Questions on OGSA WSRF Basic Profile 1.0
Hi folks, Sorry if these are dumb questions... I was looking through WSRF Basic Profile 1.0, (Revised: Friday, June 10, 2005).
Section 9.1.1 Mandated Secure Transport
"All messages are subject to interference and corruption during transmission. The Profile mandates secure transmission of messages." Is there a reference that makes this case? I have looked at the WS-I document "Security Challenges, Threats and Countermeasures" http://www.ws-i.org/Profiles/BasicSecurity/SecurityChallenges-1.0.pdf which indicates that message level security is OK for many threats. WSRF & ACID Section 7 of Web Service Resource Properties 1.2 discusses ACID and WSRF - a WSRF implementor can choose a concurrency policy with regard to updating and retrieving resource properties, so two implementations of a WS-Resource with the same operations and PropertiesDocument could actually have different behaviour leading to interoperability issues for clients - is this any area for a WSRF profile to address? thanks Mark ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mark Mc Keown RSS Mark.McKeown@man.ac.uk Manchester Computing +44 161 275 0601 University of Manchester ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A little more broadly, I don't quite understand the justification for *ANY* mention of security in OGSA WSRF Basic Profile beyond "see WS-I Basic Security Profile v 1.0". If the authors felt that there was something specific in the WSRF rendering, that might be one thing, but I don't particularly see that in the text. Let me put this another way: The reader who is not intimately involved with WSRF reads this and wonders "Why are they possibly doing this? Isn't WS-I Basic Security Profile sufficient to 'secure' Web services? Are they saying that WS-I Basic Security Profile is INSUFFICIENT? Then why don't they say this directly? Are they instead just repeating some things in WS-I Basic Security Profile? For what reason? If so, then why can't they just say this?" The reader somewhat more involved/cognizant immediately comes around to what Mark points out. That is, as one of my guys puts it after reading the doc: "On the security front, SSL and mutual authentication is required everywhere. It seems strange that SSL is required even if WS-Security message level encryption is used. In some cases might you want to allow anonymous access or not care about encryption? I think, maybe yes. I'm not sure how much is gained by restricting flexibility here. Certainly not interop, since interop is always best without security." I'd like to hear more of the justification for this, as Mark points out (as others wonder as well, I'm sure). -- Marty Marty Humphrey Assistant Professor Department of Computer Science University of Virginia
-----Original Message----- From: owner-ogsa-wg@ggf.org [mailto:owner-ogsa-wg@ggf.org] On Behalf Of Mark McKeown Sent: Friday, June 10, 2005 9:11 AM To: ogsa-wg@gridforum.org Subject: [ogsa-wg] Questions on OGSA WSRF Basic Profile 1.0
Hi folks, Sorry if these are dumb questions...
I was looking through WSRF Basic Profile 1.0, (Revised: Friday, June 10, 2005).
Section 9.1.1 Mandated Secure Transport
"All messages are subject to interference and corruption during transmission. The Profile mandates secure transmission of messages."
Is there a reference that makes this case?
I have looked at the WS-I document "Security Challenges, Threats and Countermeasures" http://www.ws-i.org/Profiles/BasicSecurity/SecurityChallenges-1.0.pdf which indicates that message level security is OK for many threats.
WSRF & ACID
Section 7 of Web Service Resource Properties 1.2 discusses ACID and WSRF - a WSRF implementor can choose a concurrency policy with regard to updating and retrieving resource properties, so two implementations of a WS-Resource with the same operations and PropertiesDocument could actually have different behaviour leading to interoperability issues for clients - is this any area for a WSRF profile to address?
thanks Mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mark Mc Keown RSS Mark.McKeown@man.ac.uk Manchester Computing +44 161 275 0601 University of Manchester ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Let me put this another way: The reader who is not intimately involved with WSRF reads this and wonders "Why are they possibly doing this? Isn't WS-I Basic Security Profile sufficient to 'secure' Web services? Are they saying that WS-I Basic Security Profile is INSUFFICIENT? Then why don't they say this directly? Are they instead just repeating some things in WS-I Basic Security Profile? For what reason? If so, then why can't they just say this?"
We are not saying that BSP is not sufficient to secure Web services. The problem is that strictly speaking you can be WS-BSP conformant and have no security. The conformance requirements are there to 'require' all OGSA BP compliant services to provide a security.
The reader somewhat more involved/cognizant immediately comes around to what Mark points out. That is, as one of my guys puts it after reading the doc:
"On the security front, SSL and mutual authentication is required everywhere. It seems strange that SSL is required even if WS-Security message level encryption is used. In some cases might you want to allow anonymous access or not care about encryption? I think, maybe yes. I'm not sure how much is gained by restricting flexibility here. Certainly not interop, since interop is always best without security."
I'll leave this discussion to others who are more eloquent on these requirements.
I'd like to hear more of the justification for this, as Mark points out (as others wonder as well, I'm sure).
