Section 13.8. Assertion Model

Previous page
Table of content
Next page


13.8. Assertion Model

To provide richer semantics for combinations of security constraints and requirements, and to enable element QName matching of policy assertions, the assertions are separated into simple types: those that express what parts of a message are being secured (scope), those expressing general aspects or preconditions of the security model (conditions), and those identifying the mechanism that is used to provide the security (security binding).

To indicate the scope of the constraints and requirements, assertions identify body parts that are to be protected in a specific way, such as integrity or confidentiality protection.

The general aspects of security include the characteristics of the environment in which security is being applied, such as the tokens being used, which ones are for authentication and which are supporting, the applicable algorithms to use, and so on.

The security mechanism, or binding, defines how the general aspects are used to protect the indicated parts. For example, it could specify that an asymmetric token is used with a digital signature to provide authentication and integrity, and that parts are encrypted with a symmetric key, which is then encrypted using the public key of the recipient. In its simplest form, the binding defines a strong type for the open-ended and extensible <wsse:Security> header.

Because these characteristics are separated into assertions, many of them can be simplified so that assertion matching is sufficient, and many aspects of security can be factored out and reused. For example, it might be common that the mechanism is constant for an endpoint, but that the parts protected vary by message action.

As previously indicated, the binding defines the mechanism for providing the security. These assertions are used to determine how the security is performed and what to expect in the <wsse:Security> header.

Bindings are described textually and enforced programmatically. This specification defines several bindings, but others can be defined and agreed to if participating parties support it.

A binding defines the following:

  • The mechanism and class of token for the initiator

  • The mechanism and class of token for recipient authentication

  • Any necessary key transfer mechanisms

  • Any required message elements (such as timestamps)

  • The content and ordering of the <wsse:Security> header

  • How correlation of messages is performed securely (if applicable to the message pattern)

  • If there are multiple phases to the security binding

These elements, along with the assertions describing conditions and scope, provide enough information to secure messages between an initiator and a receiver.


    Previous page
    Table of content
    Next page
    Web Services Platform Architecture(c) SOAP, WSDL, WS-Policy, WS-Addressing, WS-BP[. .. ] More
    Web Services Platform Architecture(c) SOAP, WSDL, WS-Policy, WS-Addressing, WS-BP[. .. ] More
    ISBN: N/A
    EAN: N/A
    Year: 2005
    Pages: 176
    BUY ON AMAZON
    Metrics and Models in Software Quality Engineering (2nd Edition)
    Adobe After Effects 7.0 Studio Techniques
    FileMaker Pro 8: The Missing Manual
    Systematic Software Testing (Artech House Computer Library)
    Introducing Microsoft ASP.NET AJAX (Pro - Developer)
    Java All-In-One Desk Reference For Dummies
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy