Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November...
-
Upload
cornelia-cannon -
Category
Documents
-
view
220 -
download
0
Transcript of Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November...
![Page 1: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/1.jpg)
Advanced Topics in Data Communications
Compiled from several online resources
ISQS 6341November 2002
![Page 2: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/2.jpg)
Outline Grid computing Web service Web service security
![Page 3: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/3.jpg)
Grid Computing
![Page 4: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/4.jpg)
Beyond the Net, lies the Grid.
The Net allows users everywhere to share information.
The Grid will allow users to share raw computing power.
It’s under construction.
![Page 5: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/5.jpg)
It’s for real.Used to construct:
collaborative engineering systems real-time instrument control systems problem solving environments to perform record-setting scientific
simulations.
![Page 6: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/6.jpg)
What is a Grid? persistent networked environments
integrating geographically distributed supercomputers, large databases, and high end instruments
coordinated resource sharing and problem solving in dynamic virtual organizations
![Page 7: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/7.jpg)
Grid computing is related to
but not identical with
Distributed computing
Parallel computing
Pervasive computing
![Page 8: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/8.jpg)
Who is building them? Demonstration – SC98
TransPac link from Internet2 to APAN
NASA, DOE, DOD, NSF
![Page 9: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/9.jpg)
The goal is to create …
A scalable, seamless extension of your access point through pervasive networks
to a set of resources tied together by a set of ubiquitous
common distributed services.
![Page 10: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/10.jpg)
A scalable, seamless extension of your access point through pervasive networks to a set of resources
tied together by common services.
![Page 11: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/11.jpg)
Building on the Internet, the WWW
Uniform naming
A seamless, scalable information service
A powerful new meta-data language: XML
SOAP - simple object access protocol - Uses XML for message encoding, HTTP for protocol. XML-RPC may become standard mechanism for Grid
Services.
![Page 12: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/12.jpg)
Useful links: High Performance Computing Support
http://www.indiana.edu/~rac/hpc/ Class Web Pages
http://dpis.engr.iupui.edu/Courses/ee595.htm http://www.cs.indiana.edu/classes/b649/
Laboratories http://www.iumsc.indiana.edu/ http://www.engr.iupui.edu/cfdlab/ http://www.indiana.edu/~uits/hpnap/
Indiana Pervasive Computing Research (IPCRES) Initiative http://www.indiana.edu/~ovpit/ipcres/
Grid Computing Info Centre (GRID Infoware) http://www.gridcomputing.com/
EnterTheGrid http://www.hoise.com/enterthegrid/
NASA’s Information Power Grid http://www.nas.nasa,gov/About/IPG/ipg.html
GriPhyN / ATLAS in NY Times http://www.nytimes.com/2000/09/28/technology/28NEXT.html
![Page 13: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/13.jpg)
Web Service
![Page 14: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/14.jpg)
What is web service? Web-based application architecture Main players and standards
Microsoft: .NET SUN: Open Net Environment (ONE) IBM: Web Service Conceptual Architecture
(WSCA) W3C: Web Service Workshop Oracle: Web Service Broker Hewlett-Packard: Web Service Platform
![Page 15: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/15.jpg)
Web Services standards
WSDL Web Services Description Language http://www.w3.org/TR/wsdl
descriptions of Web Services UDDI Universal Discovery, Description &
Integration http://www.uddi.org/specification.html registries containing service descriptions
SOAP Simple Object Access Protocol http://www.w3.org/TR/SOAP/
transport protocol for communication between Web Services
Emerging standards: WSRP, WSIA, WSXL…….
![Page 16: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/16.jpg)
Simple Object Access Protocol (SOAP) A way for a program running in one kind of OS to
communicate with a program in the same or another kind of OS by using HTTP and XML as the mechanisms for information exchange.
SOAP specifies exactly how to encode an HTTP header and an XML file so that a program in one computer can call a program in another computer and pass it information. It also specifies how the called program can return a response.
![Page 17: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/17.jpg)
IBM Web Services model
Service
registry
Service
provider
Service
requestorFind
Publis
h BindWSDL
UDDI
WSDL
SOAP
WSDL UDDI
![Page 18: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/18.jpg)
Service Registries
UDDI Web Service standard Global public registry Private registries
JISC Information Environment registry Grid Service registry
Service type Service instance
Functionality Registries are dynamic services Implement searching across multiple registries
New Web Services compliant products ?
![Page 19: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/19.jpg)
Metadata Schema Registries
CORES http://www.cores-eu.net/ a forum on shared metadata vocabularies.
Standards Interoperability Forum in November A Metadata Registry for the Semantic Web
Rachel Heery (UKOLN) & Harry Wagner (OCLC) D-Lib May 2002
Metadata for Education Group (MEG) http://www.ukoln.ac.uk/metadata/education/regproj/
Demo of registry at Workshop in September
2nd Joint UKOLN / NeSC workshop Autumn 2002 focussing on exchange of practical experience
![Page 20: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/20.jpg)
Web Service security
![Page 21: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/21.jpg)
Internet Week 3.29.2002
“Many companies have been caught by surprise by the lack of inherent security in Web services protocols.”
