SOA+MW-1.1
CSE333
Service-Oriented Architectures/Middlware
Prof. Steven A. Demurjian
Computer Science & Engineering DepartmentThe University of Connecticut
371 Fairfield Road, Box U-2155Storrs, CT 06269-2155
[email protected]://www.engr.uconn.edu/
~steve(860) 486 - 4818
† Special Thanks to Prof. Alex Shvartsman, Keith Bessette, Scott Craig and Prior CSE333 students for providing portions of this material.
SOA+MW-1.2
CSE333
What is a Distributed Application?What is a Distributed Application? Distributed Computing/Applications are …Distributed Computing/Applications are …
Systems of Systems Interoperation of New & Existing Applications Legacy, Databases, COTS, New Clients, etc. Network Centric Environment
Distributed Computing Applications must …Distributed Computing Applications must … Manage, Control, Access, and Modify Data Allow Humans to Interact with Data Provide High-Availability and Performance Evolvable Over Time
Present & Future Army Systems Exhibit All of Present & Future Army Systems Exhibit All of These Characteristics and More!These Characteristics and More!
SOA+MW-1.3
CSE333
JavaClient
JavaClient
LegacyClient
DB Client
COTSClient
What is a Distributed Application?What is a Distributed Application?
LegacyDatabase
Server
Legacy
COTSServer
Database
COTS
Network Centric Environment
High-AvailabilityPerformanceHeterogeneity Hardware OS, PLs
Transparent Interoperation New/Innovative Information Use
Increase ProductivityDynamic
Environment
System of Systems
SOA+MW-1.4
CSE333
Another View – Today’s RealityAnother View – Today’s Reality
Legacy
Legacy
COTS
GOTS
Database
Database
NETWORK
JavaClient
GOTSClient
LegacyClient
DatabaseClient
COTSClient
Premise: Premise: ArtifactsArtifacts - set of - set of DB, Legacy, COTS,
GOTS, Each w/ API Premise: Premise: UsersUsers
New and Existing Utilize Artifact APIs
Distributed Application, Distributed Application, DADA Artifacts + Users
What are the Issues?What are the Issues? How Do they Interact? Heterogeneity Security Concerns Different Programmatic
Models Etc. Etc. Etc.
SOA+MW-1.5
CSE333
Why is Distributed Computing Needed?Why is Distributed Computing Needed? Today’s Environments Contain Applications … Today’s Environments Contain Applications …
Created with Multiple Prog. Languages Executing on Heterogeneous Platforms Locally and Geographically Distributed
Distributed Computing Applications Must … Distributed Computing Applications Must … Allow Seamless and Transparent Interoperation Provide Tools for Engineers and Users
Result: Inter-Operating Environment Result: Inter-Operating Environment Utilize Information in New/Innovative Ways Leveraged to Increase Productivity Support Diverse User Activities Dynamically Respond to Changes
SOA+MW-1.6
CSE333
Striving for New Techniques/TechnologiesStriving for New Techniques/Technologies We Must Diverge from Business as UsualWe Must Diverge from Business as Usual
C Programming with RPC Customized Development without Reuse Solutions that Aren’t Extensible and Evolvable Cobbling Together Solutions w/o Method or
Reason is Unacceptable and Doomed to Fail! We Must Face Today’s RealitiesWe Must Face Today’s Realities
Legacy Code is Fact of Life New Technologies Offer New Challenges Adopt to Leverage Their Benefits We Must Draw Careful Balance to Opt for
Mature Technologies While Targeting Emerging Technologies with Potential!
SOA+MW-1.7
CSE333
Who are the Players?Who are the Players? StakeholdersStakeholders
Software Architects (Requirements) System Designers (Solutions) Application Builders (Implementation)
Stakeholders Striving to Provide …Stakeholders Striving to Provide … System Interaction and Information Exchange Utilization of Existing Applications in New and
Innovative Ways End-Users at Various Skill Levels and with Specific End-Users at Various Skill Levels and with Specific
and Limited Access Requirementsand Limited Access Requirements Novice vs. Adept vs. Expert Who Uses What When and for How Long?Who Uses What When and for How Long?
SOA+MW-1.8
CSE333
Why a Distributed Application?Why a Distributed Application? Reasons:Reasons:
Data used is Distributed Computation is Distributed Application Users are
Distributed 2 Key Issues for Solution:2 Key Issues for Solution:
Platform-Independent Models and Abstraction Techniques
Hide Low-Level Details Provide a Well-Performing
Solution Works Today and
Tomorrow!
Shared Objects
• Easy to Re-use• Easy to distribute• Easy to maintain
SOA+MW-1.9
CSE333
Distributed SystemsDistributed Systems
Co-locatedCo-located DistributedDistributed
CommunicationCommunication FastFast SlowerSlower
FailuresFailures Objects fail togetherObjects fail togetherObjects fail Objects fail
separately, Network separately, Network can partitioncan partition
Concurrent AccessConcurrent Access Only with multiple Only with multiple threadsthreads YesYes
SecureSecure YesYesNot InherentlyNot InherentlyOften Add-On Often Add-On
CapabilityCapability
Fundamental Realities of Distributed Systems
SOA+MW-1.10
CSE333
What is a Service Oriented Architecture?What is a Service Oriented Architecture? Solutions that Focus on Services that Need to be Solutions that Focus on Services that Need to be
Available to Meet Need of Users (Entities)Available to Meet Need of Users (Entities) Users are Assumed to be Interacting via Client Users are Assumed to be Interacting via Client
Applications (Browser or Standalone)Applications (Browser or Standalone) Interactions with Services Transparent to Users
(Integrated into Software) Interactions Between Entities Occur via a Message Interactions Between Entities Occur via a Message
Exchange - ConceptualExchange - Conceptual Resources are Software Artifact Accessible via
API Consisting of Services Services are Logical Grouping of Methods
(Functions) that are Available for Use Services are Utilized When Messages are Invoked
Against Them by Outside Users Both Web-Based and Middleware SettingsBoth Web-Based and Middleware Settings
SOA+MW-1.11
CSE333
Service Oriented Architectures (SOA)Service Oriented Architectures (SOA) An SOA is often Cast in a Web-Based SettingAn SOA is often Cast in a Web-Based Setting Possible Services include:Possible Services include:
Data Transfer (e.g. FTP) or Storage Service Troubleshooting Service
Service Operations (Messages) are Encapsulated Service Operations (Messages) are Encapsulated Behind a Message-Oriented Service InterfaceBehind a Message-Oriented Service Interface Hides Details of Service Implementation/Location Assumes an Architecture for Access Provides a Logical View that is Message-Oriented Available Service/Messages are Descriptively
Supplied for Purpose of Discovery/Lookup Network-Oriented Scalable – Add New Services/Extend Existing
Services for New/Improved Functionality
SOA+MW-1.12
CSE333
Middleware-Based SOAMiddleware-Based SOA Distributed Object Computing Platforms are Well Distributed Object Computing Platforms are Well
Established in the Field - HistoricallyEstablished in the Field - Historically DCE (Distributed Computing Environment) COM/OLE (Component Object Model/Object
Linking and Embedding) Modern Middleware (JINI, CORBA, .NET):Modern Middleware (JINI, CORBA, .NET):
CORBA –Standards Committee (OMG) Controls Technology – Many Programming Languages
JINI – Sun-Based Product – The Poor Mans CORBA – Java
.NET – Microsoft’s Forward into the Modern Market – C#
SOA+MW-1.13
CSE333
Web-Based SOAsWeb-Based SOAs While Not our Focus – Important to Understand their While Not our Focus – Important to Understand their
Role in SOARole in SOA From From Web Services Architecture, W3C
A Web service is a software system designed to support interoperable machine-to-machine interaction over a network. It has an interface described in a machine processable format (specifically WSDL). Other systems interact with the Web service in a manner prescribed by its description using SOAP messages, typically conveyed using HTTP with an XML serialization in conjunction with other Web-related standards.
