Advanced Topics in Data Communications

Compiled from several online resources

ISQS 6341November 2002

Outline Grid computing Web service Web service security

Grid Computing

Beyond the Net, lies the Grid.

The Net allows users everywhere to share information.

The Grid will allow users to share raw computing power.

It’s under construction.

It’s for real.Used to construct:

collaborative engineering systems real-time instrument control systems problem solving environments to perform record-setting scientific

simulations.

What is a Grid? persistent networked environments

integrating geographically distributed supercomputers, large databases, and high end instruments

coordinated resource sharing and problem solving in dynamic virtual organizations

Grid computing is related to

but not identical with

Distributed computing

Parallel computing

Pervasive computing

Who is building them? Demonstration – SC98

TransPac link from Internet2 to APAN

NASA, DOE, DOD, NSF

The goal is to create …

A scalable, seamless extension of your access point through pervasive networks

to a set of resources tied together by a set of ubiquitous

common distributed services.

A scalable, seamless extension of your access point through pervasive networks to a set of resources

tied together by common services.

Building on the Internet, the WWW

Uniform naming

A seamless, scalable information service

A powerful new meta-data language: XML

SOAP - simple object access protocol - Uses XML for message encoding, HTTP for protocol. XML-RPC may become standard mechanism for Grid

Services.

Useful links: High Performance Computing Support

http://www.indiana.edu/~rac/hpc/ Class Web Pages

http://dpis.engr.iupui.edu/Courses/ee595.htm http://www.cs.indiana.edu/classes/b649/

Laboratories http://www.iumsc.indiana.edu/ http://www.engr.iupui.edu/cfdlab/ http://www.indiana.edu/~uits/hpnap/

Indiana Pervasive Computing Research (IPCRES) Initiative http://www.indiana.edu/~ovpit/ipcres/

Grid Computing Info Centre (GRID Infoware) http://www.gridcomputing.com/

EnterTheGrid http://www.hoise.com/enterthegrid/

NASA’s Information Power Grid http://www.nas.nasa,gov/About/IPG/ipg.html

GriPhyN / ATLAS in NY Times http://www.nytimes.com/2000/09/28/technology/28NEXT.html

Web Service

What is web service? Web-based application architecture Main players and standards

Microsoft: .NET SUN: Open Net Environment (ONE) IBM: Web Service Conceptual Architecture

(WSCA) W3C: Web Service Workshop Oracle: Web Service Broker Hewlett-Packard: Web Service Platform

Web Services standards

WSDL Web Services Description Language http://www.w3.org/TR/wsdl

descriptions of Web Services UDDI Universal Discovery, Description &

Integration http://www.uddi.org/specification.html registries containing service descriptions

SOAP Simple Object Access Protocol http://www.w3.org/TR/SOAP/

transport protocol for communication between Web Services

Emerging standards: WSRP, WSIA, WSXL…….

Simple Object Access Protocol (SOAP) A way for a program running in one kind of OS to

communicate with a program in the same or another kind of OS by using HTTP and XML as the mechanisms for information exchange.

SOAP specifies exactly how to encode an HTTP header and an XML file so that a program in one computer can call a program in another computer and pass it information. It also specifies how the called program can return a response.

IBM Web Services model

Service

registry

Service

provider

Service

requestorFind

Publis

h BindWSDL

UDDI

WSDL

SOAP

WSDL UDDI

Service Registries

UDDI Web Service standard Global public registry Private registries

JISC Information Environment registry Grid Service registry

Service type Service instance

Functionality Registries are dynamic services Implement searching across multiple registries

New Web Services compliant products ?

Metadata Schema Registries

CORES http://www.cores-eu.net/ a forum on shared metadata vocabularies.

Standards Interoperability Forum in November A Metadata Registry for the Semantic Web

Rachel Heery (UKOLN) & Harry Wagner (OCLC) D-Lib May 2002

Metadata for Education Group (MEG) http://www.ukoln.ac.uk/metadata/education/regproj/

Demo of registry at Workshop in September

2nd Joint UKOLN / NeSC workshop Autumn 2002 focussing on exchange of practical experience

Web Service security

Internet Week 3.29.2002

“Many companies have been caught by surprise by the lack of inherent security in Web services protocols.”

