OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wsn message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [wsn] Issue Verification BaseN 1.0j Issue 2.6: Third party subscribercan be a security concern


There is some more text that appears at the end of section 7.2...

   In addition to the usual concerns of authorization and message integrity
   which apply to all web services, notification presents issues all its
   own due to the third-party nature of subscription.  Since the
   NotificationProducer is agreeing to produce Notifications for a consumer
   based on the requests of a Subscriber, it must assure itself that there
   is no harm in producing these Notifications.  A malicious Subscriber may
   request Notifications be sent to a party that is not authorized to
   receive them.  It may also mount DOS attacks by requesting large volumes
   of Notifications be sent to parties that cannot handle them.

   The NotificationProducer may address these risks in many different ways,
   including but not limited to:

   ·  Simply trusting all Subscribers, perhaps because all parties are
   known to be on a closed, trusted, network, or because the consequences
   of unauthorized Subscriptions are otherwise known to be negligible.
   ·  Requiring all Subscribers to provide secure credentials proving that
   they are trusted to make subscriptions.
   ·  Refusing to produce notifications for NotificationConsumers that are
   not known to be authorized.
   ·  Explicitly confirming with NotificationConsumers whether they wish to
   receive the Notifications that the Subscriber has requested.
   ·  Some combination of the above, depending on the identity of the
   Subscriber and NotificationProducer

This is explicitly about the risks that arise from the third-party nature
of subscriptions, and I think it does address issue 2.6 and is in keeping
with the agreed approach.

Peter Niblett

             Tom Maguire                                                   
             com>                                                       To 
             28/06/2005 02:36                                           cc 
                                       [wsn] Issue Verification BaseN 1.0j 
                                       Issue 2.6: Third party subscriber   
                                       can be a security concern           

Agreed Approach: Describe the additional security risks imposed by the
third party nature of the suscripion mechanism in the Security
Considerations section. Provide examples of how such risks may be averted.

   It should be noted that even though Subscriptions may be done by
   authorized principals, the Notifications may be delivered to
   NotificationConsumers whose identity may be different from the
   Subscriber. Message protection policies as outlined in the previous
   section can be used to ensure that sensitive Notifications are not
   delivered to malicious endpoints. For example, a key may need to be
   specified or generated during the process of Subscription, so that the
   Notifications can be encrypted using the key to ensure confidentiality
   of the messages. The mechanism by which the key is specified is governed
   by the Subscription policy.

While there is a brief description of 3rd party security considerations it
does not seem to in the spirit of the agreed approach.


Frey’s Law: “Every 5 years the number of architecture components double and
the ability to comprehend them halves”

Perfection is achieved, not when there is nothing more to add, but when
there is nothing left to take away.   – Antoine de Saint-Exupery

T o m   M a g u i r e

STSM, On Demand Architecture

Poughkeepsie, NY  12601

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]