Enterprise Security With XML and Web Services


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Enterprise Security With XML and Web Services

  1. 1. Enterprise Security With XML and Web Services Konstantin Beznosov konstantin.beznosov@quadrasis.com www.beznosov.net/konstantin Quadrãsis September 17, 2002
  2. 2. Konstantin Beznosov Ph.D. “Engineering Access Control for Distributed Enterprise Applications” Security standards CORBA Security “Resource Access Decision” (RAD) Facility “Security Domain Membership Management” Extensible Access Control Language (XACML) Security Architect with Baptist Health, Concept 5, Quadrasis (HICAM) Architecture, design and implementation of enterprise security solutions and products using CORBA, EJB, COM+, .NET 2
  3. 3. Text Book 3
  4. 4. It Covers 1. Principles of Securing Web Services general requirements and solutions for implementing authentication, data protection, and access control for web services XML encryption and signature, as well as WS-Security 2. Security Mechanisms for Web Services based on Java and .NET building blocks for securing Java and .NET web services – authentication, data protection, access control, and audit 3. Planning, Building and Administering Secure Web Service Systems points to pay attention to when designing and developing enterprise solutions based on web services – integrating security of perimeter, middle and back-end tiers used in web services systems, providing common security environment to heterogeneous applications, and propagation of security context through various intermediates along the passage of SOAP requests. Coffee break 10:30—11:00 4
  5. 5. It Does Not Cover XML & SOAP details SOAP Security of CORBA, .NET, COM(+), EJB 5
  6. 6. Disclaimer The technology is new ⇒ I reserve the right to be wrong and incomplete to not know all the answers The tutorial is limited in time and does not cover everything on the subject It’s my personal view This is not a “how-to” cook book 6
  7. 7. Assumptions You are familiar with XML SOAP Web Services Security for distributed systems 7
  8. 8. Part I Principles of Securing Web Services
  9. 9. Briefly About Web Services
  10. 10. What’s a Web Service System? tem y s e S SOAP rvic Se e b W 10
  11. 11. Promise of Web Services Interoperability across lines of business and enterprises – Regardless of platform, programming language and operating system End-to-end exchange of data – Without custom integration Loosely-coupled integration across applications – Using Simple Object Access Protocol (SOAP) and Extensible Markup Language (XML) Trader Brokerage Accounting Application Application Application SOAP SOAP SOAP Receiver/ Sender Receiver Sender 11
  12. 12. Features XML-based messaging interface to computing resources that is accessible via Internet standard protocols WS help intranet (business units) and extranet (business partners) applications to communicate SOAP – format for WS communications Defined in XML Supports RPC as well as document exchange Stateless No RPC predefined RPC semantics Can be sent over various carriers: HTTP, FTP, SMTP, … postal service, e.g., Swiss Post 12
  13. 13. SOAP Message Example <?xml version="1.0" ?> <env:Envelope xmlns:env="http://www.w3.org/2002/06/soap-envelope"> <env:Header> <n:alertcontrol xmlns:n="http://example.org/alertcontrol"> <n:priority>1</n:priority> <n:expires>2001-06-22T14:00:00-05:00</n:expires> </n:alertcontrol> </env:Header> <env:Body> <m:alert xmlns:m="http://example.org/alert"> <m:msg>Pick up Mary at school at 2pm</m:msg> </m:alert> </env:Body> </env:Envelope> 13
  14. 14. Typical Web Service Environment 14
  15. 15. Security Obstacles to Web Serviceshave a huge problem Web Services – They are too open – Requests via HTTP pass through firewalls Critical corporate information exposure risks – Unauthorized access to valuable resources Patient records, Credit card numbers, Manufacturing designs – Unauthorized use of service – Tampering with or bringing down the service Protecting Web Services – Securing XML documents – Securing remote procedure calls (RPC) Implementation obstacles – Bridging to back-office databases – Cross-domain Single Sign-On (SSO) – Different companies use different security products Companies may not open up corporate networks – Need to implement proper countermeasures 15
  16. 16. Web Services and Security
