We call a complex system distributed environment, if the processing and storing of data happens on different physical machines, even on geographical distant places.
Thus the need to build such communication system between these machines, where even sensitive data can flow freely. Portecting not just the outer network (internet), but the inner network (intranet) as well is rewarding, since a significant amount of the attacks happens from the inside.
Ergo we need to provide the integrity, confidentiality, and non-repudiation of sensitive data, that travels between the sender system and the receiving system.
By data integrity, we mean that data is not modified during its travel, it arrives to the receiving system exactly as the sender system sent it.
By confidentiality, we mean that during its travel data could neither be accessed, nor read by unauthorized people or systems.
By non repudiation of data, we mean that the sender party can be accurately identified as the sender.
We ensure integrity by digital signature, confidentiality by digital encryption, and non repudiation of data by properly using private/public keys – which are needed for the previous two anyway.
In this work I discuss, how we can meet these requirements in distributed environment.
I mention the basic concepts of digital encryption and signing. I introduce the the basics of SSL protocol, and a provide a counterexample for using only SSL in distributed environtment.
I address the WS-Security (Web Service Security) standard created by the OASIS group, and some of the many different attacks it provides protection against.
Finally, I present the operation of WS-Security through an implementation using IBM Message Broker integration system.