Advanced Topics in Data Communications ISQS 6341 November 2002
Download
Report
Transcript Advanced Topics in Data Communications ISQS 6341 November 2002
Advanced Topics in
Data Communications
Compiled from several online resources
ISQS 6341
November 2002
Outline
Grid computing
Web service
Web service security
Grid Computing
Beyond the Net, lies the Grid.
The Net allows users everywhere to share
information.
The Grid will allow users to share
raw computing power.
It’s under construction.
It’s for real.
Used to construct:
collaborative engineering systems
real-time instrument control systems
problem solving environments
to perform record-setting scientific simulations.
What is a Grid?
persistent networked environments integrating
geographically distributed supercomputers,
large databases, and high end instruments
coordinated resource sharing and problem
solving in dynamic virtual organizations
Grid computing is related to
but not identical with
Distributed computing
Parallel computing
Pervasive computing
Who is building them?
Demonstration – SC98
TransPac link from Internet2 to APAN
NASA, DOE, DOD, NSF
The goal is to create …
A scalable, seamless extension
of your access point
through pervasive networks
to a set of resources
tied together by a set of ubiquitous
common distributed services.
A scalable, seamless extension of your access point
through pervasive networks to a set of resources
tied together by common services.
Building on the Internet, the
WWW
Uniform naming
A seamless, scalable information service
A powerful new meta-data language: XML
SOAP - simple object access protocol
Uses XML for message encoding, HTTP for protocol.
XML-RPC may become standard mechanism for Grid Services.
Useful links:
High Performance Computing Support
http://www.indiana.edu/~rac/hpc/
Class Web Pages
Laboratories
http://www.hoise.com/enterthegrid/
NASA’s Information Power Grid
http://www.gridcomputing.com/
EnterTheGrid
http://www.indiana.edu/~ovpit/ipcres/
Grid Computing Info Centre (GRID Infoware)
http://www.iumsc.indiana.edu/
http://www.engr.iupui.edu/cfdlab/
http://www.indiana.edu/~uits/hpnap/
Indiana Pervasive Computing Research (IPCRES) Initiative
http://dpis.engr.iupui.edu/Courses/ee595.htm
http://www.cs.indiana.edu/classes/b649/
http://www.nas.nasa,gov/About/IPG/ipg.html
GriPhyN / ATLAS in NY Times
http://www.nytimes.com/2000/09/28/technology/28NEXT.html
Web Service
What is web service?
Web-based application architecture
Main players and standards
Microsoft: .NET
SUN: Open Net Environment (ONE)
IBM: Web Service Conceptual Architecture (WSCA)
W3C: Web Service Workshop
Oracle: Web Service Broker
Hewlett-Packard: Web Service Platform
Web Services standards
WSDL Web Services Description Language
http://www.w3.org/TR/wsdl
UDDI Universal Discovery, Description & Integration
http://www.uddi.org/specification.html
registries containing service descriptions
SOAP Simple Object Access Protocol
http://www.w3.org/TR/SOAP/
descriptions of Web Services
transport protocol for communication between Web Services
Emerging standards: WSRP, WSIA, WSXL…….
Simple Object Access Protocol
(SOAP)
A way for a program running in one kind of OS to
communicate with a program in the same or another
kind of OS by using HTTP and XML as the
mechanisms for information exchange.
SOAP specifies exactly how to encode an HTTP
header and an XML file so that a program in one
computer can call a program in another computer
and pass it information. It also specifies how the
called program can return a response.
IBM Web Services model
Service
provider
WSDL
WSDL
UDDI
SOAP
Service
Service
registry
requestor
Find
WSDL UDDI
Service Registries
UDDI Web Service standard
JISC Information Environment registry
Grid Service registry
Service type
Service instance
Functionality
Global public registry
Private registries
Registries are dynamic services
Implement searching across multiple registries
New Web Services compliant products ?
Metadata Schema Registries
CORES http://www.cores-eu.net/
on shared metadata vocabularies.