SOA+MW-1.14
CSE333
Web Services Architecture from W3CWeb Services Architecture from W3C Complex Complex
Architecture with Architecture with Many Different Many Different Capabilities and Capabilities and Features Features Open Ended
(Like Web) Target Multiple
Domains/Usages Current Web and Current Web and
Future (Emerging?) Future (Emerging?) Semantic WebSemantic Web
SOA+MW-1.15
CSE333
What Must All SOA Provide?What Must All SOA Provide? Both Middleware & Web-Based SOAs Must ProvideBoth Middleware & Web-Based SOAs Must Provide
Middle Layer Infrastructure that Provides Bridge Between Software Artifacts Clients and Resources in Middlware Setting Clients (Browsers) and Resources in Web Setting
Allow Software Artifacts (Resources) to Register/Publish their APIs (Services and Methods) for use by Clients/Other Resources
Lookup Service: Lookup Service: Middleware that Provides Means for Software
Artifacts (Resources and/or Clients and/or Other Resources) and to Interact
Support Dynamic Discovery – Find Services Based on Attributes and Values
Location Transparency to Service Requestors
SOA+MW-1.16
CSE333
Objectives of SOAObjectives of SOA Can SOAs Support Can SOAs Support Highly-Available Distributed Highly-Available Distributed
ApplicationsApplications?? Can Replicated Services be Registered and Available Can Replicated Services be Registered and Available
for Use by Clients?for Use by Clients? Can SOAs Support a Network-Centric Environment Can SOAs Support a Network-Centric Environment
with with Dynamic Clients and ServicesDynamic Clients and Services?? Will Clients Continue to Operate Effectively if a Will Clients Continue to Operate Effectively if a
Replicated Service FailsReplicated Service Fails?? Can SOAs be Utilized to Can SOAs be Utilized to Maintain Data ConsistencyMaintain Data Consistency
of Replicas?of Replicas? Are SOAs Easy to Learn and Use?Are SOAs Easy to Learn and Use? What is Maturity Level of SOAs Technology?What is Maturity Level of SOAs Technology?
SOA+MW-1.17
CSE333
Overview of PresentationOverview of Presentation Objective is to Explore CORBA, JINI, and .NETObjective is to Explore CORBA, JINI, and .NET Various Aspects of Three TechnologiesVarious Aspects of Three Technologies
A B C D
Comparison of CORBA, J2EE (Java), and .NET from Comparison of CORBA, J2EE (Java), and .NET from Security PerspectiveSecurity Perspective What Does Each Support? Limits and Capabilities of Security Models
Multi-Tier Architectural SolutionsMulti-Tier Architectural Solutions Examples of Various Architectures Interplay and Interactions of Technologies
SOA+MW-1.18
CSE333
What is CORBA?What is CORBA? Common Object Request Broker ArchitectureCommon Object Request Broker Architecture Architecture to Allow:Architecture to Allow:
Existing COTS, GOTS, Legacy, DB, etc. to Interact with One Another
Integrate These with New Clients/Servers/Etc. Consists of Following Major ComponentsConsists of Following Major Components
Object Request Broker (ORB): Arbitrate and Interact Role of Lookup for Service Discovery
Interface Definition Language (IDL): Common Definitional Format Means for Different “Software” written in Different
Languages to Interact with One Another
SOA+MW-1.19
CSE333
What is CORBA?What is CORBA? CORBA is a CORBA is a
Specification for Specification for InteroperabilityInteroperability
OMG (Object OMG (Object Management Management Group) Supplies a Group) Supplies a Set of Flexible Set of Flexible Abstraction and Abstraction and Concrete ServicesConcrete Services
Vendors Must Vendors Must Follow StandardFollow Standard
CORBA Language Mappings
AdaC and C++
COBOLJava to IDL
LispCORBA Scripting
LanguageSmalltalk
OthersPerl
HaskellPythonEiffel
PHP/ORBit
SOA+MW-1.20
CSE333
What is CORBA?What is CORBA? Differs from Typical Programming LanguagesDiffers from Typical Programming Languages Objects can be …Objects can be …
Located Throughout Network Interoperate with Objects on other Platforms Written in Ant PLs for which there is mapping
from IDL to that Language
Object Request Broker
ApplicationInterfaces
Domain Interfaces
Object Services
SOA+MW-1.21
CSE333
What is CORBA?What is CORBA? CORBA Provides a Robust set of Services (COS)CORBA Provides a Robust set of Services (COS)
Services to Support Integration and Interoperation of Distributed Objects
Services Defined on top of ORB as standard CORBA Objects with IDL interfaces
Vendors Must Implement CORBA Services (COS)
Object Request Broker
FactoryNamingContext
EventChannel
Object Life CycleNamingEventsRelationshipsExternalizationTransactionsTraderQueryProperty
SOA+MW-1.22
CSE333
What is CORBA?What is CORBA? Allow Interactions from Client to Server CORBA Allow Interactions from Client to Server CORBA Installed on All Participating MachinesInstalled on All Participating Machines
Client Application Server Application
Client ORB Core Server ORB Core
StaticStub
DII DSISkeleton
ORBInterface
ORBInterface
Object Adapter
Network
IDL - Independent Same for allapplications
There may be multipleobject adapters
SOA+MW-1.23
CSE333
CORBA: Architectural GoalsCORBA: Architectural Goals SimplicitySimplicity ConsistencyConsistency ScalabilityScalability Usability for End UsersUsability for End Users Usability for AdministratorsUsability for Administrators Usability for ImplementersUsability for Implementers Flexibility of Security PolicyFlexibility of Security Policy Independence of Security TechnologyIndependence of Security Technology Application PortabilityApplication Portability InteroperabilityInteroperability PerformancePerformance Object OrientationObject Orientation
SOA+MW-1.24
CSE333
Client
Application
Object
Implementation
ORB
Role of an Object Request Broker (ORB)Role of an Object Request Broker (ORB) ORB Provides the Underlying Infrastructure for ORB Provides the Underlying Infrastructure for
Supporting Interoperating Software Systems Supporting Interoperating Software Systems (Applications) Composed of Distributed Objects(Applications) Composed of Distributed Objects ORB Provides the Basic Request Delivery ORB Provides Interface Definitions
Location is Transparent to the Caller and Object Location is Transparent to the Caller and Object ImplementationImplementation
Caller and the Object Implementation Can be in the Caller and the Object Implementation Can be in the Same Process thru Opposite Sides of the WorldSame Process thru Opposite Sides of the World
ORB Manages Local Location and OptimizationORB Manages Local Location and Optimization
SOA+MW-1.25
CSE333
Interface Definition Language, IDLInterface Definition Language, IDL Key Component of CORBA Is the Interface Key Component of CORBA Is the Interface
Definition Language, IDLDefinition Language, IDL Mapping is Available in C, C++, Java, Ada, Etc. IDL Is Independent of Any Language/Compiler Multiple Inheritance Public Interface Oriented Not for Implementation
Primary Support for Interoperability Between Static Primary Support for Interoperability Between Static and Dynamic Request Mechanismsand Dynamic Request Mechanisms
Advantage: Modification of Client Code without Advantage: Modification of Client Code without Impacting of Server Code, and vice-versaImpacting of Server Code, and vice-versa
Disadvantage: Disadvantage: A complete new language with C++ like Syntax Programmers Must Prepare IDL Modules
SOA+MW-1.26
CSE333
ClientApplication
ObjectImplementation
ORB
Object reference Object dispatcher
IDL Boundary
Object Call
IDL Boundary
Methods and Data
Request
ORB and High Level View of RequestsORB and High Level View of Requests The Request Consists ofThe Request Consists of
Target Object Operation (Method) Parameters Request Context (Optional)
SOA+MW-1.27
CSE333
ObjectAdapter
ORB Core
One interfaceOne interface per object adaptorOne interface per object operation
ORB internal interface
DynamicInvoke
ClientStubs
ORBInterface
Client Object Implementation
ImplementationSkeletons
