uncertain.
Dig Deeper on Topics Archive
Related Q&A from Daniel Foody
Daniel Foody discusses the "find-bind-execute" paradigm and secure service directories. Continue Reading
A SearchWebServices.com member asks one of our experts, "How much of their IT budget are companies allocating for strategic initiatives such as SOA?"... Continue Reading