+ All Categories
Home > Documents > Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November...

Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November...

Date post: 03-Jan-2016
Category:
Upload: cornelia-cannon
View: 215 times
Download: 0 times
Share this document with a friend
Popular Tags:
36
Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002
Transcript
Page 1: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Advanced Topics in Data Communications

Compiled from several online resources

ISQS 6341November 2002

Page 2: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Outline Grid computing Web service Web service security

Page 3: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Grid Computing

Page 4: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Beyond the Net, lies the Grid.

The Net allows users everywhere to share information.

The Grid will allow users to share raw computing power.

It’s under construction.

Page 5: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

It’s for real.Used to construct:

collaborative engineering systems real-time instrument control systems problem solving environments to perform record-setting scientific

simulations.

Page 6: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

What is a Grid? persistent networked environments

integrating geographically distributed supercomputers, large databases, and high end instruments

coordinated resource sharing and problem solving in dynamic virtual organizations

Page 7: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Grid computing is related to

but not identical with

Distributed computing

Parallel computing

Pervasive computing

Page 8: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Who is building them? Demonstration – SC98

TransPac link from Internet2 to APAN

NASA, DOE, DOD, NSF

Page 9: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

The goal is to create …

A scalable, seamless extension of your access point through pervasive networks

to a set of resources tied together by a set of ubiquitous

common distributed services.

Page 10: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

A scalable, seamless extension of your access point through pervasive networks to a set of resources

tied together by common services.

Page 11: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Building on the Internet, the WWW

Uniform naming

A seamless, scalable information service

A powerful new meta-data language: XML

SOAP - simple object access protocol - Uses XML for message encoding, HTTP for protocol. XML-RPC may become standard mechanism for Grid

Services.

Page 12: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Useful links: High Performance Computing Support

http://www.indiana.edu/~rac/hpc/ Class Web Pages

http://dpis.engr.iupui.edu/Courses/ee595.htm http://www.cs.indiana.edu/classes/b649/

Laboratories http://www.iumsc.indiana.edu/ http://www.engr.iupui.edu/cfdlab/ http://www.indiana.edu/~uits/hpnap/

Indiana Pervasive Computing Research (IPCRES) Initiative http://www.indiana.edu/~ovpit/ipcres/

Grid Computing Info Centre (GRID Infoware) http://www.gridcomputing.com/

EnterTheGrid http://www.hoise.com/enterthegrid/

NASA’s Information Power Grid http://www.nas.nasa,gov/About/IPG/ipg.html

GriPhyN / ATLAS in NY Times http://www.nytimes.com/2000/09/28/technology/28NEXT.html

Page 13: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Web Service

Page 14: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

What is web service? Web-based application architecture Main players and standards

Microsoft: .NET SUN: Open Net Environment (ONE) IBM: Web Service Conceptual Architecture

(WSCA) W3C: Web Service Workshop Oracle: Web Service Broker Hewlett-Packard: Web Service Platform

Page 15: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Web Services standards

WSDL Web Services Description Language http://www.w3.org/TR/wsdl

descriptions of Web Services UDDI Universal Discovery, Description &

Integration http://www.uddi.org/specification.html registries containing service descriptions

SOAP Simple Object Access Protocol http://www.w3.org/TR/SOAP/

transport protocol for communication between Web Services

Emerging standards: WSRP, WSIA, WSXL…….

Page 16: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Simple Object Access Protocol (SOAP) A way for a program running in one kind of OS to

communicate with a program in the same or another kind of OS by using HTTP and XML as the mechanisms for information exchange.

SOAP specifies exactly how to encode an HTTP header and an XML file so that a program in one computer can call a program in another computer and pass it information. It also specifies how the called program can return a response.

Page 17: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

IBM Web Services model

Service

registry

Service

provider

Service

requestorFind

Publis

h BindWSDL

UDDI

WSDL

SOAP

WSDL UDDI

Page 18: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Service Registries

UDDI Web Service standard Global public registry Private registries

JISC Information Environment registry Grid Service registry

Service type Service instance

Functionality Registries are dynamic services Implement searching across multiple registries

New Web Services compliant products ?

Page 19: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Metadata Schema Registries

CORES http://www.cores-eu.net/ a forum on shared metadata vocabularies.