CORBA Components and InterfacesCORBA Components and Interfaces Client Stub: Client Invokes a Particular Object Op.Client Stub: Client Invokes a Particular Object Op. Dynamic Invocation: Run-Time-Construction of Dynamic Invocation: Run-Time-Construction of
Operation InvocationsOperation Invocations Implementation Skeleton: Interface Through Which a Implementation Skeleton: Interface Through Which a
Method Receives a RequestMethod Receives a Request Object Adapter: Provides (De)activation, Object Object Adapter: Provides (De)activation, Object
Creation/Reference Mgmt. for ImplementationsCreation/Reference Mgmt. for Implementations ORB Interface: Common ORB OperationsORB Interface: Common ORB Operations
SOA+MW-1.28
CSE333
ClientStubs
ImplementationSkeletons
Client Object Implementation
InterfaceRepository
ImplementationRepository
Access Includes Includes Describes
IDL InterfaceDefinitions
ImplementationInstallation
InterfacesInterfaces Objects are Defined in IDL via InterfacesObjects are Defined in IDL via Interfaces Object Definitions (Interfaces) are Manifested as Object Definitions (Interfaces) are Manifested as
Objects in the Interface Repository, as Client Stubs, Objects in the Interface Repository, as Client Stubs, and as Implementation Skeletonsand as Implementation Skeletons
Descriptions of Object Implementations are Descriptions of Object Implementations are Maintained as Objects in the Impl. RepositoryMaintained as Objects in the Impl. Repository
SOA+MW-1.29
CSE333
CORBA: RepositoriesCORBA: Repositories Interface RepositoryInterface Repository
Client access to definitions
Type checking for signatures
Traversal of inheritance graphs
IDL InterfaceDefinitions
InterfaceRepository
ClientStubs
Client
ImplementationInstallation
ImplementationSkeletons
ImplementationRepository
Object Implementation
AccessIncludes Includes Describes
Implementation RepositoryImplementation Repository Location of
implementation Activation information Administration control Security Resource allocation
SOA+MW-1.30
CSE333
ORB Core
ObjectAdapter
Object Implementation
ImplementationSkeletons
Client
DynamicInvoke
ClientStubs
ORBInterface
ObjectRepository
Client SideClient Side Clients Perform Requests Using Object ReferencesClients Perform Requests Using Object References Clients Issue Requests through Object Interface Stubs Clients Issue Requests through Object Interface Stubs
(Static) or DII (Dynamic Invocation Inter.)(Static) or DII (Dynamic Invocation Inter.) Clients May Access General ORB Services:Clients May Access General ORB Services:
Interface Repository (IR) Context Management Request Management
SOA+MW-1.31
CSE333
ORB Core
ORBInterface
Object Implementation
Object Adapter
Implem.Skeletons
DynamicInvoke
ClientStubs
ClientImplementation
Repository
Object Implementation SideObject Implementation Side Implementations Receive Requests Thru SkeletonsImplementations Receive Requests Thru Skeletons Object Adapter Adapts to Specifics of Object Object Adapter Adapts to Specifics of Object
Implementation SchemesImplementation Schemes Basic Object Adapter (BOA) Provides:Basic Object Adapter (BOA) Provides:
Management of References Method Invocation Authentication Implementation Registration Activation / Deactivation
SOA+MW-1.32
CSE333
CORBACORBA Basic Object Adapter (BOA)Basic Object Adapter (BOA)
Provides Basic Services to Allow Variety Of CORBA Objects to be Created – Ambiguous
Portable Object Adapter (POA)Portable Object Adapter (POA) Allow Developers yo Construct Object
Implementations that are Portable Between ORBs Mediator Between ORB And Server
Client ORB POA
Incoming Request
Server Applications
Servants
SOA+MW-1.33
CSE333
CORBA: POA PoliciesCORBA: POA Policies Provided to Programmer for Control Over an Object’s Provided to Programmer for Control Over an Object’s
Identity, State, Storage and Life-cycleIdentity, State, Storage and Life-cycle 7 Different Policies7 Different Policies
Thread Policy Life-Span Policy Object ID Uniqueness Policy ID Assignment Policy Servant Retention Policy Request Processing Policy Implicit Activation Policy
We Briefly Review each in TurnWe Briefly Review each in Turn
SOA+MW-1.34
CSE333
CORBA: POA PoliciesCORBA: POA Policies Thread Policy - Depends on Number of Objects the Thread Policy - Depends on Number of Objects the
Application Will HaveApplication Will Have Depends on Operating System Expected Load on System ORB_CTRL_MODEL/SINGLE_THREAD_MODEL
Life Span Policy - Transient object cannot live Life Span Policy - Transient object cannot live beyond the process which created itbeyond the process which created it Persistent object can live beyond the process
which created it TRANSIENT / PERSISTENT
Object ID Uniqueness PolicyObject ID Uniqueness Policy UNIQUE_ID / MULTIPLE_ID
SOA+MW-1.35
CSE333
CORBA: POA PoliciesCORBA: POA Policies ID Assignment Policy - To specify whether Object ID ID Assignment Policy - To specify whether Object ID
was generated by the application or ORBwas generated by the application or ORB USER_ID / SYSTEM_ID
Servant Retention Policy: States if POA retains active Servant Retention Policy: States if POA retains active servants in object mapservants in object map RETAIN / NON_RETAIN
Request Processing Policy: States how request Request Processing Policy: States how request processed by the POAprocessed by the POA USE_ACTIVE_OBJECT_MAP_ONLY /
USE_DEFAULT_SERVANT / USE_SERVANT_MANAGER
Implicit Activation Policy: Indicates if Implicit Implicit Activation Policy: Indicates if Implicit activation of servants is supported by POAactivation of servants is supported by POA IMPLICIT_ACTIVATION /
NO_IMPLICIT_ACTIVATION
SOA+MW-1.36
CSE333
Dynamic Invocation Interface (DII)Dynamic Invocation Interface (DII) DII Allows Clients to Dynamically:DII Allows Clients to Dynamically:
Discover Objects Discover Objects’ Interfaces Create Requests Invoke Requests (-> Methods) Receive Responses
Major DII Features:Major DII Features: Requests Appear as Objects Requests are Reusable Invocation May be Synchronous or Asynchronous Requests Can be Generated Dynamically,
Statically or Using Both Approaches
SOA+MW-1.37
CSE333
Request ComponentsRequest Components Object Reference -- Identifies the Target ObjectObject Reference -- Identifies the Target Object Operation -- Identifies Which Operation to Invoke Operation -- Identifies Which Operation to Invoke
(Which Method Will Be Executed)(Which Method Will Be Executed) Parameters -- Input, Output or Inout Method Arg-sParameters -- Input, Output or Inout Method Arg-s Context Object -- the Context Within Which the Context Object -- the Context Within Which the
Request Is to Be PerformedRequest Is to Be Performed Results -- the Result Value(s) ReturnedResults -- the Result Value(s) Returned Environment -- the Exec-n Env-t and Exception Info.Environment -- the Exec-n Env-t and Exception Info. Request Handle -- the Id. For This Request InstanceRequest Handle -- the Id. For This Request Instance
SOA+MW-1.38
CSE333
Repositories: Interface and ImplementationRepositories: Interface and Implementation Interface RepositoryInterface Repository
Dynamic Client Access to Interface Definitions to Construct a Request
Dynamic Type Checking of Request Signatures Traversal of Inheritance Graphs
Implementation RepositoryImplementation Repository Location of Implementations and Methods Activation Information Administration Control Resource Allocation Security
SOA+MW-1.39
CSE333
Client Object
RequestORB
ORB and implementations implemented as libraries (routines) resident in the client.
Three Types of ORBsThree Types of ORBs Single Process Library ResidentSingle Process Library Resident
Client and Implementation ResidentClient and Implementation Resident
Client Object
RequestORB
ORB implemented as libraries (routines) resident in the clients and in the implementations.
SOA+MW-1.40
CSE333
Client Object
RequestORB
ORB is implemented as a server (separate process) which brokers requests between client and implementation processes.
ORB is part of the operating system.