Standards Interoperability Forum in November
A Metadata Registry for the Semantic Web
Heery (UKOLN) & Harry Wagner (OCLC) D-Lib May 2002
Metadata for Education Group (MEG)
http://www.ukoln.ac.uk/metadata/education/regproj/
Demo of registry at Workshop in September
2nd Joint UKOLN / NeSC workshop Autumn 2002
a forum
focussing on exchange of practical experience
Rachel
Web Service security
Internet Week 3.29.2002
“Many companies have been caught
by surprise by the lack of inherent
security in Web services protocols.”
Surprise implies the mismatching
expectation, and expectation implies
knowledge or ignorance.
Security Facts
Every security system is vulnerable
Security can be difficult to implement and manage
Security services consume resources
Federation requires a flexible set of services
Time to
Compromise
Complexity
What is XML Web Services?
Standards based, modular messaging
architecture to enable loosely-coupled
computing
Standards
Define message composition
Define message processing
Interoperability
Will enable end-to-end messaging systems
Standards that enable End-to-End
Web service security
Cryptography and Security Primer
XML Signature
Data Integrity
Repudiation
XML Encryption
Ciphers (Can enable confidentiality)
Key Distribution
Digital Signatures (Can enables integrity)
Encryption
WS-Security
Cryptography Ciphers
Asymmetric Cipher = non-matching keys
One key for encryption
One key for decryption
Does not require exchange of keys
Examples
RSA (variable key size)
Text
Ciphertext
Text
A
XX
A
Cryptography Key Agreement
Synchronous
Asynchronous
Real-time key agreement e.g. exchange
over HTTPS
Off-line agreement
Diffie-Hellman
Used by XML Encryption
Digital Signatures
Enables integrity and non-repudiation
E-Sign Act, June 2000
RSA, DSA or HMAC (symmetric key)
Relies on Hashing
InputRange(ADASADDAFA) = OutputRange(XSDAD)
Examples
Secure Hash Algorithm (SHA)
Text
A
SHA
SHA1 creates a 20 byte digest of any binary data
Digest
xsd….
RSA
Private Key
Signed Digest
Public Key
xsd….
xsd….
A
XML Signature
http://www.w3.org/TR/xmldsig-core/
XML syntax used to represent a digital
signature over any digital content
Verified whether a message was altered
during transit
Enables non-repudiation
Sign specific portions of the XML document
or message
One-way transformation via private key
Defined schema
WS-Security
1.0
A specification for proposed SOAP
extensions to be used when building
secure Web services.
Supercedes the following specifications
SOAP-SEC
Microsoft’s WS-Security, WS-License
IBM’s security token and encryption
Dependent upon XML DIGSIG, XML
Encryption, XML Schema, SOAP…
Defined schema
WS-Security
What Enhancements to SOAP
Quality of protection
1.0
Integrity
Confidentiality
Authentication
Token Association
Token Encoding
Designed to be composed with other Web
service protocols
Is not a complete security solution
WS-Security
Who
Today
1.0
Joint effort – IBM, Microsoft, VeriSign
When
WS-Secure
Conversation
WS-Federation
WS-Authorization
WS-Policy
WS-Trust
WS-Privacy
WS-Security
SOAP
Refer to Security Roadmap – http://msdn.microsoft.com/webservices
WS-Security
1.0
Security Model
Security Token + Digital Signature = Proof of Key
Possession
+
Claims
Public Key
=
Private Key
WS-Security
1.0
Trust Model
Security Token
Unendorsed = Not signed by an authority
Proof-of-Possession = claim that can be mutually
verified
Endorsed = Signed by an authority
?
Signing Authority
WS-Security
1.0
Protection
Integrity = XML Signature + Security Tokens
Confidentiality = XML Encryption + Security
Tokens
WS-Security
Core building blocks
<Security>
1.0
<UsernameToken>
<BinarySecurityToken>
<SecurityTokenReference>
<ds:KeyInfo>
<ds:Signature>
<xenc:EncryptedData
<xenc:EcryptedKey>
…
Processing rules and error handling
Wrap-Up
Resources
WS-Security
(http://msdn.microsoft.com/webservices)
XML Security (Blake Dournaee – RSA Press)
Applied Cryptography: Protocols, Algorithms,
and Source Code in C, 2nd Edition (Bruce
Schneier – Wiley)
CAPICOM (Refer to the Platform SDK)