On Jun 12, 2007, at 9:56 PM, Serge Merzliakov wrote:
Scott,
The WS-Security spec is messy (all of the WS-* are as well,
which is a big issue, IMHO). Your approach looks on the mark.
One thing that the spec does not mention is the sequencing of
events - ie how client notifies its recipients via SOAP headers of
the order in which to do things. e.g. digitally sign message then
encrypt or encrypt messages and digitally sign the ciphertext (both
models are supported, in the code samples, and argued about by
other SOA architects). Maybe this is outside the scope of your work
and you leave it as an 'out-of-band' issue that client and sender
agreed on - or the object in the header values also has an order
attribute, which makes it explicit - I do not know enough about
where Hessian and where the 'protocols' resposibilities lie.
I think ordering should be straightforward with the envelope scheme.
Each envelope would do a single task and would be simple, like a
filter. So you would have separate encryption and signature
envelopes, e.g.
E_sig(E_crypt(E_sig(body)))
The method names would be unique and specific, e.g.
method="com.caucho.hessian.envelope.AESEncrypt"
(The method names might refer directly to classes in the Java
implementation, which would make adding new envelope types trivial.)
The headers would only store the keys, but not the algorithm (since I
don't think algorithm negotiation makes sense.) So I don't think the
order of the headers would ever matter.
I'll see if I can come up with a specific encryption envelope and
signature envelope as a working example.
-- Scott
Making some simplifying assumptions would not hurt as a lot of
combinations of WS-* options would not exist in the real world. It
would also be, I think, in the spirit of Hessian.
If you get something working, I would be happy to give a try and
write some security demos.
Regards,
Serge Merzliakov
Integration Solution Architect | I & I | MRP - Mainframe
Replacement Program
EagleNet: 79670 | Email: [EMAIL PROTECTED] | Mobile: 0407
278 279
Scott Ferguson <[EMAIL PROTECTED]>
13/06/2007 05:13
To
Serge Merzliakov <[EMAIL PROTECTED]>
cc
[email protected]
Subject
Re: [Hessian-interest] Securing Hessian messages
On Jun 4, 2007, at 10:46 PM, Serge Merzliakov wrote:
Hi,
As a newcomer, I don't know much about Hessian (my day job
requires WS-Security, SOAP and the orthodox SOA stack...) but I
have got the samples working and like the simplicity very much. Are
there any plans to encrypt messages or some other message level
security (this excludes SSL) ? I know this strays into the WS-
Security space (and we don't wan't to reinvent the WS-* wheel) but
it would be a compelling argument for serious evaluation in most
firms considering SOA.
I'm starting to skim WS-Security and it looks nightmarish. For
Hessian, I'm thinking the following envelope syntax might make sense:
envelope ::=
'E' x02 x00 # Envelope for Hessian 2.0
method # envelope type (possibly use string instead of
'm')
int # number of headers
(string object)* # header values
binary # encapsulated body
int # number of footers
(string object)* # footer values
The envelope could be nestable, i.e. the body could be another
envelope or it could be the wrapped call/reply Hessian message.
The method would select a filter/envelope handler, which would be
responsible for unwrapping the header.
For security, headers would contain things like encryption keys/
algorithms for encryption, auth tokens. Footers would contain
things like signatures/digests.
I need to continue looking at WS-Security to see if there's
anything that fails to fit this model (I've only started looking),
but I'd think this would be general enough.
-- Scott
Regards,
Serge Merzliakov
This message and any attachment is confidential and may
be privileged or otherwise protected from disclosure. If you
have received it by mistake, please let us know by reply
and then delete it from your system; you should not copy
the message or disclose its contents to anyone.
_______________________________________________
hessian-interest mailing list
[email protected]
http://maillist.caucho.com/mailman/listinfo/hessian-interest
All mail is subject to content scanning for possible violation of
New South Wales Police
electronic Mail Policy. All persons are required to familiarise
themselves with the
content of the policy located on the NSWP Intranet BULLETIN BOARD.
This message and any attachment is confidential and may
be privileged or otherwise protected from disclosure. If you
have received it by mistake, please let us know by reply
and then delete it from your system; you should not copy
the message or disclose its contents to anyone.
_______________________________________________
hessian-interest mailing list
[email protected]
http://maillist.caucho.com/mailman/listinfo/hessian-interest