Three Types of ORBsThree Types of ORBs Server or Operating System BasedServer or Operating System Based
SOA+MW-1.41
CSE333
Implementation is a permanentor resident multi-threadedprocess
Implementation is a singleprocess that is activatedupon the request delivery
Object Implementation
Single Process
Singlemethodinvocation
Object Implementation
Single Process
Method CMethod B
Method A
Three Types of ImplementationsThree Types of Implementations
Single Process “one shot” ObjectSingle Process “one shot” Object
Multi-Threaded “resident” ObjectMulti-Threaded “resident” Object
SOA+MW-1.42
CSE333
Implementation is a setof processes dedicated toa particular (group of)method(s)
Processes can be distributed
Object Implementation
Process 1
Process 2
Process 3
Method A
Method B
Method C
Three Types of ImplementationsThree Types of Implementations
Multi-Process ObjectMulti-Process Object
SOA+MW-1.43
CSE333
System Design with CORBASystem Design with CORBA
Scott A. CraigComputer Science & Engineering Department
The University of ConnecticutStorrs, Connecticut 06269-3155
SOA+MW-1.44
CSE333
Overview of PresentationOverview of Presentation
Introduction to OMG IDLIntroduction to OMG IDL Object Management ArchitectureObject Management Architecture
CORBAservices Naming Service
Event Service Typed Event ExampleTyped Event Example ReferencesReferences Concluding RemarksConcluding Remarks
SOA+MW-1.45
CSE333
Interface Definition Language, IDLInterface Definition Language, IDL Language used to describe the interfaces that client Language used to describe the interfaces that client
objects call and object implementations provide.objects call and object implementations provide. Obeys the same lexical rules as C++, but introduces Obeys the same lexical rules as C++, but introduces
some new keywords.some new keywords. Supports standard C++ preprocessing features.Supports standard C++ preprocessing features. Interfaces can have operations and attributes.Interfaces can have operations and attributes.
Operation declaration consists of a return type, an identifier, a parameter list, and an optional raises expression (exceptions).
Attribute declaration is logically equivalent to declaring a pair of accessor operations. May be declared as readonly.
Interface specifications are placed in a source file Interface specifications are placed in a source file having the extension “.idl”having the extension “.idl”
SOA+MW-1.46
CSE333
IDL: Modules and InterfacesIDL: Modules and Interfaces Module: Used to scope IDL identifiers.Module: Used to scope IDL identifiers.
Mapped to C++ namespace with the same name. Mapped to a C++ class if the namespace construct is not supported.
Mapped to Java package with the same name. IDL declarations not enclosed in any module have
global scope when mapped. Interface: Description of set of operations that a Interface: Description of set of operations that a
client may request of an object.client may request of an object. Multiple inheritance supported Interface body may contain the following kinds of
declarations: constant, type, attribute, and operation.
SOA+MW-1.47
CSE333
IDL: Basic TypesIDL: Basic Types
Type Range
short -215 .. 215-1 (16-bit)
unsigned short 0 .. 216-1 (16-bit)
long -231 .. 231-1 (32-bit)
unsigned long 0 .. 216-1 (32-bit)
float IEEE single-precision floating point
double IEEE double-precision floating point
char 8-bit quantity
boolean TRUE or FALSE
octet 8-bit (guaranteed during transmission)
any values that can express any IDL type
SOA+MW-1.48
CSE333
IDL: Complex TypesIDL: Complex Types Structures:Structures:
struct FixedLengthStruct { long field1; // 32-bit short field2; // 16-bit};
struct VariableLengthStruct { long field1; // 32-bit string field2;};
Discriminated Unions: Cross between the C Discriminated Unions: Cross between the C unionunion and and switchswitch statements. statements.
Enumerations: Ordered list of identifiers.Enumerations: Ordered list of identifiers. enum quality_t { Poor, Fair, Good, Excellent};
SOA+MW-1.49
CSE333
IDL: Complex Types (cont.)IDL: Complex Types (cont.) Sequences: One-dimensional array with maximum Sequences: One-dimensional array with maximum
size (fixed at compile time) and length (set at run size (fixed at compile time) and length (set at run time).time). Unbounded Sequence:typdef sequence<long> longSeq;
Bounded Sequence:sequence<long,10> fieldname;
Strings: Declared using keyword Strings: Declared using keyword string.string. May be May be bounded or unbounded.bounded or unbounded. string name<32>; //bounded
Arrays: Multidimensional, fixed-size arrays of any Arrays: Multidimensional, fixed-size arrays of any IDL data type.IDL data type.
SOA+MW-1.50
CSE333
IDL Example: GUIIDL Example: GUI
/* * File Name: GUI.idl */
#ifndef GUI_IDL#define GUI_IDL
module GUI {
struct timespec_t { long tv_sec; long tv_nsec; };
struct Dialog1Data_t { timespec_t DataTime; float val; };
struct Dialog2Data_t { timespec_t DataTime; long val; };
interface MainWindow { void logEvent(in timespec_t timestamp,
in string val); };
interface Dialog1 { void update(in Dialog1Data_t val); };
interface Dialog2 { void update(in Dialog2Data_t val); };};
#endif // GUI_IDL
SOA+MW-1.51
CSE333
IDL Example: ServerIDL Example: Server
/* * File Name: Server.idl */
#ifndef SERVER_IDL#define SERVER_IDL
#include "GUI.idl"
interface Server {
enum reason_t { NotInitialized, ErrorDetected }; exception NotAvailable { reason_t reason; };
exception OperationTimeout {}; void registerMainWindow( in GUI::MainWindow val, in boolean flag) raises (OperationTimeout); void setMainWindowEnabled( in boolean flag) raises (OperationTimeout);
void registerDialog1( in GUI::Dialog1 val, in boolean flag) raises (OperationTimeout); void setDialog1Enabled( in boolean flag) raises (OperationTimeout); GUI::Dialog1Data_t getDialog1Data() raises (OperationTimeout,
NotAvailable);
void registerDialog2( in GUI::Dialog2 val, in boolean flag) raises (OperationTimeout); void setDialog2Enabled( in boolean flag) raises (OperationTimeout); GUI::Dialog2Data_t getDialog2Data() raises (OperationTimeout,
NotAvailable);};
#endif // SERVER_IDL
SOA+MW-1.52
CSE333
Object Management ArchitectureObject Management Architecture The Object Management Group, Inc (OMG) has The Object Management Group, Inc (OMG) has
established the Object Management Architecture established the Object Management Architecture (OMA), upon which OMG specifications are based(OMA), upon which OMG specifications are based
Components of the OMA Reference Model:Components of the OMA Reference Model: Object Request Broker (CORBA):
Provides communications infrastructure. Object Services (CORBAservices):
Collection of fundamental services (interfaces and objects) for using and implementing objects.
Common Facilities (CORBAfacilities): Services such as system management.
Application Objects Not standardized.
SOA+MW-1.53
CSE333
CORBAservicesCORBAservices OMG specification for Object ServicesOMG specification for Object Services Collection of 15 services (interfaces and objects) that Collection of 15 services (interfaces and objects) that
support basic functions for using and implementing support basic functions for using and implementing objects.objects. Interfaces specified using IDL
Will focus on two services:Will focus on two services: Naming Service Event Service
Security Service: Addresses identification and Security Service: Addresses identification and authentication, authorization and access control, authentication, authorization and access control, security of communication between objects, etc.security of communication between objects, etc. Beyond scope of this presentation (specification is
386 pages in length)
SOA+MW-1.54
CSE333
Naming ServiceNaming Service
Facilitates locating objects in a distributed system.Facilitates locating objects in a distributed system. A A name bindingname binding is a name-to-object association and is a name-to-object association and
is always defined relative to a is always defined relative to a naming context.naming context. A naming context is an object that contains a set of A naming context is an object that contains a set of
name bindings in which each name is unique.name bindings in which each name is unique. Multiple names may be bound to an object.Multiple names may be bound to an object. Servers bind names to objects and clients resolve Servers bind names to objects and clients resolve
names to objects.names to objects. A naming context may be bound to a name in A naming context may be bound to a name in
another naming context creating a another naming context creating a naming graph.naming graph. Directed graph with labeled edges in which
nodes are objects. Compound names are formed by the sequence of
names along a path from the root to the leaf.