  17. 17. WS Security Building Blocks SOAP WSDL UDDI Security Security Security XML WS-Security Security Web Servers Middleware Mainframe Database Security Security Security Security Network Directories Firewalls IDS Security Physical Security 17
  18. 18. SOAP Message Vulnerabilities Message related risks Unsecured SOAP Message • Ill-formed message potentially damaging <SOAP-ENV:Envelope> • Modification & eavesdropping in transit <SOAP-ENV:Header> • Sent from non-trusted sources </SOAP-ENV:Header> Services related risks <SOAP-ENV:Body> • Access by unauthenticated users • Use of unauthorized services </SOAP-ENV:Body> • Unaccountable use of service </SOAP-ENV:Envelope> Interoperability risks • Vulnerabilities from lack of interoperability with currently deployed security products • Insecure application-to-application message exchange 18
  19. 19. Web Usage Scenario - Security Trader’s Notary Trading System System System SOAP Intermediary SOAP Buy 5000 shares SOAP Ultimate MSFT Ultimate Sender @$XX/share Receiver Bought 5000 shares MSFT @$YY/share 19
  20. 20. Securing SOAP: Requirements Inspection of Messages – Message Validation – Message Integrity – Message Origin Integration with Enterprise Security – Authentication – Authorization – Audit – Administration – Interoperability Encryption of SOAP Message Is NOT Sufficient 20
  21. 21. Changes in the Security Picture WS open enterprise resources to outside world New security responsibilities due to mixing lines of business: Outsourcing credit card authorization service Cross-selling and customer relationship management Supply chain-management Risk must be assessed and managed across a collection of organizations Interactions are more complex and take place among diverse environments 21
  22. 22. Simple Example of Securing a Web Service
  23. 23. 23
  24. 24. Simple Security Solution impersonates authenticated user DCOM Authentication HTTP Basic Authentication Web SOAP server Middle Tier HTTP POST ePortal.aspx SOAP/HTTP DCOM browser Server SSL SSL ASP .NET ASP. NET IIS IIS COM+ ePortal.com or Accounts Internet customers ePortal.com eBusiness.com 24
  25. 25. Limitations Only homogenous ePortal is trusted to pass solutions passwords from clients Relies on Web server to eBusiness security – risky OS account for each End-to-end all-or-nothing customer encryption with SSL Coarse-grain Password-based authorization authentication Weak accountability Unrestricted delegation 25
  26. 26. Web Services Security: Advanced Principles
  27. 27. Authentication Requirements: Authenticate initiator, Authenticate intermediaries Connection-oriented Message-oriented Types Digital signatures Password – XML signatures or S/MIME Challenge-response – Require PKI Implementation Options – Unclear intent of signature OS in a SOAP message Web server SAML assertions Token Web SSO – Commercial Products – Liberty Project – Microsoft Passport Client-server SSO 27
  28. 28. Data Protection Requirements: confidentiality, integrity, authenticity Connection-oriented Message-oriented Protects only in transit Protects in transit and in storage Implementation options Implementation options SSL XML Encrypt/Sign IPSec S/MIME Features Features + Easy to implement + Comodity - Hard to implement - All or nothing - Very new - No protection from + Could be fine grain intermediaries + Protection from intermediaries 28
  29. 29. Access Control Requirements: fine grain, complex principals Consideration Options Semantics of binding user Operating system attributes with the context Web server Multiples requests in one Application server message Application Choice of authorization mechanisms is constrained by authentication ones 29
  30. 30. XML Security
  31. 31. XML Encryption Functionality Encrypt all or part of an XML message Separation of encryption information from encrypted data <EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#' Type='http://www.w3.org/2001/04/xmlenc#Content'> <EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#3des-cbc'/> <ds:KeyInfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> <ds:KeyName>John Smith</ds:KeyName> </ds:KeyInfo> <CipherData> <CipherValue>A23B45C56</CipherValue> </CipherData> </EncryptedData> 31
