Inside The Open Group
A Report on Emerging Technology and Standards
Secure Web: Safer for the Enterprise
The Secure Web project uses DCE to bring enhanced security to data on
the World Wide Web.
By Dean Adams
As an interface to distributed information, World Wide Web browsers
are compelling. With a minimum of training, users can gain access to multimedia
information stored anywhere in the world. Judging by the amount of traffic
on the Internet attributed to Web browsers and servers, the Web is living
up to its potential for the widespread sharing of public information.
The same features that make the Web so compelling for access to public data
make it attractive to enterprises that want to share private data easily
and inexpensively. However, this usage involves other issues. The problem
is to take a technology designed for open access to public information by
an unknown set of users, and make it suitable for delivering selective access
to sensitive information by a known set of users or groups. The Secure Web
project at The Open Group Research Institute is an effort to address this
problem. Secure Web provides an infrastructure for secure enterprise use
of the Web based on the Open Software Foundation's Distributed Computing
Environment (OSF DCE).
Secure Web provides client, server and other software that enterprises can
use for secure access to Web documents, server scripts and other services
made available via the Web interface. Secure Web can provide mutual authentication
of Web clients and servers, encrypted and integrity-protected channels for
communication of Web data, and individual- and group-identity-based access
control over Web documents. Using the DCE cell model, an enterprise can
use Secure Web to establish a consistent set of security policies over any
realm of Web users, documents and services. In addition, Secure Web provides
a means for integration between its security and the online commerce mechanisms,
such as the secure sockets layer (SSL), currently being deployed on the
Secure Web also provides services beyond security. For example, it uses
the DCE naming services to provide for location-independent addressing of
Web documents. This means that Secure Web universal resource locators (URLs)
do not become stale when documents and servers are moved. It also facilitates
replication of documents for faster and more reliable service, because multiple
copies of a document can be addressed via the same URL.
Of interest to IS managers is that the DCE requirements on the client side
are light. Commercial implementations of the Secure Web technology, such
as the one from Gradient Technology of Burlington, NJ, install all the client
software automatically, just like any other Microsoft Windows application.
A small piece of software called Secure Local Proxy (SLP) is installed on
the client machine, along with DCE runtime libraries in the form of Windows
dynamic link libraries (DLLs). The DCE runtime libraries for client platforms
not supported by commercial Secure Web-based products typically can be obtained
from that platform's vendor or a third party. SLP provides the principal
means for client browsers to access a Secure Web (a set of objects and links
under the control of a Secure Web server) securely. SLP runs on the client
machine along with a standard Web browser without modification of the browser.
On the server side, two DCE services--security and naming--must be in place.
If a company already has a DCE infrastructure, the content of that entire
environment is ready, if desired, for selective access via the Web by authorized
users. The Secure Web server, WanD (Web and DCE), makes it possible. WanD
is a high-performance, multithreaded Web server that can communicate with
Web browsers using either standard Hypertext Transfer Protocol (HTTP) or
protocols based on DCE remote procedure calls (RPCs). It provides a solution
for enterprises that want both standard Web access and the secure access
available via Secure Web. To ease integration with existing Web installations,
the WanD server can function as a DCE front end to existing commercial Web
How It's Done
Secure Web uses DCE RPCs to carry the Web's HTTP between Web client and
server. The result is that a browser and server using the Secure Web software
gain access to all the DCE services "built-in" to the DCE RPC
mechanism, including full security, in an essentially transparent manner.
The WanD server provides full access to DCE security services. The server
can authenticate all Secure Web requests using authenticated DCE RPCs and
make authorization decisions based on DCE access control lists (ACLs) that
protect access to each object managed by the server. Secure Web ACLs define
a set of permissions that describe the actions specific users and groups
of users are permitted to take. These include typical file-system-type permissions
such as read, write and execute (r, w, x), as well as permissions specifically
designed for the Web environment. For example, it is possible to set Privacy
(P) permission on a object to indicate that it may be retrieved only via
an encrypted channel.
The server extends the standard DCE ACL mechanism by providing sparse ACLs:
A single copy-on-write ACL can protect access to a whole subtree of Web
documents. In this way whole classes of documents may come under consistent
protection with minimal administrative overhead. The server also makes use
of the DCE naming services to locate documents, supporting Secure Web's
location-independent style of URLs. The URL of a document on a Secure Web
server typically includes a DCE name and need not contain a specific server
address. The server finds the document by querying the DCE name service,
which returns a binding to the document's current location.
The server's private document namespace is joined to a DCE cell's namespace.
In addition, the namespace of one Secure Web server can be mounted within
the namespace of another. The point where namespaces join is called a junction.
Junctions make it possible to move whole trees of Web documents to new servers
without changing the URLs through which the documents are accessed. This
means that, as the size of document trees grows or the number of accesses
increases, enterprises can transparently add new servers to handle the growing
load. Junctions also make it possible to add specialized servers to handle
specific types of requests. For example, a separate server (or servers)
accessed via a junction can handle CGI requests, which may involve specialized
server-side processing such as database queries.
The Secure Web technology is intended to provide a high level of Web security
without a high level of complexity. You can grant access to documents that
your company's employees, customers and business partners need while prohibiting
access to unauthorized users. And, in this case, you don't have to worry
about adding excessive overhead to client machines already burdened by the
requirements of modern operating systems and application software. On the
server side, the DCE environment that supports the Secure Web technology
can range from a single machine hosting the Secure Web server, the DCE services
and the documents for the Web site, to a DCE environment spanning multiple
machines, geographic locations and file systems. Secure Web has the potential
to bring the benefits of the Web and the DCE infrastructure to a much broader
Dean Adams is manager of security and electronic commerce
for X/Open Co. He can be reached at firstname.lastname@example.org.