Upload
cornelia-cannon
View
218
Download
0
Tags:
Embed Size (px)
Citation preview
Advanced Topics in Data Communications
Compiled from several online resources
ISQS 6341November 2002
Outline Grid computing Web service Web service security
Grid Computing
Beyond the Net, lies the Grid.
The Net allows users everywhere to share information.
The Grid will allow users to share raw computing power.
It’s under construction.
It’s for real.Used to construct:
collaborative engineering systems real-time instrument control systems problem solving environments to perform record-setting scientific
simulations.
What is a Grid? persistent networked environments
integrating geographically distributed supercomputers, large databases, and high end instruments
coordinated resource sharing and problem solving in dynamic virtual organizations
Grid computing is related to
but not identical with
Distributed computing
Parallel computing
Pervasive computing
Who is building them? Demonstration – SC98
TransPac link from Internet2 to APAN
NASA, DOE, DOD, NSF
The goal is to create …
A scalable, seamless extension of your access point through pervasive networks
to a set of resources tied together by a set of ubiquitous
common distributed services.
A scalable, seamless extension of your access point through pervasive networks to a set of resources
tied together by common services.
Building on the Internet, the WWW
Uniform naming
A seamless, scalable information service
A powerful new meta-data language: XML
SOAP - simple object access protocol - Uses XML for message encoding, HTTP for protocol. XML-RPC may become standard mechanism for Grid
Services.
Useful links: High Performance Computing Support
http://www.indiana.edu/~rac/hpc/ Class Web Pages
http://dpis.engr.iupui.edu/Courses/ee595.htm http://www.cs.indiana.edu/classes/b649/
Laboratories http://www.iumsc.indiana.edu/ http://www.engr.iupui.edu/cfdlab/ http://www.indiana.edu/~uits/hpnap/
Indiana Pervasive Computing Research (IPCRES) Initiative http://www.indiana.edu/~ovpit/ipcres/
Grid Computing Info Centre (GRID Infoware) http://www.gridcomputing.com/
EnterTheGrid http://www.hoise.com/enterthegrid/
NASA’s Information Power Grid http://www.nas.nasa,gov/About/IPG/ipg.html
GriPhyN / ATLAS in NY Times http://www.nytimes.com/2000/09/28/technology/28NEXT.html
Web Service
What is web service? Web-based application architecture Main players and standards
Microsoft: .NET SUN: Open Net Environment (ONE) IBM: Web Service Conceptual Architecture
(WSCA) W3C: Web Service Workshop Oracle: Web Service Broker Hewlett-Packard: Web Service Platform
Web Services standards
WSDL Web Services Description Language http://www.w3.org/TR/wsdl
descriptions of Web Services UDDI Universal Discovery, Description &
Integration http://www.uddi.org/specification.html registries containing service descriptions
SOAP Simple Object Access Protocol http://www.w3.org/TR/SOAP/
transport protocol for communication between Web Services
Emerging standards: WSRP, WSIA, WSXL…….
Simple Object Access Protocol (SOAP) A way for a program running in one kind of OS to
communicate with a program in the same or another kind of OS by using HTTP and XML as the mechanisms for information exchange.
SOAP specifies exactly how to encode an HTTP header and an XML file so that a program in one computer can call a program in another computer and pass it information. It also specifies how the called program can return a response.
IBM Web Services model
Service
registry
Service
provider
Service
requestorFind
Publis
h BindWSDL
UDDI
WSDL
SOAP
WSDL UDDI
Service Registries
UDDI Web Service standard Global public registry Private registries
JISC Information Environment registry Grid Service registry
Service type Service instance
Functionality Registries are dynamic services Implement searching across multiple registries
New Web Services compliant products ?
Metadata Schema Registries
CORES http://www.cores-eu.net/ a forum on shared metadata vocabularies.
Standards Interoperability Forum in November A Metadata Registry for the Semantic Web
Rachel Heery (UKOLN) & Harry Wagner (OCLC) D-Lib May 2002
Metadata for Education Group (MEG) http://www.ukoln.ac.uk/metadata/education/regproj/
Demo of registry at Workshop in September
2nd Joint UKOLN / NeSC workshop Autumn 2002 focussing on exchange of practical experience
Web Service security
Internet Week 3.29.2002
“Many companies have been caught by surprise by the lack of inherent security in Web services protocols.”