SOA+MW-1.55
CSE333
ReferencesReferences Object Management Group, Inc. (OMG), Object Management Group, Inc. (OMG),
http://www.omg.orghttp://www.omg.org OMG, OMG, A Discussion of the Object Management A Discussion of the Object Management
ArchitectureArchitecture, 01/97, 01/97 OMG, OMG, The Common Object Request Broker: The Common Object Request Broker:
Architecture and SpecificationArchitecture and Specification, Rev. 2.2, 02/98, Rev. 2.2, 02/98 OMG, OMG, CORBAservices: Common Object Services CORBAservices: Common Object Services
SpecificationSpecification, 12/98, 12/98 T. J. Mowbray and R. Zahavi, T. J. Mowbray and R. Zahavi, The Essential CORBA: The Essential CORBA:
Systems Integration Using Distributed ObjectsSystems Integration Using Distributed Objects , John , John Wiley & Sons, Inc., 1995Wiley & Sons, Inc., 1995
G. Booch, J. Rumbaugh, I. Jacobson, G. Booch, J. Rumbaugh, I. Jacobson, The Unified The Unified Modeling Language User GuideModeling Language User Guide, AWL, Inc. 1999, AWL, Inc. 1999
SOA+MW-1.57
CSE333
What is JINI?What is JINI? An Infrastructure for Network Centric Applications in An Infrastructure for Network Centric Applications in
Spontaneous EnvironmentSpontaneous Environment Clients Enter/Leave Network Unpredictably Resources and Services Enter/Leave due to
Failure, Redundancy, Topology Change Both Typify Present/Future Army Systems
Goals of JINIGoals of JINI Plug-and-Play of Clients and Services Erasing Hardware/Software Distinction:
Everything is a Service Enable Spontaneous Network Applications Architecture where Services Define Function Strive for Easy to Use/Understand Technology
SOA+MW-1.58
CSE333
Sun’s JINI TechnologySun’s JINI Technology JINI is a Sophisticated Java APIJINI is a Sophisticated Java API Construct Distributed Applications Using JINI by Construct Distributed Applications Using JINI by
Federating Groups of Users Resources Provide Services (Database Access,
Printing, Real-Time Sensor) for Users JINI and StakeholdersJINI and Stakeholders
Core of Technologies to Architect, Design, Implement, and Test Distributed Applications
Construct Software “Resistant” to Failure JINI and UsersJINI and Users
High Availability Through Redundancy Dynamic Responses to User Requests
Regardless of Network & Resource Changes
SOA+MW-1.60
CSE333
JINI Components and DependenciesJINI Components and Dependencies
Infrastructure Programming Model
Services
Base Java
Java VM
RMI
Java Security
Java APIs
JavaBeans
JNDI
Enterprise Beans
JTS
JMS
Java + JINI
Discovery/Join Leasing Transaction Manager
Distributed Security
Transactions JavaSpaces
Lookup Events Lookup service
SOA+MW-1.61
CSE333
How Does JINI Work?How Does JINI Work? Distributed Application Constructed Using One or Distributed Application Constructed Using One or
More Lookup ServicesMore Lookup Services Lookup Service Support Interactions by Lookup Service Support Interactions by
Resources: ““Advertise”Advertise” ServicesDiscover, Register Services, Renew Lease
Client: “Locate/Utilize”“Locate/Utilize” ServicesDiscover, Search for Services, Invocation
Multiple Lookup ServicesMultiple Lookup Services Resources Responsible for Registering All Clients Interact with Multiple Lookups Stakeholders Must Write “Apropos” Code
Discovery Initiates Process for Client or ResourceDiscovery Initiates Process for Client or Resource
SOA+MW-1.62
CSE333
Discovery by Resource & ClientDiscovery by Resource & Client
Client
JINILookupService
Resource
Service ObjectService Attributes
JINILookupService
Discovery toRegister Services
Discovery toLocate Services
SOA+MW-1.63
CSE333
Basic JINI ConceptsBasic JINI Concepts JINI JINI Lookup ServiceLookup Service Maintains Registry for Maintains Registry for
Available Services of Distributed ApplicationAvailable Services of Distributed Application Resources Provide Resources Provide ServicesServices that that RegisterRegister and and JoinJoin
with JINI Lookup Servicewith JINI Lookup Service Clients Clients DiscoverDiscover and Utilize Services Based on and Utilize Services Based on
Interface of ServicesInterface of Services Ask Lookup for RegisterForCourse(CSE900) Return Proxy for Execution of Service Location of Service Transparent to Client
Locations of Clients, Services, Lookup Service, etc., Locations of Clients, Services, Lookup Service, etc., can Change over Timecan Change over Time
Conceptually, JINI Similar to Distributed OS with Conceptually, JINI Similar to Distributed OS with Dynamically Definable/Changeable ResourcesDynamically Definable/Changeable Resources
SOA+MW-1.64
CSE333
Basic JINI ConceptsBasic JINI Concepts A A ResourceResource Provides a Set of Services for Use by Provides a Set of Services for Use by
Clients (Users) and Other Resources (Services)Clients (Users) and Other Resources (Services) A A ServiceService is Similar to a Public Method is Similar to a Public Method
Exportable - Analogous to API Any Entity Utilized by Person or Program Samples Include:
Computation, Persistent Store, Printer, Sensor Software Filter, Real-Time Data Source Anything that is Relevant for Your Domain!
Services: Concrete Interfaces of Components Services Register with Services Register with Lookup ServiceLookup Service
Clearinghouse for Resources to Register Services and Clients to Locate Services
SOA+MW-1.65
CSE333
JINI Resources & ServicesJINI Resources & Services
JINILookupService
Printer Resource
Service ObjectService Attributes
PrinterActions Class enqueuePrintJob dequeuePrintJob getPrinterStatus getPrinterType installPrinter removePrinter startJob cancelJob
Class and Methods Define Servicesto beRegistered
Register Services
Sun’s Initial PerspectiveSun’s Initial Perspective JINI for Hardware Printers, Digital
Cameras, etc. Plug-and-Play on
Network PrinterActions Class Defines PrinterActions Class Defines
the the “Component”“Component” that is that is Registered with JINIRegistered with JINI
SOA+MW-1.66
CSE333
Objectives and Utility of JINIObjectives and Utility of JINI For Users, JINI OffersFor Users, JINI Offers
Sharing of Resources (Services) over Network Location Transparency of Users and Services Both Critical for “Moving” Personnel
For Stakeholders, JINI ProvidesFor Stakeholders, JINI Provides Infrastructure for Federating Services in
Distributed Setting Programming Model to Register & Discover
Services Availability of Services Throughout Distributed
SettingLeading to Ease in Constructing, Maintaining, and Leading to Ease in Constructing, Maintaining, and Evolving Network Centric ApplicationsEvolving Network Centric Applications
SOA+MW-1.67
CSE333
How Does JINI Work?How Does JINI Work? Resources Discover and Join Lookup ServiceResources Discover and Join Lookup Service When Resources Leave or Fail to Renew Leases When Resources Leave or Fail to Renew Leases
Lookup Service Must Adjust Registry Time Lag Between Departure and Removal of
Services from Registry What Happens When Client Receives Service
Just Prior to Failure? Utilization of Java Exception Handling Client Code Written to Dynamically Adapt
Resource RegisterResource Register Services on Class-by-Class Basis Service Object (Java API - Method Signatures) Optional Descriptive Service Attributes
SOA+MW-1.68
CSE333
JINI Concepts and TermsJINI Concepts and Terms RegistrationRegistration of Services via of Services via Leasing MechanismLeasing Mechanism
Resource Leases Services to Lookup Service Resources Renew Services Prior to Expiration If not, Services Become Unavailable Lookup Service Maintains Registry Limit Availability of Services Based on Time,
Workload, User Requirements, etc. Services as Available “Components”
Leasing Supports High-AvailabilityLeasing Supports High-Availability Registration and Renewal Process Upon Failure, Services Removed from Registry
Clients, Resources, Lookup Can Occupy Same or Clients, Resources, Lookup Can Occupy Same or Different Computing NodesDifferent Computing Nodes
SOA+MW-1.69
CSE333
JINILookupService
Printer Resource
Service ObjectService Attributes
Leasing/Lease Renewal
PrinterActions Class enqueuePrintJob dequeuePrintJob getPrinterStatus getPrinterType installPrinter removePrinter startJob cancelJob
Class and Methods Define Servicesto beRegistered
Registration & LeasingRegistration & Leasing FOREVER or EXPIRATION DATE (millisecs)FOREVER or EXPIRATION DATE (millisecs) Renewal Must Occur Prior to ExpirationRenewal Must Occur Prior to Expiration JINI Provides Lease Renewal Manager to Allow JINI Provides Lease Renewal Manager to Allow
Resource to Delegate Renewal ResponsibilityResource to Delegate Renewal Responsibility
Lease for 5 minutes (3000000 msec) Must Renew Before 5 Minutes Expire If Not Renewed, Lookup Removes If Failure, Lookup May Still Supply Service Until Expiration (5 mins) Client MUST be SMART!
