WebSphere Commerce security model
Authentication is the process of verifying that users or applications are who they claim to be. In a Commerce system, authentication is required for all users and applications accessing the system, with the exception of guest customers. The user authentication process is configured by default to be performed under SSL. This ensures that a third party using network-sniffing programs cannot snoop on the network when a user submits a password. Passwords are never decrypted during the authentication process, as is the common security practice. All user passwords are one-way hashed using the SHA-1 hashing scheme and encrypted using a 128-bit key based on the merchant key. The use of one-way hashing ensures that user passwords are not decipherable by anyone, including the site or system administrator. The merchant key is specified during installation and configuration of the Commerce system.
The Commerce system has its own passwords for administration purposes. These passwords should periodically be changed as part of a Commerce site-wide security policy.
What is authorization?
Authorization is the process of determining whether a user can perform a specific operation on a resource. Authorization is determined from the access control policies governing Commerce resources. In a Commerce system, access control is needed in two areas:
- Protect Commerce EJB beans from unauthorized access.
- To ensure that only authorized parties can execute different groups of Commerce commands.
What are access control policies?
Assuming that you have finished defining the organizations and users that will participate in the e-commerce site, you can now manage their activities through a set of policies, a process referred to as access control.
An access control policy is a rule that describes which group of users is authorized to perform particular activities on the site. These activities can range from registration, to managing auctions, to updating the product catalog, and granting approvals on orders, as well as any of the hundreds of other activities required to operate and maintain an e-commerce site.
The policies are what grants users access to the site. Unless they are authorized to perform their responsibilities through one or more access control policies, users have no access to any of the site's functions.
The authorization model for Commerce is based upon the enforcement of access control policies. Access control policies are enforced by the access control Policy Manager. In general, when a user attempts to access a protectable resource, the access control policy manager first determines what access control policies are applicable for that user and then, based upon the applicable access control policies, it determines if the user is allowed to perform the requested operation on the given resource.
What is an audit trail?
In computing, an audit trail is used to refer to electronic or paper logs that are used to track computer activity. For example, an employee might have access to a portion of a corporate network such as account receivable, but may not be authorized to access other portions of the system, such as payroll. If that employee attempts to access an unauthorized section by typing in passwords, this improper activity is recorded in the audit trail.
In e-commerce systems, audit trails are used to record customer activity. An audit trail records a customer's initial contact with the system as well as subsequent actions such as payment and delivery of the product or service. Companies can use the audit trail to respond to any inquiries or complaints. It can also use the audit trail to reconcile accounts, to provide analysis and historical information for future planning and budgeting, and to provide a record of sales in case of a tax audit.
Audit trails can also be used to investigate computer crimes over cyberspace and the internet.
To expose an individual conducting malicious attacks on a system, investigators can follow the audit trail left by the perpetrator. Sometimes the perpetrators of cyber crimes unknowingly leave behind audit trails in activity logs with their internet service providers or perhaps through chat room logs.
What is confidentiality?
Confidentiality is the process of protecting sensitive information from being deciphered by unintended recipients. In the Commerce system, confidentiality is required when sensitive information flows from the user's browser to the Commerce Server, and back from the Commerce Server to the user's browser. Using SSL provides confidentiality for this scenario.
Confidentiality is also a strong requirement in the area of session management. Because the Hypertext Transfer Protocol (HTTP) protocol is state less, a cookie is commonly used to continuously identify the user to the Commerce Server. If this cookie is stolen, then the user account can be compromised. This is commonly known as session hijacking. Commerce prevents session hijacking by using unique features of the cookie specifications as discussed in Session management.
Commerce uses the industry standard Triple DES (data encryption standard) algorithm to protect sensitive information, such as passwords and credit card data.