Working Draft 01, April 11 200 !ocation" http://www.standards-oss.org/documents/ws-r_wss_interop.pdf #$itors" Hamid Ben Malek (hmalek@us.fujitsu.com
!ac"ues #urand (jdurand@us.fujitsu.com %ontributors" Abstract" $his document descri%es the test cases as well as the tools (applications and &'(s used for interopera%ilit) tests a%out the composition of *+-,elia%ilit) and *++ profiles. $his document does not prescri%e a conformance test suite. *+-,elia%ilit)/*++ (nteropera%ilit) $est +pecification &pril --. /001 2op)right 3 4&+(+ 4pen /005. &ll ,ights ,eser6ed. 'age - of 7 / 8 5 1 9 : 7 ; -0 -- -/ -8 -5 -1 -9 -: -7 -; /0 /- // 1 Intro$uction $his document pro6ides a documentation a%out the 6arious test cases in6ol6ed. as well as the we% ser6ice applications. its &'(s. and its tools. and on how to deplo) the ser6ice application and hook up a client application with the client &'( of the test suite. $he test suite can %e downloaded from http://www.standards-oss.org Basic securit) features that translate into specific message processing fall into four main areas identified in <Hand%ook of &pplied 2r)ptograph)= (%) &. Mene>es. '. 6an 4orschot. and +. ?anstone. 2,2 'ress. -;;9: www.cacr.math.uwaterloo.ca/hac . from which other features ca %e deri6ed: - &uthentication - #ata integrit) - 2onfidentialit) - @on-repudiation $he o%jecti6es of this test plan is to 6erif) composa%ilit) of the ,elia%ilit) function (as defined in *+- ,elia%ilit) with the most popular wa)s the a%o6e securit) functions are implemented in an *+-+ecurit) compliant manner. $he test suite designed here will re"uire that the implementations of *+-+ecurit) and *+-,elia%ilit) are composed in a particular wa). $his architecture should not need %e modified from one test case to the other. Aach candidate implementation (supporting %oth securit) and relia%ilit) must %e such that it can eBecute all test cases. $hese test cases are not s)mmetric: in order to demonstrate that end-points & and B ha6e e"ui6alent capa%ilit) regarding composition of relia%ilit) and securit). the same test suite must %e eBecuted twice. once dri6en from &. once dri6en from B. 1&1 Aut'entication &uthentication ma) appl) to an entit) (e.g. a person or to data. (n our conteBt. it can %e 6erified %): - username / password (e.g. in6ol6ing wsse:Csername$oken - digital (DME signature. in6ol6ing a pri6ate ke) on sender side (e.g. in6ol6ing +&ME:&ssertion token. and/or B10; token 2omposa%ilit) of these authentication use cases with relia%ilit) should %e 6erified. *e distinguish two scopes: pa)load (+4&' %od) and entire message (+4&' headers F %od). including ,elia%ilit) headers $he test cases will restrict to the practice recommended %) *+-+ecurit) and *+-( B+' -.0. 1&2 Data Integrity &t minimum. this in6ol6es a signed digest of the data (e.g. HM&2. &s the DME +ignature (+ignatureMethod used will include computation of such a digest and its signing (e.g. *+-,elia%ilit)/*++ (nteropera%ilit) $est +pecification &pril --. /001 2op)right 3 4&+(+ 4pen /005. &ll ,ights ,eser6ed. 'age / of 7 /8 /5 /1 /9 /: /7 /; 80 8- 8/ 88 85 81 89 8: 87 8; 50 5- 5/ 58 55 51 59 5: 57 5; 10 1- 1/ 18 15 11 19 1: 17 1; 90 9- 9/ 98 95 http://www.w8.org//000/0;/BmldsigGhmac-sha-. composa%ilit) of this use case with relia%ilit) will re"uire 6erif)ing composa%ilit) of the signing method in6ol6ed. *e distinguish the same scopes as for authentication. $he test cases will restrict to the practice recommended %) *+-+ecurit) and *+-( B+' -.0. 1&( %onfi$entiality (n6ol6es encr)ption of the pri6ate sections. using DME Ancr)ption. *e distinguish the same scopes as for authentication. $he test cases will restrict to the practice recommended %) *+-+ecurit) and *+-( B+' -.0 (with the eBception of en6eloped signatures in the latter. 