Introduction

I introduced the “Samples 2009″ project series in this post. This – Secure Password Storage (SPS) – is the first project of the series. An introduction to SPS, and some of the initial design considerations, follows.

Before that, though, it’s important to note that the primary requirement for this project is that it must complete the Certified for Windows Vista logo process. We will document everything we do to prepare for and accomplish the logo certification.

Why should we do a sample project for logo certification? Well, we’re doing it because the Windows logo program is important, both to Microsoft and to the Windows ISV (Independent Software Vendors) community. First, the logo program helps to solidify the bond between Microsoft and the ISVs. Second, the program helps steer ISVs into the Microsoft Partner Program (and vice-versa). Speaking from personal experience, ISVs can benefit from these programs just as much as Microsoft does.

The third reason for undergoing logo certification is the most important: it improves the end-user experience by testing for common mistakes. On Vista, those mistakes tend to be related to UAC (User Account Control), both at install time (MSI) and run-time (elevation).

Fourth: as critical as the logo program is, it can be a complex process, with a steep learning curve for first-time users. First-timers tend to be small companies with significant time and budget sensitivity.

Thus, this project will demystify the logo program by completing it and documenting each step in detail.

In addition to the certification requirement, we need to build a sample that’s interesting and useful in its own right. As stated in the introductory post above, we’ll be including a professionally designed WPF user interface.

Secure Password Storage

With those requirements in mind, SPS is the software that we’ll be developing for this project. SPS will allow companies, or teams, to securely store website passwords for accounts that must be accessible to multiple people. Examples include MSDN (for a software team) or an online business checking account (for management or an accounting team).

SPS will use a three-tier architecture: there’s a WPF client that allows access to and management of the stored passwords, there’s a web service that exposes the data and enforces access control, and there’s a SQL database that stores the user data and encrypted passwords.

As an aside, I’d like to thank fellow Enterprise Security MVP Dana Epp for the idea of SPS.

The current developer specification draft can be found here.

Per-Password Security for SPS

As early as we are in the design phase for SPS, we’ve already identified what I believe will be the primary architectural question for the application: namely, how to control per-user access to each stored password. We’ve researched a few alternatives:

AzMan: For an introduction to the use of the Windows Authorization Manager feature in .NET, see this article. It’s not clear that AzMan, which is primarily for role-based access control, is the best solution for WPS, though, because we really only have two roles: regular users and the application administrator. The problem we face is a proliferation of data items, each of which requires its own ACL (Access Control List).

SQL row security: There’s a good article here about how this can be done. This approach involves creating a view for the sensitive table that consists only of rows for which the requesting user is listed as a reader (for example in a “Readers” column, or elsewhere). This introduces complexity in the form of SQL programming. It may be the way to go, but we need to do more research.

Enforcement via the web service: Finally, we could implement basically what SQL does, but instead process the approved lists of per-row readers and writers “manually” in the web service. This is a common approach and would move the complexity out of the SQL stored procedures and into ASP.NET. But it’s still nasty to have to roll your own access control. Again, more research is needed.

Additional SPS Project Notes

Since we’re still in the design phase, and don’t have any source code to publish yet, I haven’t created the CodePlex site for the SPS project. However, again, a link to the current dev spec is above, and comments are welcome.

The tag for blog posts relating to SPS is “Secure Password Storage”.

1 Comment »