Topic 12

clappingknaveΛογισμικό & κατασκευή λογ/κού

14 Δεκ 2013 (πριν από 3 χρόνια και 7 μήνες)

69 εμφανίσεις

Advanced Topics in
Data Communications


Compiled from several online resources



ISQS 6341

November 2002

Outline


Grid computing


Web service


Web service security

Grid Computing

Beyond the Net, lies the Grid.


The Net allows users everywhere to share


information.



The Grid will allow users to share


raw computing power.




It’s under construction.

It’s for real.

Used to construct:



collaborative engineering systems


real
-
time instrument control systems


problem solving environments


to perform record
-
setting scientific simulations.



What is a Grid?


persistent networked environments integrating
geographically distributed
supercomputers
,
large databases
, and
high end instruments




coordinated resource sharing and problem
solving in
dynamic virtual

organizations

Grid computing is related to

but not identical with



Distributed computing



Parallel computing




Pervasive computing


Who is building them?


Demonstration


SC98


TransPac link from Internet2 to APAN










NASA, DOE, DOD, NSF

The goal is to create …


A scalable, seamless extension


of your access point


through pervasive networks



to a set of resources



tied together by a set of ubiquitous



common distributed services
.


A scalable, seamless extension of your access point

through pervasive networks to a set of resources

tied together by
common

services.

Building on the Internet, the
WWW


Uniform naming




A seamless, scalable information service



A powerful new meta
-
data language: XML



SOAP
-

simple object access protocol
-



Uses XML for message encoding, HTTP for protocol.


XML
-
RPC may become standard mechanism for Grid Services.


Useful links:


High Performance Computing Support


http://www.indiana.edu/~rac/hpc/


Class Web Pages


http://dpis.engr.iupui.edu/Courses/ee595.htm


http://www.cs.indiana.edu/classes/b649/


Laboratories


http://www.iumsc.indiana.edu/


http://www.engr.iupui.edu/cfdlab/


http://www.indiana.edu/~uits/hpnap/


Indiana Pervasive Computing Research (IPCRES) Initiative


http://www.indiana.edu/~ovpit/ipcres/


Grid Computing Info Centre (GRID Infoware)


http://www.gridcomputing.com/


EnterTheGrid


http://www.hoise.com/enterthegrid/


NASA’s Information Power Grid


http://www.nas.nasa,gov/About/IPG/ipg.html


GriPhyN / ATLAS in NY Times


http://www.nytimes.com/2000/09/28/technology/28NEXT.html


Web Service

What is web service?


Web
-
based application architecture


Main players and standards


Microsoft: .NET


SUN:
Open Net Environment

(ONE)


IBM: Web Service Conceptual Architecture (WSCA)


W3C: Web Service Workshop


Oracle: Web Service Broker


Hewlett
-
Packard: Web Service Platform

Web Services standards


WSDL Web Services Description Language
http://www.w3.org/TR/wsdl


descriptions of Web Services



UDDI Universal Discovery, Description & Integration
http://www.uddi.org/specification.html


registries containing service descriptions



SOAP Simple Object Access Protocol
http://www.w3.org/TR/SOAP/


transport protocol for communication between Web Services




Emerging standards: WSRP, WSIA, WSXL…….

Simple Object Access Protocol
(SOAP)


A way for a program running in one kind of OS to
communicate with a program in the same or another
kind of OS by using
HTTP

and
XML

as the
mechanisms for information exchange.


SOAP specifies exactly how to encode an HTTP
header and an XML file so that a program in one
computer can call a program in another computer
and pass it information. It also specifies how the
called program can return a response.


IBM Web Services model





Service

registry

Service

provider

Service

requestor

Find

WSDL

UDDI

WSDL

SOAP

WSDL UDDI

Service Registries


UDDI Web Service standard


Global public registry


Private registries


JISC Information Environment registry


Grid Service registry


Service type


Service instance


Functionality


Registries are dynamic services


Implement searching across multiple registries


New Web Services compliant products ?

Metadata Schema Registries


CORES
http://www.cores
-
eu.net/
a forum
on shared metadata vocabularies.