  32. 32. XML Signature Apply to all or part of a document Contains: references to signed portions, canonicalization algorithm, hashing and signing algorithm Ids, public key of the signer. Multiple signatures with different characteristics over the same content <Signature Id="MySignature" xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> <Reference URI="http://www.w3.org/TR/2000/REC-xhtml1-20000126/"> <Transforms> <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue> </Reference> </SignedInfo> <SignatureValue>MC0CFFrVLtRlk=...</SignatureValue> <KeyInfo> <KeyValue> <DSAKeyValue> <P>...</P><Q>...</Q><G>...</G><Y>...</Y> </DSAKeyValue> </KeyValue> </KeyInfo> </Signature> 32
  33. 33. Security of SOAP Messages
  34. 34. Gaps Signature and Encryption specifications are for XML not SOAP Format and location of security information in SOAP message Targeting specific actors Support for multiple security operations Passing security-related client information Authentication Attributes 34
  35. 35. WS-Security Message integrity and message confidentiality Compliance with XML Signature and XML Encryption Encoding for binary security tokens Set of related claims (assertions) about a subject X.509 certificates Kerberos tickets Encrypted keys 35
  36. 36. SOAP Message with WS-Security <? Xml version=‘1.0’ ?> <env:Envelope xmlns:env=“http://www.w3.org/2001/12/soap-envelope” xmlns:sec=“http://schmas.xmlsoap.org/ws/2002/04/secext” xmlns:sig=“http://www.w3.org/2000/09/xmldsig#” xmlns:enc=“http://www.w3.org/2001/04/xmlenc#”> <env:Header> <sec:Security sec:actor=“http://www.w3.org/2001/12/soap-envelope/actor/next” sec:mustUnderstand=“true”> <sig:Signature> … </sig:Signature> <enc:EncryptedKey> … </enc:EncryptedKey> <sec:BinarySecurityToken ValueType="sec:X509v3" EncodingType="sec:Base64Binary" Id="X509Token"> MIIEZzCCA9CgAwIBAgIQEmtJZc0rqrKh5i... </sec:BinarySecurityToken </sec:Security> </env:Header> <env:Body> <enc:EncryptedData> … </enc:EncryptedData> </env:Body> </env:Envelope> 36
  37. 37. Web Services Security Roadmap Security in a Web Services World: A proposed Architecture and Roadmap – April 2002 Joint IBM and Microsoft White Paper Goal: “enable customers to easily build interoperable solutions using heterogeneous systems” Initial specifications: WS-Security WS-Policy WS-Trust WS-Privacy Follow-On Specifications: WS-SecureConversation WS-Federation WS-Authorization 37
  38. 38. Current Status Less Mature More Mature W3C XML Signature is a W3C recommendation W3C XML Encryption is a candidate recommendation IBM/Microsoft Web Services Security Roadmap is published WS-Security published and moved to OASIS 38
  39. 39. Part II Security Mechanisms for Web Services based on Java and .NET
  40. 40. Options for Building MS WS 1. Publish COM+ component as SOAP Endpoint Only Windows.NET and XP Pro Limitations on what COM+ components could be published Might be not 100% interoperable with other SOAP implementations 2. Use CLR remoting over SOAP/HTTP Supports (non-interoperable) passing object references Supports client and server-activated objects Can be hosted by IIS Vague on client authentication and channel protection, unless IIS security is used 3. Generate COM Wrapper Good way to reuse existing COM components No support for custom types No .NET framework in the picture 4. Use ASP.NET Mechanisms Claimed to be interoperable with other SOAP-compliant web services Leverages .NET, ASP.NET and IIS security mechanisms 40
  41. 41. ASP.NET Web Services Security
  42. 42. Ways to Do Authentication IIS Basic (over SSL) Digest Integrated Windows (NTLM, Kerberos) – Only for homogenous IE/Windows clients X.509 Certificates over SSL ASP.NET ASP.NET authentication services Custom HTTP authentication modules SOAP Credentials in the SOAP header – Application-specific – According to MS WS-Security Language – SAML identity assertion 42
  43. 43. ASP.NET Custom HTTP Modules Advantages unmanaged code IIS Allows custom authentication schemes Allows decoupling (HTTP) transport SOAP ASP.NET_ISAPI.DLL client SOAP/HTTP from SOAP Quadrasis.Authentication.AuthFooModule Makes application security-unaware … Web Service (.asmx) Handler Factory Supports CLR authorization StoreFrontService.asmx Other .asmx files Disadvantages managed code Couples client and server 43
  44. 44. Message Authenticity, Integrity, Confidentiality Protection IIS HTTP/SSL – – Mature commodity – Only point-to-point (i.e. no end-to-end) SOAP message XML encryption and digital signature as defined by W3C[5] WS-Security language as defined by Microsoft[6] End-to-end Very new (almost) no tool support 44
