セキュリティ関連XML規格の紹介 - PDF 無料ダウンロード

XML 2002 6 10 XML WG SWG

XML XML XML XML XML 2

XML 3

XML XML 4

2001 2002 7 8 9 10 11 12 1 2 3 4 5 6 XML V2 XML XML Web XACML SAML XKMS XML 5

XML 6

: ( ) ( ) : ) ( / ) XML 7

DoS XML 8

FW DIS DoS XML 9

XML W3C OASIS SAML Single Sign On XACML XML Signature/Encryption XKMS XML Pay XML 10

1. 2. 3. 4. 5. XML 12

/ : [ ] : JFB [yasuitabi.com ] : JUST : SI2 : BEGINNER XML 13

: 1. JFB JUST SI2 Web JUST ( JUST JFB SI2 XML 14

: JFB SAML JUST SI2 XACML, XML Encryption XML Signature XML 15

SAML - Security Assertion Markup Language / / (Single Sign-On) (Pull/Push/3rd Party Security) OASIS (e-business [NPO] 2002 7 OASIS... OASIS SSTC: http://www.oasis-open.org/committees/security/ XML 16

SAML Proxy XML 17

SAML NameIdentifier ConfirmationMethod XML 18

XML 19 SAML SAML Assertion NameIdentifier

XACML - extensible Access Control Markup Language OASIS(e-business [NPO] 2002 7 OASIS... OASIS XACML TC: http://www.oasis-open.org/committees/xacml/ XML 20

XACML Requester PEP XML XML Repository SAML Request SAML Response PIP PDP XML subject, resource, environment PEP: Policy enforcement point PDP: Policy decision point PRP: Policy retrieval point PAP XACML Request install PAP: Policy administration point PIP: Policy information point PRP XACML Response retrieve store XACML Repository XML 21

XACML policysetstatement policystatement rule obligations target condition effect subjects resources actions XML 22

XACML <rule ruleid= //justair.co.jp/rule/id/1 effect= Allow > <description>sample policy</description> <target> <subjects> <saml:attribute AttributeName= RFC822Name > <saml:attributevalue>* </saml:attributevalue> </saml:attribute> </subjects> <resources> <saml:attribute AttributeName= documenturi > <saml:attributevalue>//justair.co.jp/reserve/.*</saml:attributevalue> </saml:attribute> </resouces> <actions> <saml:action>read</saml:action> </actions> </target> <condition> <equal> <saml:attributedesignator AttributeName= requestor AttributeNamespace= //oasis-open.org/ /xacml/docs/identifiers/ /> <saml: AttributeDesignator AttributeName= agentname AttributeNamespace= //justair.co.jp/record/agent/ / > </equal> </condition> </rule> subjects resources actions condition XML 23

: 2. Web X JFB JUST SI2 BIGINNER < > </ > XML 24

: JFB JUST SI2 BIGINNER XML Signature XKMS JFB JUST SI XML Encryption XKMS XML 25

PKI CA XML 26

XML Signature XML PKI 2002/2/12 W3C (Private Key) (Public Key) XML 27

<Signature xmlns= http://www.w3.org/2000/09/xmldsig# > <SignedInfo> <CanonicalizationMethod Algorithm= http://www.w3.org/tr/2001/rec-xml-c14n-20010315 /> </CanonicalizationMethod> <SignatureMethod Algorithm= http://www.w3.org/2000/09/xmldsig#dsa-sha1 /> <Reference URI= #Ref1 > <Transforms> <Transform Algorithm= http://www.w3.org/tr/2001/rec-xml-c14n-20010315 /> </Transforms> <DigestMethod Algorithm= http://www.w3.org/2000/09/xmldsig#sha1 /> <DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue> </Reference> </SignedInfo> <SignatureValue>MC0CFFrVLtRlk..=</SignatureValue> <KeyInfo> <KeyName>shimoda@o-camera.com#RSAKey</KeyName> </KeyInfo> <Object Id= Ref1 > <Order>< > X </ > <Creditcard> <Name>Takashi Shimoda</Name> <VALIDTHRU>03-05</VALIDTHRU> <CardNo>1234-5678-9999-0000</CardNo> </Creditcard> </Order> </Object> </Signature > SignedInfo SignatureValue KeyInfo Object XML 28

XML Encryption XML 2002-03-14 < > </ > < > </ > < > </ > JFB BEGINNER XML 29

<Order> <Creditcard> <EncryptedData Id="ED" xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="#tripledes-cbc"> <ds:keyinfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <EncryptedKey> <EncryptionMethod Algorithm="#rsa1_5"> <ds:keyinfo> <KeyName> shimoda@o-camera.com#rsakey</keyname> </ds:keyinfo> <ChipherData>5+GpVuQNTAT3uY8pPed</ChipherData> <ReferenceList> <DataReference URI="#ED"/> </ReferenceList> </EncryptedKey> </KeyInfo> <CipherData> <ChipherValue>41a2BdeaXEdda468Xaegde..</ChipherValue> </CipherData> </EncryptedData> <Creditcard> <Order> EncryptionMethod EncryptedKey: CipherValue XML 30