Standards Interoperability Forum in November


A Metadata Registry for the Semantic Web Rachel
Heery (UKOLN) & Harry Wagner (OCLC)
D
-
Lib May 2002



Metadata for Education Group (MEG)
http://www.ukoln.ac.uk/metadata/education/regproj/


Demo of registry at

Workshop in September



2
nd

Joint UKOLN / NeSC workshop Autumn 2002


focussing on exchange of practical experience

Web Service security

Internet Week 3.29.2002


“Many companies have been caught
by
surprise

by the lack of inherent
security in Web services protocols.”


Surprise implies the mismatching
expectation, and expectation implies
knowledge or ignorance.

Security Facts


Every security system is vulnerable


Security can be difficult to implement and manage


Security services consume resources


Federation requires a flexible set of services

Complexity

Time to

Compromise

What is XML Web Services?


Standards based, modular messaging
architecture to enable loosely
-
coupled
computing


Standards


Define message composition


Define message processing


Will enable end
-
to
-
end messaging systems

Interoperability

Standards that enable End
-
to
-
End
Web service security


Cryptography and Security Primer


Ciphers (Can enable confidentiality)


Key Distribution


Digital Signatures (Can enables integrity)


XML Signature


Data Integrity


Repudiation


XML Encryption


Encryption


WS
-
Security

Cryptography Ciphers


Asymmetric Cipher = non
-
matching keys


One key for encryption


One key for decryption


Does not require exchange of keys


Examples


RSA (variable key size)

A

XX

Text

Ciphertext

A

Text

Cryptography Key Agreement


Synchronous


Real
-
time key agreement e.g. exchange
over HTTPS


Asynchronous


Off
-
line agreement


Diffie
-
Hellman


Used by XML Encryption

Digital Signatures


Enables integrity and non
-
repudiation


E
-
Sign Act, June 2000



RSA, DSA or HMAC (symmetric key)


Relies on Hashing


InputRange(ADASADDAFA) = OutputRange(XSDAD)


Examples


Secure Hash Algorithm (SHA)


SHA1 creates a 20 byte digest of any binary data

A

Text

Signed Digest

SHA

xsd….

Digest

RSA

Private Key

xsd….

A

xsd….

Public Key

XML Signature


http://www.w3.org/TR/xmldsig
-
core/


XML syntax used to represent a digital
signature over any digital content


Verified whether a message was altered
during transit


Enables non
-
repudiation


Sign specific portions of the XML document
or message


One
-
way transformation via private key


Defined schema

WS
-
Security
1.0


A specification for proposed SOAP
extensions to be used when building
secure Web services.


Supercedes the following specifications


SOAP
-
SEC


Microsoft’s WS
-
Security, WS
-
License


IBM’s security token and encryption


Dependent upon XML DIGSIG, XML
Encryption, XML Schema, SOAP…


Defined schema

WS
-
Security
1.0


What Enhancements to SOAP


Quality of protection


Integrity


Confidentiality


Authentication


Token Association


Token Encoding


Designed to be composed with other Web
service protocols


Is not a complete security solution

WS
-
Security
1.0


Who


Joint effort


IBM, Microsoft, VeriSign


When

SOAP


WS
-
Security


WS
-
Policy


WS
-
Trust


WS
-
Federation

WS
-
Privacy


WS
-
Authorization

WS
-
Secure
Conversation

Refer to Security Roadmap


http://msdn.microsoft.com/webservices

Today

WS
-
Security
1.0


Security Model



Security Token + Digital Signature = Proof of Key
Possession

Claims

Public Key

Private Key

+

=

WS
-
Security
1.0


Trust Model


Security Token


Unendorsed = Not signed by an authority


Proof
-
of
-
Possession = claim that can be mutually
verified


Endorsed = Signed by an authority

?

Signing Authority

WS
-
Security
1.0


Protection



Integrity = XML Signature + Security Tokens


Confidentiality = XML Encryption + Security
Tokens

WS
-
Security
1.0


Core building blocks


<Security>


<UsernameToken>


<BinarySecurityToken>


<SecurityTokenReference>


<ds:KeyInfo>


<ds:Signature>


<xenc:EncryptedData


<xenc:EcryptedKey>





Processing rules and error handling

Wrap
-
Up


Resources


WS
-
Security
(http://msdn.microsoft.com/webservices)


XML Security (Blake Dournaee


RSA Press)


Applied Cryptography: Protocols, Algorithms,
and Source Code in C, 2nd Edition (Bruce
Schneier


Wiley)


CAPICOM (Refer to the Platform SDK)