  45. 45. Different Ways to Control Access IIS (Web Server) Restrictions based on client IP address or DNS name Port restrictions based on client IP address or DNS name Windows OS ACLs ASP.NET “URL authorization” ASP.NET HTTP Modules .NET CLR Up to per method level on a class per user ids or roles Supports CLR identities 45
  46. 46. Audit: IIS 46
  47. 47. Audit: .NET 47
  48. 48. Summary Four ways to build XML web services using .NET ASP.NET web services are built on top of ASP.NET .NET IIS Windows ASP.NET web services have mechanisms for Authentication Data protection Audit Service continuity Several routes to protect your .NET Web services 48
  49. 49. Java Web Services Security
  50. 50. J2EE Web Service Systems Presentation Back-office Client Tier Component Tier Tier RMI-IIOP Tier EJB Container Web Server Application SOAP EJB Mainframes Client RMI-IIOP JSPs EJB JDBC HTML JCA Databases Browser EJB Servlets 50
  51. 51. What’s Coming The J2EE 1.4 platform = the J2EE 1.3 platform + WS Pack and more Web Services Pack: Java APIs for XML Tomcat “JSP™ container” A set of standard JSP tag libraries JavaServer Faces™ UI Kit for building complete web-based UI (JSR-127) 51
  52. 52. Java APIs for XML Java API for XML Messaging (JAXM) Java API for XML Processing (JAXP) Java API for XML Registries (JAXR) Java API for XML-based RPC (JAX-RPC) Java API for XML Data Binding (JAXB) 52
  53. 53. JAX-RPC Architecture JAX-RPC Client J2EE Server WSDL->Java WSDL WSDL <->Java Generated Proxy Code Container Container Client-side JAX-RPC Server-side JAX-RPC Runtime System Runtime System SOAP HTTP 53
  54. 54. EJB Run Time Security Container address space (JVM) Client address space (JVM) EJB object stub EJB object Enterprise Bean instance Caller Identity Caller Identity Enterprise Bean class AccessControlEntries Bean Identity Container EJB server 54
  55. 55. Upcoming J2EE APIs Compiling XML schemas into Java classes Sending and receiving SOAP messages Making XML-based RPCs Handling WSDL files Exchanging SAML assertions 55
  56. 56. Part III Planning, Building and Administering Secure Web Service Systems
  57. 57. What Security Means To You Examine business-level drivers for security Cross-company security agreements Determine level of trustworthness Your architecture and its implementation are as secure as you want it 57
  58. 58. Traditional TCB user resource 1 1 user resource 2 Trusted 2 Computing user resource Base 3 3 user resource 4 4 Tamper-proof Nonbypassable Small enough to be thoroughly analyzed 58
  59. 59. “Distributed TCB” Application Objects Application Objects Application Objects Middleware Middleware Middleware Operating System Operating System Operating System Hardware Hardware Hardware Network Tamper-proof Nonbypassable Large and difficult to be analyzed 59
  60. 60. Recommended Approach Consistent with TCB principles Simplifies the analysis Leave security to experts Security COTS integration vs. do-it-yourself – More thoroughly tested by other customers – More careful about common development mistakes Follow good architectural and policy design principles Plan for evolution and manageability Have a security framework 60
  61. 61. Security Architecture Principles Trust no one Don’t’ make your firewall the only point of enforcement View Web Services collections as mutually suspicious islands Enable interoperabiltiy Use vendor-neutral standards (WS-Security, SAML) Modularize security “Push” security down – security unaware applications Insulate applications from security functionality with stable APIs 61
  62. 62. Security Policy Principles Authentication: balance cost against threat SSO Authorization: application-driven Use the business of the application to drive authorization settings Accountability: audit early, not often “pop” audit into/near the application Security administration: collections and hierarchies for scale 62
  63. 63. Enterprise Application Security Integration (EASI) Framework