SOA+MW-1.70
CSE333
JINI Support for Distributed ComputingJINI Support for Distributed Computing
Legacy
Legacy
COTS
COTS
Database
Legacy COTS
Database
Resources Provide ServicesJava
Client
JavaClient
LegacyClient
DatabaseClient
COTSClient
ClientsUsingServices
JINI LookupService
JINI LookupService
RedundantLookups
SOA+MW-1.71
CSE333
Component Perspective and JINIComponent Perspective and JINI Resources as ComponentsResources as Components
Resources Provide Services What Service Provides: Component Interface Clients, Servers, Resources, Use Component
Interface to Design/Construct Functionality
Legacy
COTS
Legacy COTS
Database
JavaClient
JINI LookupService
Constructed via Services of Legacy, COTS, Database, etc.Lookup Registered ServicesFunctionality via Service ReuseServices as Component APIs
SOA+MW-1.72
CSE333
Two Example ResourcesTwo Example Resources University ApplicationUniversity Application
Students can Register/Drop Courses and Check the Schedule/Catalog
Faculty can Alter Course DB and Check the Schedule/Catalog
Military Application - Database of PartsMilitary Application - Database of Parts Ability to Requisition/Add/Delete Parts Different User Authority Based on Rank
For Both:For Both: Client to JINI to Discover Services Client to Resource for Method Invocation
(Resembles RMI)
SOA+MW-1.73
CSE333
What Does an Actual System Look Like?What Does an Actual System Look Like?
JINILookupService
JavaGUI
UDB Client
University DBResource (UDB)
JavaGUI
MDB Client
UDBServer ServiceGetClasses();PreReqCourse();GetVacantClasses();EnrollCourse();AddCourse();RemoveCourse();
MDBServerGetPartsGetRequisitionGetReqPartsWritePartsWriteRequisitionDeletePartDeleteRequisitionAddPartsRemovePartAddRequisition
Military Requisition
DB Resource
SOA+MW-1.74
CSE333
Join, Lookup, and Service InvocationJoin, Lookup, and Service Invocation
ClientResource
Service ObjectService Attributes
Lookup ServiceRequestServiceAddCourse(CSE900)
ReturnService
Proxy toAddCourse( )
Join
Register & Lease Services CourseDB ClassContains Method AddCourse ( )
1. Client Invokes AddCourse(CSE900) on Resource2. Resource Returns Status of Invocation
Service Invocation via Proxy by Transparent RMI Call
Service Object
Service Attributes
Registry of Entries
SOA+MW-1.75
CSE333
Services of Military ApplicationServices of Military Application Query Service: Query Service:
GetParts: Queries DB for Parts GetRequisition: Queries DB for Requisition GetReqParts: All Requisition Details for a
Particular Part Update Service:Update Service:
WriteParts: Store Part to DB WriteRequisition: Requisition Changes to DB DeletePart: Deletes Part from DB DeleteRequisition: Deletes Requisition from DB
Other Services/Methods OmittedOther Services/Methods Omitted Notice: These are Just Public Methods Organized into Notice: These are Just Public Methods Organized into
Logical GroupingsLogical Groupings JINI Allows Searching of Groupings by ServiceJINI Allows Searching of Groupings by Service
SOA+MW-1.76
CSE333
Execution Process of Client using JINIExecution Process of Client using JINI
SecurityAuthorization
Services
Security Registration
Services
LookupService
Military Client
1 Register_Client(Harris,Security Off., Military)
10 Return Result of Check_Privileges(…)
4 Return Result,Create_Token(Security Off., Token)
3 Client OK?
11 Return Result,CreateRequisition(…)
5. Discover/Lookup(MilitaryDb,Modification, CreateRequisition) Returns Proxy to Military Client
7 IsClient_Registered(Token)
9 Check_Privileges(Token, MilitaryDb, Modification, CreateRequisition, [Tank Details, Harris])
2 Verify_UR(Harris, Security Off.)
SecurityPolicy
ServicesMilitaryDB
Resource8 Return Result of IsClient_Registered(…)
USR6 CreateRequisition(Token, Tank Details, Harris)
SOA+MW-1.81
CSE333
CTS (Common Type System)CTS (Common Type System) Defines Common standard that languages should
adhere to. CLR (Common Language Runtime)CLR (Common Language Runtime)
Manages the execution of a .Net application, provides cross platform support by ensuring type safety, code verification, exception handling, garbage collection and memory management
ASP.NETASP.NET This component provides a layer of classes for Web
services
.Net.Net
SOA+MW-1.82
CSE333
Windows FormsWindows Forms Provides a layer of classes for the windows user
interface ADO.NETADO.NET
Provides classes for data access including database and XML
Base Class LibraryBase Class Library Provides the low level classes on which most of
the .Net functionality and other >net Framework classes are built
.Net.Net
SOA+MW-1.83
CSE333
RemotingRemoting Remoting makes an object in one process available to an Remoting makes an object in one process available to an
application in another process application in another process Marshalling enables a controlled data communication Marshalling enables a controlled data communication
between the 2 processesbetween the 2 processes Marshalling an object can be done in 2 waysMarshalling an object can be done in 2 ways
Marshall by value:Server creates a copy of the object and passes the copy to the client
Marshall by reference: The server creates a reference of the object ans send this reference to the client
SOA+MW-1.84
CSE333
RemotingRemoting
When a client calls an object marshalled by reference of the object in the client’s application domain and the
client uses that proxy to access that original object on the server
SOA+MW-1.85
CSE333
RemotingRemoting
When a client calls an object marshaled by value the server creates and When a client calls an object marshaled by value the server creates and exact copy and sends that copy to the client. The client then uses exact copy and sends that copy to the client. The client then uses
the data of the object and executes the required functionality the data of the object and executes the required functionality directly within the client’s own process without making any directly within the client’s own process without making any
additional calls to the serveradditional calls to the server
SOA+MW-1.87
CSE333
CTS (Common Type System)CTS (Common Type System) Defines Common standard that languages should
adhere to. CLR (Common Language Runtime)CLR (Common Language Runtime)
Manages the execution of a .Net application, provides cross platform support by ensuring type safety, code verification, exception handling, garbage collection and memory management
ASP.NETASP.NET This component provides a layer of classes for Web
services
.Net.Net
SOA+MW-1.88
CSE333
Windows FormsWindows Forms Provides a layer of classes for the windows user
interface ADO.NETADO.NET
Provides classes for data access including database and XML
Base Class LibraryBase Class Library Provides the low level classes on which most of
the .Net functionality and other >net Framework classes are built
.Net.Net
SOA+MW-1.89
CSE333
RemotingRemoting Remoting makes an object in one process available to an Remoting makes an object in one process available to an
application in another process application in another process Marshalling enables a controlled data communication Marshalling enables a controlled data communication
between the 2 processesbetween the 2 processes Marshalling an object can be done in 2 waysMarshalling an object can be done in 2 ways
Marshall by value:Server creates a copy of the object and passes the copy to the client
Marshall by reference: The server creates a reference of the object ans send this reference to the client
SOA+MW-1.90
CSE333
RemotingRemoting
When a client calls an object marshalled by reference of the object in the client’s application domain and the
client uses that proxy to access that original object on the server
SOA+MW-1.91
CSE333
RemotingRemoting
When a client calls an object marshaled by value the server creates and When a client calls an object marshaled by value the server creates and exact copy and sends that copy to the client. The client then uses exact copy and sends that copy to the client. The client then uses
the data of the object and executes the required functionality the data of the object and executes the required functionality directly within the client’s own process without making any directly within the client’s own process without making any
additional calls to the serveradditional calls to the server
SOA+MW-1.92
CSE333
Web Services ASP.NETWeb Services ASP.NET Communication based on open protocolsCommunication based on open protocols - Data- Data XMLXML -Schema -Schema XSDXSD UDDIUDDI DISCODISCO WSDLWSDL SOAPSOAP SecuritySecurity
SOA+MW-1.94
CSE333
Security in Middleware - MotivationSecurity in Middleware - Motivation Distributed Computing Applications are Constructed Distributed Computing Applications are Constructed
From Legacy, COTS, Database, and Client/Server From Legacy, COTS, Database, and Client/Server Applications Applications
Solutions Facilitate the Interoperation of Applications Solutions Facilitate the Interoperation of Applications in a Network Centric Environment in a Network Centric Environment
CORBA, DCOM/OLE, J2EE/EJB, JINI, and .NET CORBA, DCOM/OLE, J2EE/EJB, JINI, and .NET have Enabled the Parallel and Distributed Processing have Enabled the Parallel and Distributed Processing of Large, Computation-intensive Applications of Large, Computation-intensive Applications
Security has Historically Often Been an AfterthoughtSecurity has Historically Often Been an Afterthought Dramatic Turnaround in Support of Security within Dramatic Turnaround in Support of Security within
these Modern Middleware Platforms these Modern Middleware Platforms
Thanks to Keith Bessette… Thanks to Keith Bessette…
SOA+MW-1.95
CSE333
OverviewOverview Focus on the Attainment of Security withinFocus on the Attainment of Security within
CORBA .NET J2EE
Represent Three Dominant Middlware PlatformsRepresent Three Dominant Middlware Platforms Emphasis on Exploring the RBAC/MAC Capabilities Emphasis on Exploring the RBAC/MAC Capabilities
of Eachof Each What Can Each Offer in Support of Security? How do the Different Technologies Compare?