Surprise implies the mismatching expectation, and expectation implies knowledge or ignorance.
Security Facts Every security system is vulnerable Security can be difficult to implement and
manage Security services consume resources Federation requires a flexible set of services
ComplexityComplexity
Tim
e toT
ime to
Co
mp
rom
iseC
om
pro
mise
What is XML Web Services?
Standards based, modular messaging architecture to enable loosely-coupled computing Standards
Define message composition Define message processing
Will enable end-to-end messaging systems
InteroperabilityInteroperability
Standards that enable End-to-End Web service security
Cryptography and Security Primer Ciphers (Can enable confidentiality) Key Distribution Digital Signatures (Can enables integrity)
XML Signature Data Integrity Repudiation
XML Encryption Encryption
WS-Security
Cryptography Ciphers Asymmetric Cipher = non-matching keys
One key for encryption One key for decryption Does not require exchange of keys Examples
RSA (variable key size)
AA XXXXTextText CiphertextCiphertext
AATextText
Cryptography Key Agreement
Synchronous Real-time key agreement e.g.
exchange over HTTPS Asynchronous
Off-line agreement Diffie-Hellman
Used by XML Encryption
Digital Signatures Enables integrity and non-repudiation
E-Sign Act, June 2000 RSA, DSA or HMAC (symmetric key) Relies on Hashing
InputRange(ADASADDAFA) = OutputRange(XSDAD) Examples
Secure Hash Algorithm (SHA) SHA1 creates a 20 byte digest of any binary data
AA
TextTextSigned DigestSigned DigestSHASHA
xsd….xsd….
DigestDigest
RSARSAPrivate KeyPrivate Key
xsd….xsd….
AA
xsd….xsd….
Public KeyPublic Key
XML Signature http://www.w3.org/TR/xmldsig-core/
XML syntax used to represent a digital signature over any digital content
Verified whether a message was altered during transit
Enables non-repudiation Sign specific portions of the XML
document or message One-way transformation via private key Defined schema
WS-Security 1.0
A specification for proposed SOAP extensions to be used when building secure Web services. Supercedes the following specifications
SOAP-SEC Microsoft’s WS-Security, WS-License IBM’s security token and encryption
Dependent upon XML DIGSIG, XML Encryption, XML Schema, SOAP…
Defined schema
WS-Security 1.0
What Enhancements to SOAP Quality of protection
Integrity Confidentiality Authentication
Token Association Token Encoding
Designed to be composed with other Web service protocols
Is not a complete security solution
WS-Security 1.0
Who Joint effort – IBM, Microsoft, VeriSign
When
SOAP
WS-Security
WS-Policy WS-Trust
WS-Federation
WS-Privacy
WS-Authorization WS-Secure Conversation
Refer to Security Roadmap – http://msdn.microsoft.com/webservicesRefer to Security Roadmap – http://msdn.microsoft.com/webservices
TodayToday
WS-Security 1.0
Security Model Security Token + Digital Signature = Proof of Key
Possession
ClaimsClaimsPublic KeyPublic Key
Private KeyPrivate Key
++ ==
WS-Security 1.0
Trust Model Security Token
Unendorsed = Not signed by an authority Proof-of-Possession = claim that can be mutually
verified Endorsed = Signed by an authority
??
Signing AuthoritySigning Authority
WS-Security 1.0
Protection Integrity = XML Signature + Security
Tokens Confidentiality = XML Encryption +
Security Tokens
WS-Security 1.0 Core building blocks
<Security> <UsernameToken> <BinarySecurityToken> <SecurityTokenReference> <ds:KeyInfo> <ds:Signature> <xenc:EncryptedData <xenc:EcryptedKey> …
Processing rules and error handling
Wrap-Up Resources
WS-Security (http://msdn.microsoft.com/webservices)
XML Security (Blake Dournaee – RSA Press)
Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition (Bruce Schneier – Wiley)
CAPICOM (Refer to the Platform SDK)