Surprise implies the mismatching expectation, and expectation implies knowledge or ignorance.
![Page 22: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/22.jpg)
Security Facts Every security system is vulnerable Security can be difficult to implement and
manage Security services consume resources Federation requires a flexible set of services
ComplexityComplexity
Tim
e toT
ime to
Co
mp
rom
iseC
om
pro
mise
![Page 23: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/23.jpg)
What is XML Web Services?
Standards based, modular messaging architecture to enable loosely-coupled computing Standards
Define message composition Define message processing
Will enable end-to-end messaging systems
InteroperabilityInteroperability
![Page 24: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/24.jpg)
Standards that enable End-to-End Web service security
Cryptography and Security Primer Ciphers (Can enable confidentiality) Key Distribution Digital Signatures (Can enables integrity)
XML Signature Data Integrity Repudiation
XML Encryption Encryption
WS-Security
![Page 25: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/25.jpg)
Cryptography Ciphers Asymmetric Cipher = non-matching keys
One key for encryption One key for decryption Does not require exchange of keys Examples
RSA (variable key size)
AA XXXXTextText CiphertextCiphertext
AATextText
![Page 26: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/26.jpg)
Cryptography Key Agreement
Synchronous Real-time key agreement e.g.
exchange over HTTPS Asynchronous
Off-line agreement Diffie-Hellman
Used by XML Encryption
![Page 27: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/27.jpg)
Digital Signatures Enables integrity and non-repudiation
E-Sign Act, June 2000 RSA, DSA or HMAC (symmetric key) Relies on Hashing
InputRange(ADASADDAFA) = OutputRange(XSDAD) Examples
Secure Hash Algorithm (SHA) SHA1 creates a 20 byte digest of any binary data
AA
TextTextSigned DigestSigned DigestSHASHA
xsd….xsd….
DigestDigest
RSARSAPrivate KeyPrivate Key
xsd….xsd….
AA
xsd….xsd….
Public KeyPublic Key
![Page 28: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/28.jpg)
XML Signature http://www.w3.org/TR/xmldsig-core/
XML syntax used to represent a digital signature over any digital content
Verified whether a message was altered during transit
Enables non-repudiation Sign specific portions of the XML
document or message One-way transformation via private key Defined schema
![Page 29: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/29.jpg)
WS-Security 1.0
A specification for proposed SOAP extensions to be used when building secure Web services. Supercedes the following specifications
SOAP-SEC Microsoft’s WS-Security, WS-License IBM’s security token and encryption
Dependent upon XML DIGSIG, XML Encryption, XML Schema, SOAP…
Defined schema
![Page 30: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/30.jpg)
WS-Security 1.0
What Enhancements to SOAP Quality of protection
Integrity Confidentiality Authentication
Token Association Token Encoding
Designed to be composed with other Web service protocols
Is not a complete security solution
![Page 31: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/31.jpg)
WS-Security 1.0
Who Joint effort – IBM, Microsoft, VeriSign
When
SOAP
WS-Security
WS-Policy WS-Trust
WS-Federation
WS-Privacy
WS-Authorization WS-Secure Conversation
Refer to Security Roadmap – http://msdn.microsoft.com/webservicesRefer to Security Roadmap – http://msdn.microsoft.com/webservices
TodayToday
![Page 32: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/32.jpg)
WS-Security 1.0
Security Model Security Token + Digital Signature = Proof of Key
Possession
ClaimsClaimsPublic KeyPublic Key
Private KeyPrivate Key
++ ==
![Page 33: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/33.jpg)
WS-Security 1.0
Trust Model Security Token
Unendorsed = Not signed by an authority Proof-of-Possession = claim that can be mutually
verified Endorsed = Signed by an authority
??
Signing AuthoritySigning Authority
![Page 34: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/34.jpg)
WS-Security 1.0
Protection Integrity = XML Signature + Security
Tokens Confidentiality = XML Encryption +
Security Tokens
![Page 35: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/35.jpg)
WS-Security 1.0 Core building blocks
<Security> <UsernameToken> <BinarySecurityToken> <SecurityTokenReference> <ds:KeyInfo> <ds:Signature> <xenc:EncryptedData <xenc:EcryptedKey> …
Processing rules and error handling
![Page 36: Advanced Topics in Data Communications Compiled from several online resources ISQS 6341 November 2002.](https://reader035.fdocuments.net/reader035/viewer/2022062517/56649ef65503460f94c0aa0a/html5/thumbnails/36.jpg)
Wrap-Up Resources
WS-Security (http://msdn.microsoft.com/webservices)
XML Security (Blake Dournaee – RSA Press)
Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition (Bruce Schneier – Wiley)
CAPICOM (Refer to the Platform SDK)