  64. 64. Patchwork of Security - Vulnerabilities Multiple Protocols Multiple Platforms Multiple Application Multiple Security Technologies Servers Perimeter Security Mid-tier Security Back-office Security First line of defense: Second line of defense: Third line of defense: Protection against Protection against Protection of External Hackers Insider Attacks Back-end Servers • Firewalls/VPNs • Component-based security • Mainframe security • Cryptography • Cryptography • Database security • Web Single Sign-on (SSO) • Entitlements servers Multiple Tiers of Security • Intrusion detection 64
  65. 65. EASI Solutions Consist of 1. Security framework 2. Hardware and software products for securing applications 3. Integration “modules” to plug applications and security products into the framework 65
  66. 66. EASI Framework Architecture Presentation Components Business Logic Components Legacy Data Stores Enterprise Security Integration Framework Security APIs Standard Security APIs Custom Security APIs Vendor Security APIs Core Security Services Framework Security Facilities Authentication Authorization Cryptography Accountability Security Profile Administration Manager Security Association Security Authentication Authorization Cryptography Accountability Administration Products Products Products Products Products Proxy Services 66
  67. 67. Specific Example of EASI: Quadrasis Client Tier Presentation Component Tier Back-Office Tier Tier Infrastructure Application Application Mainframes Client Web Services Application Web Servers Data- Browser Servers bases EASI Application Environment Adapters EASI Security Unifier Authentication Authorization Audit Cryptography API API API API Security Management EASI Executive Security Administration Security Configuration Security Policy EASI Security Service Mappers Services Security Authorization Cryptography Accountability Security Authentication Services Services Services Administration Services Services 67
  68. 68. EASI Pros and Cons Common security infrastructure Complex due to generality shared across the enterprise Performance and scalability Decoupling applications from constraints products Significant initial effort in Well defined boundary between designing and building it business and security logic Has to be politically accepted in No need to implement everything many different “parties” of at once organization Semantic mismatch among security products makes their “swapping” hard 68
  69. 69. Administering Secure Web Services
  70. 70. How WSS Administration Different As any other middleware Scaling with collections and hierarchies – User attributes – Domains – Permission collections Effective authorization models – RBAC policies – Rule-based policies Data protection 70
  71. 71. Role-based Access Control Role Hierarchy Operations User-to-role Permission-to- Users assignment Roles role assignment Permissions User sessions Session roles Objects Sessions 71
  72. 72. Role Hierarchy for eBusiness member staff customer visitor 72
  73. 73. RBAC Gotchas Engineering of roles in large systems is hard More roles ⇒ less effective administration Fewer roles ⇒ unnecessary permissions are granted Exception cases ⇒ superfluous roles Roles tend to be used for everything “18-year-or-older-reader” Roles are assigned statically 73
  74. 74. Selecting Factors for RBAC From Penn, Jonathan. "Role-Based Access Control Implementations Require Advanced Capabilities." Giga Information Group, Inc., 2002. Support role hierarchies Dynamic determination of roles Rule for exception cases and for other attributes Integrated with the organizational workflow to track changes in user roles 74
  75. 75. Data Protection Connection-oriented (relatively) Easy to administer Message-oriented Can be fine grain ⇒ administration nonscalable No reasonable administration models Becomes very complex in non-trivial cases Stay away if you can 75
  76. 76. Example
  77. 77. ePortal.com eBusiness.com Internet HTML/HTTPS SOAP/HTTPS eBusiness.co customers ePortal.com m 77
  78. 78. Functional Security Requirements Common Limit visitor access Grant members more access Secure exchange with business partners ePortal.com eBusiness.com Eliminate administration Protect the accounts of of new customers each individual Administrator control of critical functions Restrict administrators’ abilities 78