-- Marty
Marty Humphrey Assistant Professor Department of Computer Science University of Virginia
-----Original Message----- From: owner-ogsa-wg@ggf.org [mailto:owner-ogsa-wg@ggf.org] On Behalf Of Mark McKeown Sent: Friday, June 10, 2005 9:11 AM To: ogsa-wg@gridforum.org Subject: [ogsa-wg] Questions on OGSA WSRF Basic Profile 1.0
Hi folks, Sorry if these are dumb questions...
I was looking through WSRF Basic Profile 1.0, (Revised: Friday, June 10, 2005).
Section 9.1.1 Mandated Secure Transport
"All messages are subject to interference and corruption during transmission. The Profile mandates secure transmission of messages."
Is there a reference that makes this case?
I have looked at the WS-I document "Security Challenges, Threats and Countermeasures" http://www.ws-i.org/Profiles/BasicSecurity/SecurityChallenges-1.0.pdf which indicates that message level security is OK for many threats.
WSRF & ACID
Section 7 of Web Service Resource Properties 1.2 discusses ACID and WSRF - a WSRF implementor can choose a concurrency policy with regard to updating and retrieving resource properties, so two implementations of a WS-Resource with the same operations and PropertiesDocument could actually have different behaviour leading to interoperability issues for clients - is this any area for a WSRF profile to address?
thanks Mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mark Mc Keown RSS Mark.McKeown@man.ac.uk Manchester Computing +44 161 275 0601 University of Manchester ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: Tom Maguire <tmaguire@us.ibm.com> Subject: RE: [ogsa-wg] Questions on OGSA WSRF Basic Profile 1.0 Date: Fri, 10 Jun 2005 12:30:48 -0400
Let me put this another way: The reader who is not intimately involved with WSRF reads this and wonders "Why are they possibly doing this? Isn't WS-I Basic Security Profile sufficient to 'secure' Web services? Are they saying that WS-I Basic Security Profile is INSUFFICIENT? Then why don't they say this directly? Are they instead just repeating some things in WS-I Basic Security Profile? For what reason? If so, then why can't they just say this?"
We are not saying that BSP is not sufficient to secure Web services. The problem is that strictly speaking you can be WS-BSP conformant and have no security. The conformance requirements are there to 'require' all OGSA BP compliant services to provide a security.
The reader somewhat more involved/cognizant immediately comes around to what Mark points out. That is, as one of my guys puts it after reading the doc:
"On the security front, SSL and mutual authentication is required everywhere. It seems strange that SSL is required even if WS-Security message level encryption is used. In some cases might you want to allow anonymous access or not care about encryption? I think, maybe yes. I'm not sure how much is gained by restricting flexibility here. Certainly not interop, since interop is always best without security."
I'll leave this discussion to others who are more eloquent on these requirements.
If I understand correctly, I think we once agreed on the following: - if we use https as the transport, TLS/SSL MUST be used - if we use http as the transport, WS-Security/Message Level Security MUST be used - the profile requires a service to implement one of these (MUST/SHOULD?) - a client MUST support both (Refer to the tracker item: https://forge.gridforum.org/tracker/?aid=1320) Although, I'm not clear if the agreement for implementing one of these on the server side is a MUST or a SHOULD requirement, but the description in the current version of BP doesn't seem to state as we agreed. (I totally overlooked this, so I will verify if the document is consistent with the solution described in security tracker items.) I personally undersand that there might be some environment where no security (encryption or signature on communication channel) is required, so, I myself think it is good to make the requirement for security on communication channels as SHOULD (with some note that says use no security only when you are really sure you don't need security). The reason why my opinion was rejected was because such secure environment implied a close environment where a interoperability needs not be stated, if I remember it correctly.
I'd like to hear more of the justification for this, as Mark points out (as others wonder as well, I'm sure).
-- Marty
Marty Humphrey Assistant Professor Department of Computer Science University of Virginia
-----Original Message----- From: owner-ogsa-wg@ggf.org [mailto:owner-ogsa-wg@ggf.org] On Behalf Of Mark McKeown Sent: Friday, June 10, 2005 9:11 AM To: ogsa-wg@gridforum.org Subject: [ogsa-wg] Questions on OGSA WSRF Basic Profile 1.0
Hi folks, Sorry if these are dumb questions...
I was looking through WSRF Basic Profile 1.0, (Revised: Friday, June 10, 2005).
Section 9.1.1 Mandated Secure Transport
"All messages are subject to interference and corruption during transmission. The Profile mandates secure transmission of messages."
Is there a reference that makes this case?
I have looked at the WS-I document "Security Challenges, Threats and Countermeasures" http://www.ws-i.org/Profiles/BasicSecurity/SecurityChallenges-1.0.pdf which indicates that message level security is OK for many threats.
WSRF & ACID
Section 7 of Web Service Resource Properties 1.2 discusses ACID and WSRF - a WSRF implementor can choose a concurrency policy with regard to updating and retrieving resource properties, so two implementations of a WS-Resource with the same operations and PropertiesDocument could actually have different behaviour leading to interoperability issues for clients - is this any area for a WSRF profile to address?
thanks Mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mark Mc Keown RSS Mark.McKeown@man.ac.uk Manchester Computing +44 161 275 0601 University of Manchester ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
participants (4)
-
Mark McKeown -
Marty Humphrey -
Takuya Mori -
Tom Maguire