180 likes | 278 Views
E-kommertsi lahenduste turvamudelid. Enn Õunapuu Tallinn T echnical University enn@cc.ttu.ee 372 0 50 97720. Designing an Authentication and Authorization Strategy The following steps identify a process that will help you develop an authentication
E N D
E-kommertsi lahenduste turvamudelid Enn Õunapuu Tallinn Technical University enn@cc.ttu.ee 372 050 97720
Designing an Authentication and Authorization Strategy The following steps identify a process that will help you develop an authentication and authorization strategy for your application: 1. Identify resources 2. Choose an authorization strategy 3. Choose the identities used for resource access 4. Consider identity flow 5. Choose an authentication approach 6. Decide how to flow identity
Identify Resources Identify resources that your application needs to expose to clients. Typical resourcesinclude: Web Server resources such as Web pages, Web services, static resources (HTMLpages and images). Database resources such as per-user data or application-wide data. Network resources such as remote file system resources and data from directorystores such as Active Directory. You must also identify the system resources that your application needs to access. This is in contrast to resources that are exposed to clients. Examples of systemresources include the registry, event logs, and configuration files.
Choose an Authorization Strategy The two basic authorization strategies are: Role based. Access to operations (typically methods) is secured based on the rolemembership of the caller. Roles are used to partition your application’s user baseinto sets of users that share the same security privileges within the application;for example, Senior Managers, Managers and Employees .Users are mapped toroles and if the user is authorized to perform the requested operation, the applicationuses fixed identities with which to access resources. These identities aretrusted by the respective resource managers (for example, databases, the filesystem, and so on).
Resource based. Individual resources are secured using Windows ACLs. Theapplication impersonates the caller prior to accessing resources, which allowsthe operating system to perform standard access checks. All resource accessis performed using the original caller’s security context. This impersonationapproach severely impacts application scalability, because it means that connectionpooling cannot be used effectively within the application’s middle tier.
Choose an Authentication Approach Two key factors that influence the choice of authentication approach are first andforemost the nature of your application’s user base (what types of browsers are theyusing and do they have Windows accounts), and secondly your application’simpersonation/delegation and auditing requirements.
Decide How to Flow Identity You can flow identity (to provide security context) at the application level or youcan flow identity and security context at the operating system level.To flow identity at the application level, use method and stored procedure parameters. Application identity flow supports: Per-user data retrieval using trusted query parameters SELECT x,y FROM SomeTable WHERE username="bob" Custom auditing within any application tier Operating system identity flow supports: Platform level auditing (for example, Windows auditing and SQL Serverauditing) Per-user authorization based on Windows identities
Secure communication Secure communication provides the following two features: Privacy. Privacy is concerned with ensuring that data remains private andconfidential, and cannot be viewed by eavesdroppers who may be armed withnetwork monitoring software. Privacy is usually provided by means of encryption. Integrity. Secure communication channels must also ensure that data is protectedfrom accidental or deliberate (malicious) modification while in transit. Integrityis usually provided by using Message Authentication Codes (MACs).
Secure Sockets Layer / Transport Layer Security (SSL/TLS). This is most commonlyused to secure the channel between a browser and Web server. However,it can also be used to secure Web service messages and communications to andfrom a database server running Microsoft® SQL Server™ 2000. Internet Protocol Security (IPSec). IPSec provides a transport level securecommunication solution and can be used to secure the data sent between twocomputers; for example, an application server and a database server. Remote Procedure Call (RPC) Encryption. The RPC protocol used by DistributedCOM (DCOM) provides an authentication level (packet privacy) that resultsin the encryption of every packet of data sent between client and server.
Using SSL When you use SSL you should be aware of the following: When SSL is applied, the client uses the HTTPS protocol (and specifies anhttps:// URL) and the server listens on TCP port 443.You should monitor your application’s performance when you enable SSL.SSL uses complex cryptographic functions to encrypt and decrypt data and as aresult impacts the performance of your application. The largest performance hitoccurs during the initial handshake, where asymmetric public/private-keyencryption is used. Subsequently (after a secure session key is generated andexchanged), faster, symmetric encryption is used to encrypt application data. You should optimize pages that use SSL by including less text and simplegraphics in those pages.
Web Service Security Model Web service security can be applied at three levels: Platform/transport level (point-to-point) security Application level (custom) security Message level (end-to-end) security
Application Level Security With this approach, the application takes over security and uses custom securityfeatures. For example: An application can use a custom SOAP header to pass user credentials to authenticatethe user with each Web service request. A common approach is to pass aticket (or user name or license) in the SOAP header. The application has the flexibility to generate its own IPrincipal object thatcontains roles. This might be a custom class or the GenericPrincipal classprovided by the .NET Framework. The application can selectively encrypt what it needs to, although this requiressecure key storage and developers must have knowledge of the relevant cryptographyAPIs.