JMS and Service Provider Security

XML does not solve messaging security issues on its own. The W3C has a working group studying digital signatures of documents (http:///www.w3.ord/signature). At the time of writing, the group has published candidate recommendations for document signing and canonical representations of XML. At the end of January 2001, the W3C formed an activity to study document encryption (http://www.w3.org/Encryption/2001/Activity). Signing and encryption of XML documents are both complex problems to be solved, but are important for global electronic commerce.

Note 

People interested in a current approach to the XML signing and encryption problem now may want to look at IBM's XML Security Suite on its AlphaWorks site:

http://www.alphaworks.ibm.com/tech/xmlsecuritysuite. It features element-level encryption and signing functions for DOM documents, implemented using Java.

Documents can be encrypted as a whole; of course, this solution creates a new set of problems. If messages are encrypted, how can a broker in a hub-and-spoke architecture get at routing information embedded in the message? These issues are similar to those faced when web browsers connect to servers using SSL across intermediate proxies. If the proxy is visible, the solution is to use specific proxy connection methods and dialogs built into the HTTP specification. If the proxy is invisible, such as redirectors that operate at the application protocol level, little can be done. These devices often loose their ability to perform sophisticated redirections because they cannot parse the encrypted message.

End-to-end security could be achieved as a piecemeal collection of secure segments, but this is rarely compatible with corporate security policies. Witness the outcry over the segmented encryption scheme used in WAP to connect mobile devices to the enterprise. From the handset to the carrier's WAP gateway, the messages are encrypted using WTLS. Between the gateway and the enterprise, they are encrypted using SSL. The momentary exposure of the message in plain text as it is converted from one cipher to another - albeit on a secured system makes a number of large corporations uncomfortable enough to purchase their own gateway and house it in their secure network.

We can alternatively rely on MOM security. Most commercial vendors of MOM products have some kind of encryption solution that works transparently, sometimes available through a business partner. For example, IBM maintains a list of third-party vendors that provide security products that work in conjunction with its MQSeries product at http://www-4.ibm.com/software/ts/mqseries/directory/secprods.html.

To Validate or Not to Validate

XML provides a rich validation model for documents - but should you use it? The problem with validation is that it consumes resources, and so may not be appropriate for high message volume applications. The validation question is really a question of trust. Does your service provider's infrastructure guarantee message integrity? If so, you do not have to validate to catch corruption errors.

More significant is the question of trust surrounding the party who sent the message. If you control the applications on both sides of the message exchange, you probably skip validation because you know the behavior of both parties (after exhaustive testing, naturally). If you don't trust the other party and this is the case with most business relationships - then you will probably be forced to validate messages to ensure that they honor the contract of the API.

Validation alone, however, does not solve some fundamental security problems. If a party sends you a message with an embedded schema, or even a reference to a schema, can you trust this? One of the problems with this model is that the remote party is both telling you something, and telling you how to interpret it. The more flexible we build our systems, the more susceptible we become to such attacks. Thus, it is important that a schema come either from a trusted repository, or from a remote system that is sufficiently trusted and authenticated.



Professional JMS
Professional JMS
ISBN: 1861004931
EAN: 2147483647
Year: 2000
Pages: 154

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net