Later - Focus on Using Middlware (e.g., CORBA, Later - Focus on Using Middlware (e.g., CORBA, JINI) to Attain MAC/RBAC for Distributed SettingJINI) to Attain MAC/RBAC for Distributed Setting
SOA+MW-1.96
CSE333
Security in CORBA, .NET, and J2EESecurity in CORBA, .NET, and J2EE The CORBA Security Specification is a Meta-model,The CORBA Security Specification is a Meta-model,
Similar in Concept to the UML Meta-model with Implementations (e.g., Together, Rational, etc.)
Offers Wide Variety of Security Capabilities at the Model Level - RBAC, MAC, Encryption, Etc.
Language Independent (Not Tied to Java, C++, .NET, Etc.)
In Contrast, .NET and J2EE are Commercial ProductsIn Contrast, .NET and J2EE are Commercial Products Characterizable as Implementations or Instances
of the CORBA Security Meta-model Transition Concepts into Platform Specific
Implementations
SOA+MW-1.97
CSE333
CORBA Security Capabilities CORBA Security Capabilities The CORBA Security Service Specification Focuses The CORBA Security Service Specification Focuses
on Four Keys Aspects of Security on Four Keys Aspects of Security Confidentiality: Confidentiality:
Concerned with Access to Information Limit Access to Those Individuals (Programs)
That Have Been Given Explicit Permission Integrity: Integrity:
Only Authorized Users are Allowed to Modify Information
Delegation of this Authorization Between Users is Tightly Controlled
SOA+MW-1.98
CSE333
CORBA Security CapabilitiesCORBA Security Capabilities Accountability: Accountability:
Users Must be Responsible for All of their Actions Security Mechanisms Must be able to Monitor and
Track the Accountability Availability: Availability:
If Users have Been Appropriately Authorized, then their Authorizations Require the System's Availability
SOA+MW-1.99
CSE333
CORBA Security CapabilitiesCORBA Security Capabilities Collectively, These Four Features Underlie the Collectively, These Four Features Underlie the
Security Offered in the Meta Model forSecurity Offered in the Meta Model for Identification and Authentication of Users Authorization and Access Control of Users to
Objects Security Auditing for Accountability Security of Communication Between Users and
Objects Non-repudiation to Provide Proof of Access Administration of All of the Security
Requirements
SOA+MW-1.100
CSE333
The CORBA Security Model The CORBA Security Model The Structural Model of CORBA is Comprised of The Structural Model of CORBA is Comprised of
Different Levels used to Facilitate Secure Object Different Levels used to Facilitate Secure Object Invocation by Clients Invocation by Clients
Application Components: Client Request Services and Application Components: Client Request Services and a Target Object Providing Servicesa Target Object Providing Services
ORB Security Services: ORB Security Services: Access Control Service - If the Operation Being
Requested Is Permitted Secure Invocation Service - Protect the Target
Object in Its Interactions With the Client
Implementation of Security Services: Implementation of Security Services: Available in actual CORBA Implementations Platform Specific, must Interact with Security
supported by OS and Hardware
SOA+MW-1.102
CSE333
Access Control in CORBA Access Control in CORBA Must Verify the Characteristics of a Subject's Must Verify the Characteristics of a Subject's
Permissions (via Permissions (via Privilege AttributesPrivilege Attributes) Against the ) Against the Target Objects Target Objects
Target Objects Are Managed via Target Objects Are Managed via Control AttributesControl Attributes (Grouped As (Grouped As DomainsDomains) and Operations (Grouped as ) and Operations (Grouped as RightsRights))
Combination of Privilege Attributes, Control Combination of Privilege Attributes, Control Attributes, and Domains Provides Attributes, and Domains Provides Means to Define Security Requirements Basis for Enforcing Those Requirements by
Actual Clients Against Target Objects
SOA+MW-1.103
CSE333
Access Control in CORBAAccess Control in CORBA Privilege Attributes are Associated with the Client, Privilege Attributes are Associated with the Client,
Referred to as the Referred to as the PrincipalPrincipal Privilege Attributes are Used to Capture All of the Privilege Attributes are Used to Capture All of the
Various Security Permissions for Access ControlVarious Security Permissions for Access Control Security Permissions: Security Permissions:
Identity (e.g., User Id) of the Principal Role(s) of the Principal Group(s) That the Principal Belongs to in the
Organization Security Clearance (e.g., Secret, Classified, Etc.)
Of the Principal Target Objects and Operations to Which the
Principal Has Been Granted Access, and Any Other Enterprise-wide Privileges.
SOA+MW-1.104
CSE333
Access Control in CORBAAccess Control in CORBA Control Attributes are Associated with Each Target Control Attributes are Associated with Each Target
Object, to Track the Security Privileges from an Object, to Track the Security Privileges from an Object's Perspective Object's Perspective
Control Attributes can also Track Security Control Attributes can also Track Security Information on the Target Object ItselfInformation on the Target Object Itself
Control Attributes Track All of the Principals on a Control Attributes Track All of the Principals on a Target-Object-by-Target-Object BasisTarget-Object-by-Target-Object Basis List of all Principles for an Object
Privilege Attributes Focus on Capabilities of Privilege Attributes Focus on Capabilities of Individual Principals Individual Principals
SOA+MW-1.105
CSE333
Access Control in CORBAAccess Control in CORBA Rights of a Target Object are the Set of Operations Rights of a Target Object are the Set of Operations
That Are Available for Assignment to Each PrincipalThat Are Available for Assignment to Each Principal Examples: Examples:
An Access Control List Entry for Each Target Object would Track the List of Principals Who Have Been Authorized the Role(s) of the Principal
A Target Object Itself Might have a Security Classification (e.g., Secret,
Classified, etc.) May Be Limited in Access to Certain Time Periods
SOA+MW-1.106
CSE333
Access Control in CORBAAccess Control in CORBA To Assist in the Security Definition Process of To Assist in the Security Definition Process of
Principles and Objects for an Organization, Domains Principles and Objects for an Organization, Domains can be Utilizedcan be Utilized
Domain: Provides a Context to Define Common Domain: Provides a Context to Define Common Characteristics and Capabilities Related to Security Characteristics and Capabilities Related to Security
Security Policy Domain Represents the Scope Over Security Policy Domain Represents the Scope Over Which Each Security Policy is Enforced Which Each Security Policy is Enforced An Organization May Have Multiple Policies
Security Policy Domain Permits the Definition of Security Policy Domain Permits the Definition of Security Requirements for a Group of Target Objects Security Requirements for a Group of Target Objects Group Can Be Managed As a Whole, Thereby
Reducing the Needed Administrative Effort
SOA+MW-1.107
CSE333
Access Control in CORBAAccess Control in CORBA Policy Domain Hierarchies: Policy Domain Hierarchies:
Allows a Security Administrator to Design a Hierarchy of Policy Domains
Delegate Subsets of the Hierarchy (Sub-domain) to Different Individuals
Example: a Health Care OrganizationExample: a Health Care Organization Sub-domains for Patient Objects, Test-result
Objects, Employee Objects, Etc. Security for These Sub-domains Delegated to
Different People in Hospital Administration
SOA+MW-1.108
CSE333
CORBA Security User Views CORBA Security User Views Views to Provide a Hierarchical Structure of the Views to Provide a Hierarchical Structure of the
Security Requirements for an OrganizationSecurity Requirements for an Organization Enterprise Management View Enterprise Management View
Organization-wide Perspective on the Treatment of Security Requirements
Risk Assessment, Protection Against Malicious & Inadvertent Security Breaches, Countermeasures
End Result Will Be the Definition of Security Policies, As Appropriate, for Different Portions of an Organization
End User View End User View Involves the Privilege Attributes (E.G., User Id,
Role, Clearance, Etc.) Focus on the Privileges That Are Authorized, and
Action Authentications of Users
SOA+MW-1.109
CSE333
CORBA Security ViewsCORBA Security Views Application Developer View Application Developer View
Security Definitions Maybe Transparent to the Majority of Stakeholders (Programmers, Developers, Etc.)