1&) *on-repu$iation $wo cases are usuall) considered: non-repudiation of origin and non-repudiation of receipt. @on-repudiation of origin t)picall) in6ol6es the same techni"ues as authentication of sent data a%o6e. and therefore no new test case will %e pro6ided. @on-repudiation of receipt usuall) gi6es to the <receipt= some application-le6el semantics. such as schema 6alidation. etc. (n this case. a signed receipt message is sent %ack to the initial sender. $he securit) pattern in6ol6ed here is no different from the authentication use case a%o6e (%esides the fact it applies to an application-le6el receipt. @o test case need %e pro6ided here. that would 6erif) composa%ilit) aspects not 6erified %) the authentication test cases. $here is another option for @on-repudiation of receipt: since in *+-,elia%ilit) the acknowledgement is sent <on deli6er)=. we could consider that in some cases a deli6er) semantics (from the relia%ilit) module is sufficient for a receipt. (n this case a signed ,M ,epl) would %e sufficient. Howe6er. since it is not re"uired from *+-,elia%ilit) that the reception of ,M ,eplies (signed or not %e notified to the application ('roducer la)er. no test case will %e proposed for this option. (n summar). the composa%ilit) of non-repudiation use cases with relia%ilit) will either in6ol6e similar patterns as 6erified %) pre6ious test cases. or will in6ol6e a specific case (signed ,M ,eplies that would re"uire a securit)-aware implementation of the ,elia%ilit) module H which will not %e re"uired in this test suite. *+-,elia%ilit)/*++ (nteropera%ilit) $est +pecification &pril --. /001 2op)right 3 4&+(+ 4pen /005. &ll ,ights ,eser6ed. 'age 8 of 7 91 99 9: 97 9; :0 :- :/ :8 :5 :1 :9 :: :7 :; 70 7- 7/ 78 75 71 79 7: 77 7; ;0 ;- ;/ ;8 ;5 ;1 ;9 2 Test Suite $his document pro6ides a documentation a%out the 6arious test cases in6ol6ed. as well as the we% ser6ice applications. its &'(s. and its tools. and on how to deplo) the ser6ice application and hook up a client application with the client &'( of the test suite. 2&1 %o+ponents $he components of the test suite. descri%ed %) this specification. are the following: A ,eb ser-ice application" this application is represented %) a sample 'urchase 4rder e- commerce application.
Database Ser-er" this is the data%ase ser6er used %) the purchase order application to persists the re"uest messages.
Au$it Application" this is a we%-%ased application that pro6ide a 6iew of the contents of the data%ase. $hrough this application. a user can find out whether a certain purchase order re"uest has %een recei6ed %) the we% ser6ice application or not.
.ayloa$ /iles" these are DME files representing 6arious +4&' messages to %e used %) the test cases.
%onfiguration /ile" this is an DME file that will reside on the client side. and prescri%es *+- ,elia%ilit) agreement to %e used in each test case. 2&2 T'e ,eb ser-ice application $his is a sample purchase order application. $he %inaries of this application as well as a documentation on how to deplo) it will %e pro6ided with this specification. 2&( Au$it Application $his is a we%-%ased application that will %e deplo)ed on the ser6er side with the purchase order application. (ts purpose is to pro6ide a 6iew to remote users of what messages ha6e %een recei6ed %) the purchase order. 2&) Database Ser-er $his will %e a M)+IE #ata%ase +er6er. used %) the purchase order application to persists all the re"uest messages it recei6es. $he installation of this data%ase ser6er and its data%ase will %e pro6ided. *+-,elia%ilit)/*++ (nteropera%ilit) $est +pecification &pril --. /001 2op)right 3 4&+(+ 4pen /005. &ll ,ights ,eser6ed. 'age 5 of 7 ;: ;7 ;; -00 -0- -0/ -08 -05 -01 -09 -0: -07 -0; --0 --- --/ --8 --5 --1 --9 --: --7 --; -/0 -/- -// -/8 -/5 -/1 -/9 -/: -/7 -/; -80 -8- -8/ -88 -85 -81 2& .ayloa$s an$ %onfiguration files $he pa)load will %e represented %) a set of DME files containing the +4&' messages that will %e used %) the test cases when calling the <#ocument-Based= purchase order application. $hese DME files are not used if the client applications are calling the <,'2-%ased= purchase order. 