Surprise implies the mismatching expectation, and expectation implies knowledge or ignorance.

Security Facts Every security system is vulnerable Security can be difficult to implement and

manage Security services consume resources Federation requires a flexible set of services

ComplexityComplexity

Tim

e toT

ime to

Co

mp

rom

iseC

om

pro

mise

What is XML Web Services?

Standards based, modular messaging architecture to enable loosely-coupled computing Standards

Define message composition Define message processing

Will enable end-to-end messaging systems

InteroperabilityInteroperability

Standards that enable End-to-End Web service security

Cryptography and Security Primer Ciphers (Can enable confidentiality) Key Distribution Digital Signatures (Can enables integrity)

XML Signature Data Integrity Repudiation

XML Encryption Encryption

WS-Security

Cryptography Ciphers Asymmetric Cipher = non-matching keys

One key for encryption One key for decryption Does not require exchange of keys Examples

RSA (variable key size)

AA XXXXTextText CiphertextCiphertext

AATextText

Cryptography Key Agreement

Synchronous Real-time key agreement e.g.

exchange over HTTPS Asynchronous

Off-line agreement Diffie-Hellman

Used by XML Encryption

Digital Signatures Enables integrity and non-repudiation

E-Sign Act, June 2000 RSA, DSA or HMAC (symmetric key) Relies on Hashing

InputRange(ADASADDAFA) = OutputRange(XSDAD) Examples

Secure Hash Algorithm (SHA) SHA1 creates a 20 byte digest of any binary data

AA

TextTextSigned DigestSigned DigestSHASHA

xsd….xsd….

DigestDigest

RSARSAPrivate KeyPrivate Key

xsd….xsd….

AA

xsd….xsd….

Public KeyPublic Key

XML Signature http://www.w3.org/TR/xmldsig-core/

XML syntax used to represent a digital signature over any digital content

Verified whether a message was altered during transit

Enables non-repudiation Sign specific portions of the XML

document or message One-way transformation via private key Defined schema

WS-Security 1.0

A specification for proposed SOAP extensions to be used when building secure Web services. Supercedes the following specifications

SOAP-SEC Microsoft’s WS-Security, WS-License IBM’s security token and encryption

Dependent upon XML DIGSIG, XML Encryption, XML Schema, SOAP…

Defined schema

WS-Security 1.0

What Enhancements to SOAP Quality of protection

Integrity Confidentiality Authentication

Token Association Token Encoding

Designed to be composed with other Web service protocols

Is not a complete security solution

WS-Security 1.0

Who Joint effort – IBM, Microsoft, VeriSign

When

SOAP

WS-Security

WS-Policy WS-Trust

WS-Federation

WS-Privacy

WS-Authorization WS-Secure Conversation

Refer to Security Roadmap – http://msdn.microsoft.com/webservicesRefer to Security Roadmap – http://msdn.microsoft.com/webservices

TodayToday

WS-Security 1.0

Security Model Security Token + Digital Signature = Proof of Key

Possession

ClaimsClaimsPublic KeyPublic Key

Private KeyPrivate Key

++ ==

WS-Security 1.0

Trust Model Security Token

Unendorsed = Not signed by an authority Proof-of-Possession = claim that can be mutually

verified Endorsed = Signed by an authority

??

Signing AuthoritySigning Authority

WS-Security 1.0

Protection Integrity = XML Signature + Security

Tokens Confidentiality = XML Encryption +

Security Tokens

WS-Security 1.0 Core building blocks

<Security> <UsernameToken> <BinarySecurityToken> <SecurityTokenReference> <ds:KeyInfo> <ds:Signature> <xenc:EncryptedData <xenc:EcryptedKey> …

Processing rules and error handling

Wrap-Up Resources

WS-Security (http://msdn.microsoft.com/webservices)

XML Security (Blake Dournaee – RSA Press)

Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition (Bruce Schneier – Wiley)

CAPICOM (Refer to the Platform SDK)