I am currently also part of the TAS3 European project which is about a “Trusted Architecture for Securely Shared Services“.
This results in very interesting discussions about how to handle security, at which layer etc.
The aim of the project is to assure that the details of who is allowed to do/see/get something is not defined for each person or role as this causes problems. You do not know in advance what your data or service will be used for so this would require a lot of foresight. Another aspect is that the role/id of the client can be insufficient, an indication the purpose for which the service or data is needed is also important to decide whether access is granted or not.
The intended solution for preventing the need for foresight is by using semantic footprints (commitments) to determine when access is either allowed or forbidden. In that case, instead of just comparing role and purpose using id or description, you can do a match on the semantic definition and when they match to a sufficiently high degree, you can draw a conclusion.
As a result of discussions about this, I received a mail from Dave Chadwick about xml security. It contains some interesting links to documents about problems with the ws-* stack and how older (non-XML, specifically SSL) solutions can provide a better solution in many situations. It gives in interesting read.
For more details see :
- http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt
- Intro from Black Hat USA 2007 conference (presentations and papers below)
- http://www.isecpartners.com/files/iSEC_HILL_AttackingXMLSecurity_bh07.pdf
- http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf
- http://www.isecpartners.com/files/iSEC_HILL_AttackingXMLSecurity_Handout.pdf
Leave a Reply