  79. 79. ePortal.com Perimeter Middle Tier Browser HTML/HTTPS Tier ePortal. Store Internet com Front customer Internet Web Middle Server Tier DCOM Web ASP.NET SOAP/HTTPS Service Client IIS COM+ Application eBuyer.com EASI Framework and Services Security APIs Core Security Framework DMZ Services Security Facilities Firewall Firewall eBusiness.com Perimeter Back Office Middle Tier Tier Tier eBusiness. Store com Front SOAP/HTTPS Web Service Server SOAP/ Accounts HTTP J2EE App Svr Products/Prices iPlanet WebLogic Oracle EASI Framework EASI Framework and Services Security APIs Core Security Framework DMZ Services Security Facilities Firewall Firewall 79
  80. 80. EASI Framework for ePortal.com ePortal.com Enterprise Application Security Integration Framework Security APIs ASP.NET, COM+ Custom Self-Registration Web SSO, SAML Service Core Security Services Framework Security Facilities Authentication Authorization Cryptography Accountability Security Active Administration Directory Service WS-Security/ SAML Firewall Service Intrusion Detection System Web SSO COM+ Windows 2000 SSL Custom Self-Registration Module 80
  81. 81. EASI Framework for eBusiness.com eBusiness.com Enterprise Application Security Integration Framework Security APIs JAAS, EJB Oracle Security, SAML Service Core Security Services Framework Security Facilities Authentication Authorization Cryptography Accountability Security iPlanet Administration Directory Service WS-Security/ SAML Firewall Service iPlanet WebLogic SSL Oracle Attribute Mapping 81
  82. 82. Security Gotchas at the System Architecture Level Scaling Distribute requests over multiple security policy servers Central administration Administration delegation Performance – “No free lunch” Encryption algorithms Underlying transport Policy granularity Caching 82
  83. 83. For More Information D. Ferraiolo, et al. "Proposed NIST Standard for Role-Based Access Control." ACM Transactions on Information and System Security 4(3): 224–274, http://ite.gmu.edu/list/journals/tissec/p224-ferraiolo.pdf, 2001. Hartman, Bret, Donald J. Flinn and Konstantin Beznosov, Enterprise Security With EJB and CORBA. John Wiley & Sons, Inc., New York, 2001. IBM and Microsoft. "Security in a Web Services World: A Proposed Architecture and Roadmap." http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwssecur/html/securitywhitepaper.asp, 2002. Ruh, William A., Francis X. Maginnis, and William J. Brown. Enterprise Application Integration: A Wiley Tech Brief. John Wiley & Sons, 2000. Sun. "Java Technology & Web Services Frequently Asked Questions." Sun Microsystems, http://java.sun.com/webservices/faq.html, 2002. W3C. "XML Encryption Syntax and Processing." Candidate Recommendation, http://www.w3.org/TR/xmlenc- core/, March, 2002. W3C. " XML-Signature Syntax and Processing." http://www.w3.org/TR/xmldsig-core/, February 12, 2002. Atkinson, Bob, et al. "Web Services Security (WS-Security) v1.0.".IBM, Microsoft, Verisign, http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/html/ws-security.asp, 2002. Hartman, B., D.J. Flinn, K. Beznosov and S. Kawamoto, Mastering Web Services Security. John Wiley & Sons, Inc., New York, 2002. K. Beznosov, “Overview of .NET Web Services Security,” Tutorial at DOCSec ’02, Baltimore, MD, U.S.A , March 18, 2003, http://www.beznosov.net/konstantin/professional/tutorials/overview_of_dotnet_web_services_security.html 83
  84. 84. Appendix
  85. 85. What Information Security Means Protection Assurance Development Assurance Operational Assurance Authorization Accountability Availability Design Assurance Service Continuity Disaster Recovery Data Protection Access Control Audit Non- Repudiation Authentication Cryptography 85
  86. 86. Comprehensive Message Security Secured SOAP Message Security Feature Function <SOAP-ENV:Envelope> SOAP Header <SOAP-ENV:Header> WS-Security - Attaches signature, encryption, security tokens <WS-Security> to SOAP messages <SAML Token> SAML Token - Authenticates initiator of SOAP request - Enables role based authorization </SAML Token> - Time-limited </WS-Security> - Interoperable </SOAP-ENV:Header> - Multiple signed areas of header and body XML Signature, DSIG - Integrity protection via PKI based cryptography <SOAP-ENV:Body> - Prevents tampering X.509 Certificate - Encryption and signature verification </SOAP-ENV:Body> (or other security token) SOAP Body </SOAP-ENV:Envelope> XML Encryption - Multiple encrypted areas of body - Prevents disclosure RPC Method Authorization - Prevents unauthorized call to methods SOAP Message XML Schema Verification - Validates against XML schema Audit - End-to-end tracing, Method access 87