セキュリティ関連XML規格の紹介

Size: px

Start display at page:

Download "セキュリティ関連XML規格の紹介"

かずゆきかやぬま
6 years ago
Views:

1 XML XML WG SWG

2 XML XML XML XML XML 2

3 XML 3

4 XML XML 4

5 XML V2 XML XML Web XACML SAML XKMS XML 5

6 XML 6

7 : ( ) ( ) : ) ( / ) XML 7

8 DoS XML 8

9 FW DIS DoS XML 9

10 XML W3C OASIS SAML Single Sign On XACML XML Signature/Encryption XKMS XML Pay XML 10

12 XML 12

13 / : [ ] : JFB [yasuitabi.com ] : JUST : SI2 : BEGINNER XML 13

14 : 1. JFB JUST SI2 Web JUST ( JUST JFB SI2 XML 14

15 : JFB SAML JUST SI2 XACML, XML Encryption XML Signature XML 15

16 SAML - Security Assertion Markup Language / / (Single Sign-On) (Pull/Push/3rd Party Security) OASIS (e-business [NPO] OASIS... OASIS SSTC: XML 16

17 SAML Proxy XML 17

18 SAML NameIdentifier ConfirmationMethod XML 18

19 XML 19 SAML SAML Assertion NameIdentifier

20 XACML - extensible Access Control Markup Language OASIS(e-business [NPO] OASIS... OASIS XACML TC: XML 20

21 XACML Requester PEP XML XML Repository SAML Request SAML Response PIP PDP XML subject, resource, environment PEP: Policy enforcement point PDP: Policy decision point PRP: Policy retrieval point PAP XACML Request install PAP: Policy administration point PIP: Policy information point PRP XACML Response retrieve store XACML Repository XML 21

22 XACML policysetstatement policystatement rule obligations target condition effect subjects resources actions XML 22

23 XACML <rule ruleid= //justair.co.jp/rule/id/1 effect= Allow > <description>sample policy</description> <target> <subjects> <saml:attribute AttributeName= RFC822Name > <saml:attributevalue>* </saml:attributevalue> </saml:attribute> </subjects> <resources> <saml:attribute AttributeName= documenturi > <saml:attributevalue>//justair.co.jp/reserve/.*</saml:attributevalue> </saml:attribute> </resouces> <actions> <saml:action>read</saml:action> </actions> </target> <condition> <equal> <saml:attributedesignator AttributeName= requestor AttributeNamespace= //oasis-open.org/ /xacml/docs/identifiers/ /> <saml: AttributeDesignator AttributeName= agentname AttributeNamespace= //justair.co.jp/record/agent/ / > </equal> </condition> </rule> subjects resources actions condition XML 23

24 : 2. Web X JFB JUST SI2 BIGINNER < > </ > XML 24

25 : JFB JUST SI2 BIGINNER XML Signature XKMS JFB JUST SI XML Encryption XKMS XML 25

26 PKI CA XML 26

27 XML Signature XML PKI 2002/2/12 W3C (Private Key) (Public Key) XML 27

28 <Signature xmlns= > <SignedInfo> <CanonicalizationMethod Algorithm= /> </CanonicalizationMethod> <SignatureMethod Algorithm= /> <Reference URI= #Ref1 > <Transforms> <Transform Algorithm= /> </Transforms> <DigestMethod Algorithm= /> <DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue> </Reference> </SignedInfo> <SignatureValue>MC0CFFrVLtRlk..=</SignatureValue> <KeyInfo> </KeyInfo> <Object Id= Ref1 > <Order>< > X </ > <Creditcard> <Name>Takashi Shimoda</Name> <VALIDTHRU>03-05</VALIDTHRU> <CardNo> </CardNo> </Creditcard> </Order> </Object> </Signature > SignedInfo SignatureValue KeyInfo Object XML 28

29 XML Encryption XML < > </ > < > </ > < > </ > JFB BEGINNER XML 29

30 <Order> <Creditcard> <EncryptedData Id="ED" xmlns=" <EncryptionMethod Algorithm="#tripledes-cbc"> <ds:keyinfo xmlns:ds=" <EncryptedKey> <EncryptionMethod Algorithm="#rsa1_5"> <ds:keyinfo> <KeyName> </ds:keyinfo> <ChipherData>5+GpVuQNTAT3uY8pPed</ChipherData> <ReferenceList> <DataReference URI="#ED"/> </ReferenceList> </EncryptedKey> </KeyInfo> <CipherData> <ChipherValue>41a2BdeaXEdda468Xaegde..</ChipherValue> </CipherData> </EncryptedData> <Creditcard> <Order> EncryptionMethod EncryptedKey: CipherValue XML 30

31 XKMS 2.0 (XML Key Management Specification) K-KRSS) X-KISS X-KRSS XKMS X-KISS XML 31

32 XKMS X-KISS) Locate XML Signature <KeyInfo> <Locate xmlns=" <Query> <KeyInfo xmlns=" </KeyInfo> </Query> <Respond> <string>keyname</string> <string>keyvalue</string> </Respond> </Locate> Query Respond XML 32

