Inside The Open Group

A Report on Emerging Technology and Standards

Secure Web: Safer for the Enterprise



The Secure Web project uses DCE to bring enhanced security to data on the World Wide Web.

By Dean Adams

As an interface to distributed information, World Wide Web browsers are compelling. With a minimum of training, users can gain access to multimedia information stored anywhere in the world. Judging by the amount of traffic on the Internet attributed to Web browsers and servers, the Web is living up to its potential for the widespread sharing of public information.

The same features that make the Web so compelling for access to public data make it attractive to enterprises that want to share private data easily and inexpensively. However, this usage involves other issues. The problem is to take a technology designed for open access to public information by an unknown set of users, and make it suitable for delivering selective access to sensitive information by a known set of users or groups. The Secure Web project at The Open Group Research Institute is an effort to address this problem. Secure Web provides an infrastructure for secure enterprise use of the Web based on the Open Software Foundation's Distributed Computing Environment (OSF DCE).

Secure Web provides client, server and other software that enterprises can use for secure access to Web documents, server scripts and other services made available via the Web interface. Secure Web can provide mutual authentication of Web clients and servers, encrypted and integrity-protected channels for communication of Web data, and individual- and group-identity-based access control over Web documents. Using the DCE cell model, an enterprise can use Secure Web to establish a consistent set of security policies over any realm of Web users, documents and services. In addition, Secure Web provides a means for integration between its security and the online commerce mechanisms, such as the secure sockets layer (SSL), currently being deployed on the Web.

Secure Web also provides services beyond security. For example, it uses the DCE naming services to provide for location-independent addressing of Web documents. This means that Secure Web universal resource locators (URLs) do not become stale when documents and servers are moved. It also facilitates replication of documents for faster and more reliable service, because multiple copies of a document can be addressed via the same URL.

Of interest to IS managers is that the DCE requirements on the client side are light. Commercial implementations of the Secure Web technology, such as the one from Gradient Technology of Burlington, NJ, install all the client software automatically, just like any other Microsoft Windows application. A small piece of software called Secure Local Proxy (SLP) is installed on the client machine, along with DCE runtime libraries in the form of Windows dynamic link libraries (DLLs). The DCE runtime libraries for client platforms not supported by commercial Secure Web-based products typically can be obtained from that platform's vendor or a third party. SLP provides the principal means for client browsers to access a Secure Web (a set of objects and links under the control of a Secure Web server) securely. SLP runs on the client machine along with a standard Web browser without modification of the browser.

On the server side, two DCE services--security and naming--must be in place. If a company already has a DCE infrastructure, the content of that entire environment is ready, if desired, for selective access via the Web by authorized users. The Secure Web server, WanD (Web and DCE), makes it possible. WanD is a high-performance, multithreaded Web server that can communicate with Web browsers using either standard Hypertext Transfer Protocol (HTTP) or protocols based on DCE remote procedure calls (RPCs). It provides a solution for enterprises that want both standard Web access and the secure access available via Secure Web. To ease integration with existing Web installations, the WanD server can function as a DCE front end to existing commercial Web servers.

How It's Done

Secure Web uses DCE RPCs to carry the Web's HTTP between Web client and server. The result is that a browser and server using the Secure Web software gain access to all the DCE services "built-in" to the DCE RPC mechanism, including full security, in an essentially transparent manner.

The WanD server provides full access to DCE security services. The server can authenticate all Secure Web requests using authenticated DCE RPCs and make authorization decisions based on DCE access control lists (ACLs) that protect access to each object managed by the server. Secure Web ACLs define a set of permissions that describe the actions specific users and groups of users are permitted to take. These include typical file-system-type permissions such as read, write and execute (r, w, x), as well as permissions specifically designed for the Web environment. For example, it is possible to set Privacy (P) permission on a object to indicate that it may be retrieved only via an encrypted channel.

The server extends the standard DCE ACL mechanism by providing sparse ACLs: A single copy-on-write ACL can protect access to a whole subtree of Web documents. In this way whole classes of documents may come under consistent protection with minimal administrative overhead. The server also makes use of the DCE naming services to locate documents, supporting Secure Web's location-independent style of URLs. The URL of a document on a Secure Web server typically includes a DCE name and need not contain a specific server address. The server finds the document by querying the DCE name service, which returns a binding to the document's current location.

The server's private document namespace is joined to a DCE cell's namespace. In addition, the namespace of one Secure Web server can be mounted within the namespace of another. The point where namespaces join is called a junction. Junctions make it possible to move whole trees of Web documents to new servers without changing the URLs through which the documents are accessed. This means that, as the size of document trees grows or the number of accesses increases, enterprises can transparently add new servers to handle the growing load. Junctions also make it possible to add specialized servers to handle specific types of requests. For example, a separate server (or servers) accessed via a junction can handle CGI requests, which may involve specialized server-side processing such as database queries.

The Secure Web technology is intended to provide a high level of Web security without a high level of complexity. You can grant access to documents that your company's employees, customers and business partners need while prohibiting access to unauthorized users. And, in this case, you don't have to worry about adding excessive overhead to client machines already burdened by the requirements of modern operating systems and application software. On the server side, the DCE environment that supports the Secure Web technology can range from a single machine hosting the Secure Web server, the DCE services and the documents for the Web site, to a DCE environment spanning multiple machines, geographic locations and file systems. Secure Web has the potential to bring the benefits of the Web and the DCE infrastructure to a much broader audience.

Dean Adams is manager of security and electronic commerce for X/Open Co. He can be reached at d.adams@xopen.co.uk.