Computer security provides confidentiality, authentication, integrity, and non-repudiation. Confidentiality prevents an eavesdropper from reading a message. Authentication prevents an intruder from masquerading as the originator of a message. Integrity prevents an intruder from modifying a message in transit or substituting a false message for a legitimate one. Non-repudiation prevents a sender from falsely denying later that he sent a message.
Encrypting a message is one way to ensure confidentiality. FIG. 1 is a block diagram of a typical encryption method in the prior art. Suppose Alice wants to send a confidential message to Bob. First, Bob sends Alice his public key 102. Then, Alice creates a cleartext 104 (an unencrypted message) encrypts it using Bob's public key 102, and sends the resulting ciphertext 106 to Bob. Next, Bob decrypts the ciphertext 108 with his private key 110, enabling him to read the cleartext 112. Eve, an eavesdropper, is unable to read the ciphertext 106 during transit and cannot decrypt it with the public key, so it is confidential. Suppose, however, when Bob initially sent his public key 102 to Alice, Eve intercepted Bob's public key 102 and substituted her own public key. Alice—thinking she had Bob's public key—encrypted the message and sent it to Bob. Eve intercepted again and decrypted the ciphertext 106 and read the cleartext 112. Even worse, Eve then substituted different cleartext using Bob's public key and Bob thought it came from Alice. How can Bob tell if the message came from Alice? Bob can tell by authenticating with an identity certificate.
FIG. 2A is a block diagram of an identity certificate 202 in the prior art. The identity certificate 202 associates an identity 204 with a public key 206 to ensure the public key 206 belongs to the identity 204. Identity certificates 202 contain information from a Certification Authority (CA) 208 and a digital signature 210. The digital signature 210 is proof of authorship by the person identified in the identity 204. If Bob digitally signs 210 an identity certificate 202 through a CA, who verifies his identity, Eve is thwarted from substituting her public key 102 for Bob's. This is because Alice verifies Bob's public key 102 using his identity certificate 202, before encrypting the cleartext 104. Thus, the identity certificate 202 provides authentication. It also ensures integrity and non-repudiation.
However, identity certificates 202 have significant drawbacks in certain practical situations. Suppose E-Commerce Inc. forms a business relationship with Major Corporation. Later, E-Commerce outsources one aspect of its business to Fly-By-Night Consulting Ltd. Major issues identity certificates to E-Commerce providing E-Commerce secure access to protected resources, including a customer database. In turn, E-Commerce issues identity certificates to Fly-By-Night and gives Fly-By-Night a copy of its identity certificate from Major. In order for Fly-By-Night to use the identity certificates issued by E-Commerce to access Major's customer database, Fly-By-Night needs a copy of the identity certificate issued from Major to E-Commerce to complete the identity certificate chain. In short, Fly-By-Night must present both its identity certificate and E-Commerce's identity certificate to Major to access the customer database. Major decides whether or not to allow access to Fly-By-Night based on additional information, such as a mapping of certificate identities to permissions. But, this is a burden for Major to maintain. Thus, Major is tempted to take shortcuts like accepting all certificates signed by E-Commerce. There is a need for a new way to assemble certificate chains so that E-Commerce retains more control over Fly-By-Night's access to Major's resources.
Sharing full security information with a subcontractor is an unacceptable risk, because there is no long-term trust relationship. E-Commerce needs a more secure method for Fly-By-Night to communicate its privileges to Major, one that preserves the trust relationship with Major. Trust is essential to doing business, especially over the Internet.
On the Internet, distributed services traditionally have been based on Remote Procedure Call (RPC), such as Distributed Component Object Model (DCOM) and Common Object Request Broker Architecture (CORBA). These used network security mechanisms that are not valid across domains, such as Windows NT and login domain. Also, firewalls routinely block RPC connections, because of the security threat they represent. A firewall is a system that prevents access to or from a private computer network. Web services attempted to finesse these problems with Hypertext Transfer Protocol (HTTP) connections not blocked by firewalls. However, this attempt did not solve the underlying issue of establishing crossdomain trust and authorization.
On the contrary, web services potentially open up huge security risks. These risks are not adequately addressed by current security mechanisms. For example, these risks are not adequately addressed by web services defined as Extensible Markup Language (XML) based Simple Object Access Protocol (SOAP) interfaces. SOAP interfaces are associated with Universal Resource Identifiers (URIs) that are accessible via Hyper Text Transfer Protocol (HTTP). XML defines standard formats for sharing information. To add authentication to SOAP packets, SOAP communications can be signed using XML digital signatures. The XML digital signature specification defines a standard way to transmit digital certificates for both conventional X.509 identity certificates and for new Simple Public Key Infrastructure (SPKI) authorization certificates. X.509 and SPKI are standards for defining digital certificates. Unfortunately, little attention has been given to the new SPKI authorization certificates. New methods should take advantage of the new SPKI authorization certificates, because the conventional X.509 identity certificates have significant practical drawbacks. Web services need new security mechanisms that directly address the underlying issue of establishing cross-domain trust and authorization. For example, E-Commerce needs to establish cross-domain trust and authorization with both Fly-By-Night and Major.
Instead of turning over its identity certificate to Fly-By-Night, E-Commerce should have delegated restricted or limited privileges to Fly-By-Night in order to protect Major's protected resources. Identity certificates 202 do not permit delegation, restrictions, or limitations. Also, E-Commerce shouldn't have to tell Major about the outsourcing. Subcontractors frequently change. Tracking and updating the identity certificates of subcontractors creates a nuisance of overhead expenses for Major. Yet, identity certificates 202 require the identity 204 of subcontractors like Fly-By-Night to be known, tracked, and updated by Major. E-Commerce needs a better method of authorizing a certificate for Fly-By-Night, one that allows E-Commerce more control over communication between Fly-By-Night and Major. E-Commerce and other organizations need certificates capable of delegating limited privileges to a third party, without revealing the identity 204 of the third party, while still providing confidentiality, authentication, integrity, and non-repudiation.