Standards Interoperability Forum in November A Metadata Registry for the Semantic Web

Rachel Heery (UKOLN) & Harry Wagner (OCLC) D-Lib May 2002

Metadata for Education Group (MEG) http://www.ukoln.ac.uk/metadata/education/regproj/

Demo of registry at Workshop in September

2nd Joint UKOLN / NeSC workshop Autumn 2002 focussing on exchange of practical experience

Page 20: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Web Service security

Page 21: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Internet Week 3.29.2002

“Many companies have been caught by surprise by the lack of inherent security in Web services protocols.”

Surprise implies the mismatching expectation, and expectation implies knowledge or ignorance.

Page 22: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Security Facts Every security system is vulnerable Security can be difficult to implement and

manage Security services consume resources Federation requires a flexible set of services

ComplexityComplexity

Tim

e toT

ime to

Co

mp

rom

iseC

om

pro

mise

Page 23: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

What is XML Web Services?

Standards based, modular messaging architecture to enable loosely-coupled computing Standards

Define message composition Define message processing

Will enable end-to-end messaging systems

InteroperabilityInteroperability

Page 24: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Standards that enable End-to-End Web service security

Cryptography and Security Primer Ciphers (Can enable confidentiality) Key Distribution Digital Signatures (Can enables integrity)

XML Signature Data Integrity Repudiation

XML Encryption Encryption

WS-Security

Page 25: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Cryptography Ciphers Asymmetric Cipher = non-matching keys

One key for encryption One key for decryption Does not require exchange of keys Examples

RSA (variable key size)

AA XXXXTextText CiphertextCiphertext

AATextText

Page 26: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Cryptography Key Agreement

Synchronous Real-time key agreement e.g.

exchange over HTTPS Asynchronous

Off-line agreement Diffie-Hellman

Used by XML Encryption

Page 27: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Digital Signatures Enables integrity and non-repudiation

E-Sign Act, June 2000 RSA, DSA or HMAC (symmetric key) Relies on Hashing

InputRange(ADASADDAFA) = OutputRange(XSDAD) Examples

Secure Hash Algorithm (SHA) SHA1 creates a 20 byte digest of any binary data

AA

TextTextSigned DigestSigned DigestSHASHA

xsd….xsd….

DigestDigest

RSARSAPrivate KeyPrivate Key

xsd….xsd….

AA

xsd….xsd….

Public KeyPublic Key

Page 28: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

XML Signature http://www.w3.org/TR/xmldsig-core/

XML syntax used to represent a digital signature over any digital content

Verified whether a message was altered during transit

Enables non-repudiation Sign specific portions of the XML

document or message One-way transformation via private key Defined schema

Page 29: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

WS-Security 1.0

A specification for proposed SOAP extensions to be used when building secure Web services. Supercedes the following specifications

SOAP-SEC Microsoft’s WS-Security, WS-License IBM’s security token and encryption

Dependent upon XML DIGSIG, XML Encryption, XML Schema, SOAP…

Defined schema

Page 30: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

WS-Security 1.0

What Enhancements to SOAP Quality of protection

Integrity Confidentiality Authentication

Token Association Token Encoding

Designed to be composed with other Web service protocols

Is not a complete security solution

Page 31: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

WS-Security 1.0

Who Joint effort – IBM, Microsoft, VeriSign

When

SOAP

WS-Security

WS-Policy WS-Trust

WS-Federation

WS-Privacy

WS-Authorization WS-Secure Conversation

Refer to Security Roadmap – http://msdn.microsoft.com/webservicesRefer to Security Roadmap – http://msdn.microsoft.com/webservices

TodayToday

Page 32: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

WS-Security 1.0

Security Model Security Token + Digital Signature = Proof of Key

Possession

ClaimsClaimsPublic KeyPublic Key

Private KeyPrivate Key

++ ==

Page 33: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

WS-Security 1.0

Trust Model Security Token

Unendorsed = Not signed by an authority Proof-of-Possession = claim that can be mutually

verified Endorsed = Signed by an authority

??

Signing AuthoritySigning Authority

Page 34: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

WS-Security 1.0

Protection Integrity = XML Signature + Security

Tokens Confidentiality = XML Encryption +

Security Tokens

Page 35: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

WS-Security 1.0 Core building blocks

<Security> <UsernameToken> <BinarySecurityToken> <SecurityTokenReference> <ds:KeyInfo> <ds:Signature> <xenc:EncryptedData <xenc:EcryptedKey> …

Processing rules and error handling

Page 36: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.

Wrap-Up Resources

WS-Security (http://msdn.microsoft.com/webservices)

XML Security (Blake Dournaee – RSA Press)

Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition (Bruce Schneier – Wiley)

CAPICOM (Refer to the Platform SDK)


Recommended