33 XKMS X-KISS) Validate <Validate xmlns=" <Query> <Status>Indeterminate</Status> <KeyInfo xmlns=" <KeyValue> <RSAKeyValue> <Modulus>y0eZi+pL544O0anaCbHOF==</Modulus> <Exponent>AQAB</Exponent> </RSAKeyValue> </KeyValue> </KeyInfo> </Query> <Respond> <string>keyvalue </string> <string>x509data </string> </Respond> </Validate> Query Respond XML 33

34 XKMS X-KISS) <ValidateResult <ValidateResult xmlns=" <Reslut>Success</Reslut> <Answer> <KeyBinding> <Status>Valid</Status> <KeyInfo xmlns=" <KeyValue> <RSAKeyValue> <Modulus>y0eZi+pL544O0anaCbHOF==</Modulus> <Exponent>AQAB</Exponent> </RSAKeyValue> </KeyValue> <X509Data> </X590Data> </KeyInfo> </KeyBinding> </Answer> </ValidateResult> Answer Update XML 34

35 XKMS KXMS CA Validate <KeyName> ValidateResult Validate XKMS CA XML 35

36 : XKMS < > <Card> </Card> </ > JFB XML Signature XML Signature XML Signature XKMS XKMS XKMS XML Encryption XML Encryption XML 36

37 : < > <Card> </Card> </ > XML Signature XKMS XML Encryption XKMS Register XKMS Locate BEGINNER XML Encryption XML Signature XML 37

38 : JFB XML Signature XKMS XKMS Validate XML Signature XML 38

39 : BEGINNER XKMS XML Signature XKMS XML Encryption XKMS Register JFB XML Encryption XML 39

40 : J J XML 40

41 : 3. yasuitabi.com OK JFB(yasuitabi.com) JUST SI2 e XML 41

42 : 4. JFB JFB BEGINNER BEGINNER JFB JFB XML 42

43 : XML Pay Request JFB XML Pay Response BEGINNER XML 43

44 XML Pay XML Pay: core B2C B2B XML XML Pay: Registration XML Pay: Reports XML 44

45 XML Pay XML Pay XML Pay (Request) (Response) (Receipt) XML 45

46 XML PayRequest( ) <XML PayRequest> <RequestData> <MerchantId> ID JFB <Transactions> <RequestAuth> JUST - SI2 XML 46

47 XML PayResponse( ) <XML PayResponse> <ResponseData> <MerchantId> <TransactionsResults> ID <Signature> <TransactionReceipts> XML 47

48 XML PayReceipt( ) <XML PayReceipt> <ReceiptData> <MerchantId> <Transaction> ID <TransactionResult> <Signature> XML 48

49 XMLPayRequest Document (1) <Invoice> <BillTo> <Name>Shimoda</Name> <Address>Tokyo</Address> </BillTo> <Items> <ItemNumber="1"> <Description>AirFare</Description> <Quantity>2</Quantity> <TotalAmt>80000</TotalAmt> </Item> <ItemNumber="2"> <Description>AccommodationCharges</Description> <Quantity>2</Quantity> <TotalAmt>35000</TotalAmt> </Item> </Items> <TotalAmt>115000</TotalAmt> </Invoice> - SI XML 49

50 XMLPayRequest Document (2) <Tender> <Card> <CardType>BEGINNER</CardType> <CardNum> </CardNum> <ExpDate>200207</ExpDate> <NameOnCard>Shimoda</NameOnCard> </Card> </Tender> <XMLPayRequest> <RequestData> <Transactions> ( </Transactions> </RequestData> (Signature) </XMLPayRequest> Option) XML 50

51 XMLPayResponse Document <XMLPayResponse> <TransactionResult> <Result>0</Result> <AVSResult> <StreetMatch>match</StreetMatch> <ZipMatch>match</ZipMatch> </AVSResult> (0= AVS( ) <CVResult>match</CVResult> <Message>AuthorizationApproved</Message> CV(Credit Void) <PNRef>PN </PNRef> <AuthCode> </AuthCode> </TransactionResult> </XMLPayResponse> (Signature) Option) XML 51

52 XMLPayReceipt Document <XMLPayReceipt> <ReceiptData> <Transaction> </Transaction> <TransactionResult> </TransactionResult> </ReceiptData> (Signature) Option) </XMLPayReceipt> XML 52

53 : ] 5. JUST SI2 JFB JFB.. XML 53

54 CAUTION: / / XML 54

55 XML XML

56 XML XML XML 56

57 XML Signature W3C Example Test Result XML 57

Encryption Security

Encryption Security 200426 XML Consortium WG XML Signature XML Encryption XKMS2.0 X-KRSS:Register X-KISS:Locate X-KISS:Validate WS-Security XACML WG 2004/02/06 1 XML WG 2004/02/06 2 2001 2002 2003 XKMS XML SAML SSO SAML XML