XKMS 2.0 (XML Key Management Specification) K-KRSS) X-KISS 2002-03-18 X-KRSS XKMS X-KISS XML 31

XKMS X-KISS) Locate XML Signature <KeyInfo> <Locate xmlns="http://www.xkms.org/schema/xkms-2001-01-20"> <Query> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>Encryption@beginnercard.com#RSAKey</KeyName> </KeyInfo> </Query> <Respond> <string>keyname</string> <string>keyvalue</string> </Respond> </Locate> Query Respond XML 32

XKMS X-KISS) Validate <Validate xmlns="http://www.xkms.org/schema/xkms-2001-01-20"> <Query> <Status>Indeterminate</Status> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyValue> <RSAKeyValue> <Modulus>y0eZi+pL544O0anaCbHOF==</Modulus> <Exponent>AQAB</Exponent> </RSAKeyValue> </KeyValue> </KeyInfo> </Query> <Respond> <string>keyvalue </string> <string>x509data </string> </Respond> </Validate> Query Respond XML 33

XKMS X-KISS) <ValidateResult <ValidateResult xmlns="http://www.xkms.org/schema/xkms-2001-01-20"> <Reslut>Success</Reslut> <Answer> <KeyBinding> <Status>Valid</Status> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyValue> <RSAKeyValue> <Modulus>y0eZi+pL544O0anaCbHOF==</Modulus> <Exponent>AQAB</Exponent> </RSAKeyValue> </KeyValue> <X509Data> </X590Data> </KeyInfo> </KeyBinding> </Answer> </ValidateResult> Answer Update XML 34

XKMS KXMS CA Validate <KeyName> ValidateResult Validate XKMS CA XML 35

: XKMS < > <Card> </Card> </ > JFB XML Signature XML Signature XML Signature XKMS XKMS XKMS XML Encryption XML Encryption XML 36

: < > <Card> </Card> </ > XML Signature XKMS XML Encryption XKMS Register XKMS Locate BEGINNER XML Encryption XML Signature XML 37

: JFB XML Signature XKMS XKMS Validate XML Signature XML 38

: BEGINNER XKMS XML Signature XKMS XML Encryption XKMS Register JFB XML Encryption XML 39

: J J XML 40

: 3. yasuitabi.com OK JFB(yasuitabi.com) JUST SI2 e XML 41

: 4. JFB JFB BEGINNER BEGINNER JFB JFB XML 42

: XML Pay Request JFB XML Pay Response BEGINNER XML 43

XML Pay XML Pay: core B2C B2B XML XML Pay: Registration XML Pay: Reports XML 44

XML Pay XML Pay XML Pay (Request) (Response) (Receipt) XML 45

XML PayRequest( ) <XML PayRequest> <RequestData> <MerchantId> ID JFB <Transactions> <RequestAuth> JUST - SI2 XML 46

XML PayResponse( ) <XML PayResponse> <ResponseData> <MerchantId> <TransactionsResults> ID <Signature> <TransactionReceipts> XML 47

XML PayReceipt( ) <XML PayReceipt> <ReceiptData> <MerchantId> <Transaction> ID <TransactionResult> <Signature> XML 48

XMLPayRequest Document (1) <Invoice> <BillTo> <Name>Shimoda</Name> <Address>Tokyo</Address> <EMail>shimoda@o-camera.com</EMail> </BillTo> <Items> <ItemNumber="1"> <Description>AirFare</Description> <Quantity>2</Quantity> <TotalAmt>80000</TotalAmt> </Item> <ItemNumber="2"> <Description>AccommodationCharges</Description> <Quantity>2</Quantity> <TotalAmt>35000</TotalAmt> </Item> </Items> <TotalAmt>115000</TotalAmt> </Invoice> - SI2 115000 XML 49

XMLPayRequest Document (2) <Tender> <Card> <CardType>BEGINNER</CardType> <CardNum>1234567890</CardNum> <ExpDate>200207</ExpDate> <NameOnCard>Shimoda</NameOnCard> </Card> </Tender> <XMLPayRequest> <RequestData> <Transactions> ( </Transactions> </RequestData> (Signature) </XMLPayRequest> Option) XML 50

XMLPayResponse Document <XMLPayResponse> <TransactionResult> <Result>0</Result> <AVSResult> <StreetMatch>match</StreetMatch> <ZipMatch>match</ZipMatch> </AVSResult> (0= AVS( ) <CVResult>match</CVResult> <Message>AuthorizationApproved</Message> CV(Credit Void) <PNRef>PN123412345</PNRef> <AuthCode>12345678</AuthCode> </TransactionResult> </XMLPayResponse> (Signature) Option) XML 51

XMLPayReceipt Document <XMLPayReceipt> <ReceiptData> <Transaction> </Transaction> <TransactionResult> </TransactionResult> </ReceiptData> (Signature) Option) </XMLPayReceipt> XML 52

: ] 5. JUST SI2 JFB JFB.. XML 53

CAUTION: / / XML 54

XML XML

XML XML XML 56

XML Signature 1999 10 W3C Example Test Result XML 57