Back to Security Pattern Catalog




Message Inspector


Classification Key : Perimeter Security, Tampering

Problem

Every incoming message has to go through a validation phase. These messages may contain malicious content or XML messages from unauthorized parties, which are a potential threat to the service provider. Traditional security mechanism like firewalls and packet filtering systems do not secure and verify the content and cannot handle threats at the application level. How can the XML security implementation be designed such that it does not add complexity and does not make it tedious to process application-specific content?

Solution

Use modular or pluggable component that can be integrated with infrastructure service components that handle pre-processing and post-processing of incoming and outgoing SOAP and XML messages. Combine a chain of tasks intended for identifying message-level specific headers, dissecting the header elements, and verifying the message for the key security requirements specified by the service provider. Verify and Validate SOAP message and its headers for standards compliance such as WS-Security, SAML, WS-I Basic security profile etc. Identify the data origin and verify the integrity of the message payload and its elements using WS-Security and XMLDSIG. Verify the confidentiality of the message using WS-Security and XMLENC. The Message Inspector acts as a security decision point for enforcing all the security policies applicable to accessing a service endpoint.

Known Uses

A message inspector validating using WS-Security tags in the SOAP header.

Related Patterns

Message Interceptor Gateway, Policy Enforcement Point

Source

Sun Book

Tags

XML, Application Layer, Interceptor


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz