WS-Trust on Channel9: what WCF and CardSpace don't tell you
Last week Charles and I locked ourselves in a conference room, and I spent a good hour filling a big whiteboard with security hieroglyphs. The result is the video currently on the home page of our most excellent Channel9 :-)
That was an explanation that I often offer to architects during our enterprise briefings on CardSpace and on STS-based systems in general. It tries to serve many purposes:
- it should clarify why you need the various participants to own certain keys, and what are the guarantees that you can obtain. Since handling certificates is expensive, it gives you a rationale behind their usage
- it is supposed to give confidence about the security of the underlying system, showing phase by phase why you can be sure of the identity of the caller, why a man in the middle can't really do much with a captured message, why capturing a token and replying it in another message is not of much help to an attacker, what it *really* means to guarantee integrity...
- it makes a very practical example of how policies are used in concrete, and gives to the concept of claim a solid anchor
In extreme synthesis, the principle is not different from the well know kerberos trick. However, I've never found an explanation of it that would make use of some visual aid like the notation I introduce in the video (I actually introduced years ago in another post, but the image server is down for the time being): since I'm a very visual person, this void made me struggle when I was ramping up on that technology. Now: while I don't pretend it to be the breakthrough that my ancestors had when we moved from XXXVVIII to the Arab digit&position based number notation, I truly believe that a decent notation can truly help to make sense of security and messages. LET ME KNOW WHAT YOU THINK :-)
Side notes:
- Charles did an amazing job at following the action as it was unfolding on the big whiteboard. He's an incredible professional, who mixes technical skills with an amazing sense of directiing. Grazie Carlo!!!
- Fluffy detail, unworthy of an unshaved, tough looking 92-Kg man with half a mt. of hair. I was in doubt if I should have worn my Zena t-shirt (represents Genova, my home city (home town is Camogli)) or the DISI t-shirt (DISI is the computer science department in the Genova University, of which I'm a proud alumni). The choice went on the Zena one for purely cosmetic reasons: that tshirt is dark blue and does a good job at mitigating my ex-smoker belly, while the DISI one is white and would have only enhanced the problem :-D
Comments
Anonymous
October 10, 2006
I have been doing a fair bit of Identity MetaSystem and CardSpace conversations with many of our enterpriseAnonymous
October 17, 2006
There is so much I want to say about important topics like Rocky's well-written, thought provoking SemanticAnonymous
June 11, 2007
CardSpace and the general concept of Federation might have a conflict of interest. But what about SSOAnonymous
June 26, 2007
It's that time of the year again: the end of June marks the end of the fiscal year, and for us it's time