Advantages of Message Security
Before we get to message security, it is important to understand why security at the transport layer is not always sufficient to address the security needs of a web service. Transport-layer security is provided by the transport mechanisms used to transmit information over the wire between clients and providers, thus transport-layer security relies on secure HTTP transport (HTTPS) using Secure Sockets Layer (SSL). Transport security is a point-to-point security mechanism that can be used for authentication, message integrity, and confidentiality. When running over an SSL-protected session, the server and client can authenticate one another and negotiate an encryption algorithm and cryptographic keys before the application protocol transmits or receives its first byte of data. Security is "live" from the time it leaves the consumer until it arrives at the provider, or vice versa, even across intermediaries. The problem is that it is not protected once it gets to its destination. One solution is to encrypt the message before sending using message security.
In message-layer security, security information is contained within the SOAP message and/or SOAP message attachment, which allows security information to travel along with the message or attachment. For example, a portion of the message may be signed by a sender and encrypted for a particular receiver. When the message is sent from the initial sender, it may pass through intermediate nodes before reaching its intended receiver. In this scenario, the encrypted portions continue to be opaque to any intermediate nodes and can only be decrypted by the intended receiver. For this reason, message-layer security is also sometimes referred to as end-to-end security.
The advantages of message-layer security include the following:
- Security stays with the message over all hops and after the message arrives at its destination.
- Is fine-grained. Can be selectively applied to different portions of a message (and to attachments if using XWSS).
- Can be used in conjunction with intermediaries over multiple hops.
- Is independent of the application environment or transport protocol.
The disadvantage to using message-layer security is that it is relatively complex and adds some overhead to processing.
The Application Server and the Java Web Services Developer Pack (Java WSDP) both support message security.
- The Sun Java System Application Server uses Web Services Security (WSS) to secure messages. Using WSS is discussed in Using the Application Server Message Security Implementation.
- The Java Web Services Developer Pack (Java WSDP) includes XML and Web Services Security (XWSS), a framework for securing JAX-RPC, JAX-WS, and SAAJ applications, as well as message attachments. An implementation of XWSS is included in the Application Server. Using XWSS is discussed in Using the Java WSDP XWSS Security Implementation.
Because neither of these options for message security are part of the Java EE platform, this document would not normally discuss using either of these options to secure messages. However, as there are currently no Java EE APIs that perform this function and message security is a very important component of web services security, this chapter presents a brief introduction to using both the WSS and XWSS functionality that is incorporated into the Sun Java System Application Server.
This chapter includes the following topics: