Last October Fred and I published an article on Handling Multiple Credentials in an Heterogenous SOA Environment and since that was well recieved I thought it might be a good topic for the conference keynote.
Naturally, I asked Fred to help and he came up with the following three enterprise integration security patterns:
- Message Protection
- Token Propagation
- Token Mediation
These patterns capture solutions to common security challenges when dealing with multiple protocols and credential formats. These challenges frequently occur in an SOA environment that integrates multiple middleware technologies, such as Web services and CORBA, or Web services and J2EE (which actually amounts to pretty much the same thing since J2EE incorporates CORBA’s interoperability protocol, IIOP, and the security credential format from CSI_V2, another CORBA standard).
Consider the scenario in which a service request using SOAP/HTTP invokes a second request using CORBA or J2EE in order to complete its work. Security considerations include the use of an encrypted form of HTTP (i.e. HTTPS) and IIOP with SSL to protect the message content, but with two different protocols there’s a potential vulnerability at the intermediary (i.e. the place where the HTTPS connection ends and the IIOP/SSL connection begins). The message protection pattern defines how you address this scenario.
Another challenge is handling multile credential types, for example the username/password format in WS-Security and the CSI_V2 format in CORBA/J2EE. Multiple credentials can be aggregated into a common data structure and included in the request context, or one credential can be mapped to another at an intermediary. But the credentials are vulnerable to impersonation at the intermediary. Another alternative is to use WS-Trust or the equivalent to “federate” the incoming token with the new token. The token propagation and token mediation patterns describe the solutions for these.
WS-SecurityPolicy can also help, although to be really useful in heterogenous environments extensions may need to be added to represent credential and key information not in the current spec. However since WS-Policy is essentially a publishing mechanism that describes the capabilities of a service provider, care must be taken to protect sensitive information.