2&0 TestSuite %lient A.I Ctilit) classes together with a documentation on their &'( will %e pro6ided with this specification. $he purpose of these utilit) classes is to ease the integration of client applications with the test suite. $hese utilit) classes perform the following tasks: 'ro6ide a proB) for the we% ser6ice. $he client application wonJt ha6e to compile the *+#E file to generate a proB). &ll what the client application will ha6e to do is simpl) use the utilit) classes to send the +4&' messages. Eoad the pa)load data: the utilit) classes can pre-load the pa)load data from the Bml files. and pro6ide the client application with a +4&' message read) to send. &ll what the client application will ha6e to do is onl) append the *+-,elia%ilit) headers to the +4&' message and then send it to the endpoint we% ser6ice. Eoad the *+-,elia%ilit) &greement: the utilit) classes can load a *+-,elia%ilit) agreement. represented in the form of an DME file. $he client application can ask the utilit) classes for the different parameters to use. and accordingl) will populate the +4&' message with the *+-,elia%ilit) headers and then send it. (n other words. the client application wonJt ha6e to %e a%le to parse the *+-,elia%ilit) agreement file. *+-,elia%ilit)/*++ (nteropera%ilit) $est +pecification &pril --. /001 2op)right 3 4&+(+ 4pen /005. &ll ,ights ,eser6ed. 'age 1 of 7 -89 -8: -87 -8; -50 -5- -5/ -58 -55 -51 -59 -5: -57 -5; -10 -1- -1/ -18 -15 -11 -19 -1: -17 ( Test %ases $here will %e a minimum of ten test cases for com%ining *+-,elia%ilit) and *++. $hese test cases are not a su%stitute for *+-,elia%ilit) interopera%ilit) tests. (t is assumed that the +4&' processors in6ol6ed in this interopera%ilit) test ha6e alread) passed the *+-,elia%ilit) interopera%ilit) test. (n all the ten test cases descri%ed %elow. from the point of 6iew of relia%ilit). all the +4&' message re"uests are to ha6e guaranteed deli6er) with duplicate elimination and a <2all%ack= repl) pattern. $his com%ination is enough. %ecause the goal of this test suite is not a%out *+-,elia%ilit) interopera%ilit). %ut a%out the composition of securit) and relia%ilit). Kurthermore. the relia%ilit) interopera%ilit) tests are assumed to ha6e %een passed prior to this composition test suite. &ll signatures and encr)ptions in this composition test suite. are accomplished using an D.10; certificate store. and the signatures are alwa)s detached. (&1 1serna+e Security Token Test 2T13 $his the first test case ($est G- and it consists in sending a <login= +4&' message re"uest with username/password in the *++ headers. $he we% ser6ice would response %) sending a %oolean 6alue indicating whether the login re"uest succeeded or not. (&2 SA4! Security Token Test 2T23 $his the second test case ($est G/ and it consists in sending a <login= +4&' message re"uest with a +&ME securit) token for authentication. $he we% ser6ice would response %) sending a %oolean 6alue indicating whether the login re"uest succeeded or not. (&( 506 Security Token Test 2T(3 $his the third test case ($est G 8 and it consists in sending a <login= +4&' message re"uest with an D.10; securit) token for authentication. $he we% ser6ice would response %) sending a %oolean 6alue indicating whether the login re"uest succeeded or not. (&) Sign 7o$y Test 2T)3 $his is the fourth test case ($est G 5 and it consists in sending a purchase order +4&' message re"uest with the +4&' %od) %eing signed. $he signature is a detached signature using an D.10; certificate store. *+-,elia%ilit)/*++ (nteropera%ilit) $est +pecification &pril --. /001 2op)right 3 4&+(+ 4pen /005. &ll ,ights ,eser6ed. 