3. Confidentiality
When
dealing with sensitive information, there is little use in establishing
identity and authorization if the results of a call will be broadcast
to anyone who is interested. Confidentiality
is the concept of preventing others from reading the information
exchanged between a caller and a service. This is typically
accomplished via encryption, and a variety of mechanisms for this exist
within WCF.
4. Integrity
The
final basic concept of security is the assurance that the contents of a
message have not been tampered with during transfer between caller and
service, and vice versa. This is typically done by digitally signing or
generating a signed hash for the contents of the message and having the
receiving party validate the signature based on the contents of what it
received. If the computed value does not match the embedded value, the
message should be refused.
Note
that integrity can be provided even when privacy is not necessary. It
may be acceptable to send information in the clear (unencrypted) as
long as the receiver can be assured that it is the original data via
digital signature verification.
5. Transport and Message Security
There
are two major classifications of security within WCF; both are related
to the security of what is transferred between a service and caller
(sometimes called transfer security). The first concept is of protecting data as it is sent across the network, or “on the wire.” This is known as transport security. The other classification is called message security and is concerned with the protection that each message provides for itself, regardless of the transportation mechanism used.
Transport
security provides protection for the data sent, without regard to the
contents. A common approach for this is to use Secure Sockets Layer
(SSL) for encrypting and signing the contents of the packets sent over
HTTPS. There are other transport security options as well, and the
choice of options will depend on the particular WCF binding used. In
fact, you will see that many options in WCF are configured to be secure
by default, such as with TCP.
One
limitation of transport security is that it relies on every “step” and
participant in the network path having consistently configured
security. In other words, if a message must travel through an
intermediary before reaching its destination, there is no way to ensure
that transport security has been enabled for the step after the
intermediary (unless that intermediary is fully controlled by the
original service provider). If that security is not faithfully
reproduced, the data may be compromised downstream. In addition, the
intermediary itself must be trusted not to alter the message before
continuing transfer. These considerations are especially important for
services available via Internet-based routes, and typically less
important for systems exposed and consumed within a corporate intranet.
Message
security focuses on ensuring the integrity and privacy of individual
messages, without regard for the network. Through mechanisms such as
encryption and signing via public and private keys, the message will be
protected even if sent over an unprotected transport (such as plain
HTTP).
The option to use transport and message security is typically specified in configuration; two basic examples are shown in Listing 1.
Listing 1. Transport and Message Security Examples
<basicHttpBinding>
<binding name="MyBinding">
<security mode="Transport">
<transport clientCredentialType="Windows"/>
</security >
</binding>
</basicHttpBinding>
<wsHttpBinding>
<binding name="MyBinding">
<security mode="Message">
<transport clientCredentialType="None"/>
</security >
</binding>
</wsHttpBinding>
|