'age 9 of 7 -1; -90 -9- -9/ -98 -95 -91 -99 -9: -97 -9; -:0 -:- -:/ -:8 -:5 -:1 -:9 -:: -:7 -:; -70 -7- -7/ -78 -75 -71 -79 -7: -77 -7; -;0 -;- -;/ -;8 -;5 -;1 -;9 -;: -;7 (& Sign 7o$y an$ Reliability 'ea$ers Test 2T3 $his the fifth test case ($est G 1 and it consists in sending a purchase order +4&' message re"uest with the +4&' %od) and relia%ilit) headers %eing signed. $he signature would %e a detached signature using D.10;. (&0 7o$y #ncryption Test 2T03 $his is test case G 9 and it consists in sending a purchase order +4&' message re"uest with the +4&' %od) %eing encr)pted with D.10;. (&8 #ncryption of bo$y an$ reliability 'ea$ers Test 2T83 $his is test case G : and it consists in sending a purchase order +4&' message re"uest where %oth the +4&' %od) and relia%ilit) headers %eing encr)pted with D.10;. (&9 /irst Test an$ /ourt' Test co+bine$ 2T93 $his is test case G 7 and it consists in sending a purchase order +4&' message re"uest with the +4&' %od) %eing signed. and the *++ header containing a username securit) token. $he signature is a detached one using D.10;. (&6 T'ir$ Test an$ Se-ent' Test co+bine$ 2T63 $his is test case G ; and it consists in sending a purchase order +4&' message re"uest with the +4&' %od) and relia%ilit) headers %eing encr)pted with D.10;. and the *++ header containing an D.10; for authentication. (&10 /irst, /ift', an$ Si:t' Test co+bine$ 2T103 This is test case G -0 and it consists in sending a purchase order +4&' message re"uest with the +4&' %od) and relia%ilit) headers %eing signed. the +4&' %od) %eing encr)pted. and the *++ header containing a securit) username token for authentication. $he signature is detached. and %oth the signature and encr)ption are using D.10;. *+-,elia%ilit)/*++ (nteropera%ilit) $est +pecification &pril --. /001 2op)right 3 4&+(+ 4pen /005. &ll ,ights ,eser6ed. 'age : of 7 -;; /00 /0- /0/ /08 /05 /01 /09 /0: /07 /0; /-0 /-- /-/ /-8 /-5 /-1 /-9 /-: /-7 /-; //0 //- /// //8 //5 //1 //9 //: //7 //; /80 /8- /8/ A& *otices 4&+(+ takes no position regarding the 6alidit) or scope of an) intellectual propert) or other rights that might %e claimed to pertain to the implementation or use of the technolog) descri%ed in this document or the eBtent to which an) license under such rights might or might not %e a6aila%leL neither does it represent that it has made an) effort to identif) an) such rights. (nformation on 4&+(+Js procedures with respect to rights in 4&+(+ specifications can %e found at the 4&+(+ we%site. 2opies of claims of rights made a6aila%le for pu%lication and an) assurances of licenses to %e made a6aila%le. or the result of an attempt made to o%tain a general license or permission for the use of such proprietar) rights %) implementors or users of this specification. can %e o%tained from the 4&+(+ ABecuti6e #irector. 4&+(+ in6ites an) interested part) to %ring to its attention an) cop)rights. patents or patent applications. or other proprietar) rights which ma) co6er technolog) that ma) %e re"uired to implement this specification. 'lease address the information to the 4&+(+ ABecuti6e #irector. %opyrig't ; <ASIS <pen 200)& All Rights Reserved. $his document and translations of it ma) %e copied and furnished to others. and deri6ati6e works that comment on or otherwise eBplain it or assist in its implementation ma) %e prepared. copied. pu%lished and distri%uted. in whole or in part. without restriction of an) kind. pro6ided that the a%o6e cop)right notice and this paragraph are included on all such copies and deri6ati6e works. Howe6er. this document itself does not %e modified in an) wa). such as %) remo6ing the cop)right notice or references to 4&+(+. eBcept as needed for the purpose of de6eloping 4&+(+ specifications. in which case the procedures for cop)rights defined in the 4&+(+ (ntellectual 'ropert) ,ights document must %e followed. or as re"uired to translate it into languages other than Anglish. $he limited permissions granted a%o6e are perpetual and will not %e re6oked %) 4&+(+ or its successors or assigns. $his document and the information contained herein is pro6ided on an <&+ (+= %asis and 4&+(+ #(+2E&(M+ &EE *&,,&@$(A+. AD',A++ 4, (M'E(A#. (@2EC#(@M BC$ @4$ E(M($A# $4 &@N *&,,&@$N $H&$ $HA C+A 4K $HA (@K4,M&$(4@ HA,A(@ *(EE @4$ (@K,(@MA &@N ,(MH$+ 4, &@N (M'E(A# *&,,&@$(A+ 4K MA,2H&@$&B(E($N 4, K($@A++ K4, & '&,$(2CE&, 'C,'4+A. *+-,elia%ilit)/*++ (nteropera%ilit) $est +pecification &pril --. /001 2op)right 3 4&+(+ 4pen /005. &ll ,ights ,eser6ed. 'age 7 of 7 /88 /85 /81 /89 /8: /87 /8; /50 /5- /5/ /58 /55 /51 /59 /5: /57 /5; /10 /1- /1/ /18 /15 /11 /19 /1: /17 /1;