Security May Be the Strict Responsibility of All Stakeholders (Programmers, Developers, Etc.)
Administrator’s View Administrator’s View Security Management Perspective Creating and Maintaining the Domains Assigning the Privilege Attributes to End Users, Administrating the Security Policies, Monitoring
the Control Attributes of Target Objects, Etc.
SOA+MW-1.110
CSE333
CORBA Security Execution Model CORBA Security Execution Model Client Makes a Request to Access the Target Object. Client Makes a Request to Access the Target Object. Must Obtain a Binding to the Target ObjectMust Obtain a Binding to the Target Object
Requires a Check to See If the Client Has the Permissions (Via the Privilege Attributes) to Invoke an Operation on the Target Object (Via the Control Attributes)
The Binding is Established, and a Reference to the The Binding is Established, and a Reference to the Target Object is Returned, Allowing the InvocationTarget Object is Returned, Allowing the Invocation
The Ability to Obtain an Object Reference May The Ability to Obtain an Object Reference May Involve Interaction with a Policy Object and the Involve Interaction with a Policy Object and the Domain ManagerDomain Manager
SOA+MW-1.113
CSE333
CORBA: Security ConsiderationsCORBA: Security Considerations Threat to CORBA SystemThreat to CORBA System
Authorized user gaining access to data that should be hidden from him
User masquerading as someone else; so that actions are attributed to the wrong person
Security controls being by-passed Eaves-dropping on communication line – gaining
access to confidential data Tampering with objects Lack of accountability
SOA+MW-1.114
CSE333
CORBA: Security ConsiderationsCORBA: Security Considerations Security Reference Model (SRM)Security Reference Model (SRM) Security Specification is meta-modelSecurity Specification is meta-model
Specification that is comprehensive (MAC, Encryption)
Language Independent (C++, Java….)
SOA+MW-1.115
CSE333
CORBA: SecurityCORBA: Security
APIAPI Which implements
abstraction defined in the reference model
Security TechnologySecurity Technology Constitutes
mechanisms like encryption, validation
Encapsulated within IDL modules:
Security: basic interface and datatypes
SecurityLevel1: most basic, providessecurity feature to all app.
SecurityLevel2: permits access tocredentials & policies
SecurityAdmin: permits manipulationof administrative features
SOA+MW-1.116
CSE333
CORBA: Security SpecificationsCORBA: Security Specifications
4 key aspects of security4 key aspects of security Confidentiality
Authenticate – use principal authentication Object
Integrity Prevents undetected,
unauthorized modification of messages
Detects message addition, deletion or change of order
Accountability Availability
UserSponsor
ClientApplication
ORB Core
Security Service
Security Technology
UserSponsor
ClientApplication
PrincipalAuthenticator
Object
CredentialsObject
SecurityCurrentObject
ORB
SOA+MW-1.117
CSE333
CORBA: Security SpecificationsCORBA: Security Specifications
Security Conformance LevelSecurity Conformance Level Applications unaware Applications aware
Policy controlling Policy enforcing
UserSponsor
ClientApplication
ORB Core
Security Service
Security Technology
UserSponsor
ClientApplication
PrincipalAuthenticator
Object
CredentialsObject
SecurityCurrentObject
ORB
SOA+MW-1.118
CSE333
CORBA: SecurityCORBA: Security
Client Application
(Message Sender)
ORB
Security Enforcement Subsystem
Execution Context
Credential
Identity
Privileges
Message
Policy Enforcement Code
Target Object
Domain
Domain Policy
SOA+MW-1.119
CSE333
CORBA: UnderstandingCORBA: Understanding Will run on any platform as long as ORB implementation Will run on any platform as long as ORB implementation
exist.exist. Provides extensibility, but is difficultProvides extensibility, but is difficult Does not provide cross-language inheritance and Does not provide cross-language inheritance and
exception capabilitiesexception capabilities Responsibility of locating an object implementation is on Responsibility of locating an object implementation is on
ORBORB Parameters between client and remote objects: interface Parameters between client and remote objects: interface
types are passed by reference; others by valuetypes are passed by reference; others by value
SOA+MW-1.120
CSE333
CORBA: UnderstandingCORBA: Understanding Does not attempt to perform general-purpose distributed Does not attempt to perform general-purpose distributed
garbage collectiongarbage collection Exception handling is taken care by the Exception objectException handling is taken care by the Exception object Provides location independenceProvides location independence
SOA+MW-1.121
CSE333
Microsoft’s .NETMicrosoft’s .NET .NET is Microsoft’s Solution to Enterprise .NET is Microsoft’s Solution to Enterprise
Computing and InteroperabilityComputing and Interoperability Aimed to Compete with Java/J2EEAimed to Compete with Java/J2EE Interoperability with Old (CORBA, COM) and New Interoperability with Old (CORBA, COM) and New
(RMI)(RMI) Provide Uniform Programming EnvironmentProvide Uniform Programming Environment Extension of C - C#Extension of C - C# We’ll Briefly Compare/Contrast/Introduce .NETWe’ll Briefly Compare/Contrast/Introduce .NET
SOA+MW-1.122
CSE333
Security in .NET/JavaSecurity in .NET/Java Secure Development and Execution Environments via Secure Development and Execution Environments via
a Number of Different Capabilities: a Number of Different Capabilities: Code-Based Access Control - CBAC: Permission
for Code to Access Resources Role-Based Access Control - RBAC: Permission
for Users/roles to Access Resources Code Verification and Execution: Semantics,
Bytecode, Safe Execution Environment Secure Communication: Pass Data/messages
Securely Code and Data Integrity: No Unauthorized Code
Modification, Cryptography Our Objective - Explore their Attainment in .NETOur Objective - Explore their Attainment in .NET Apply Similar Framework to J2EE for ComparisonApply Similar Framework to J2EE for Comparison
SOA+MW-1.123
CSE333
.NET Security Capabilities.NET Security Capabilities Important Initial DefinitionsImportant Initial Definitions
Assembly: Refers to Compiler Generated Code, Specifically, Microsoft Intermediate Language (MSIL)
Evidence: Refers to the “Proof” that is Supplied Regarding Identity
Permissions: Refers to a Privilege that is Given to Perform an Operation on a Resource In the Case of an Assembly, the Permission Set for All
Allowable Privileges on All Required Resources We’ll Revisit in Later Slides in more DetailWe’ll Revisit in Later Slides in more Detail
SOA+MW-1.124
CSE333
.NET Security Execution Model.NET Security Execution Model Three Components:Three Components:
Hosting Environment is Attempting to Execute an Application Must Provide Both the Code (Via Assembly) and Its
Identity (Via Evidence) in Its Interactions With CLR Common Language Runtime (CLR) Provides a
Secure Execution Environment Through Managed Code and Code Access Security
CLR Contains the Security System That Realizes Policy Files Comprised of Rules Defined by a Security Administrator (Security Setting) The Rules Allow Permission Sets to Different Types of
Code or Users Based on Evidence
SOA+MW-1.126
CSE333
C# vs. Java - Differences/SimilaritiesC# vs. Java - Differences/Similarities Class HierarchiesClass Hierarchies
Both have Single Rooted Class Hierarchies System.Object and Java.Lang.Object
Both Classes have Methods Sharing Some Similarities and Difference
Execution EnvironmentExecution Environment JAVA Compiled to Bytecodes
Interpreted or Natively Compiled and Run in Managed Execution Environment JVM
C# Code Gets Compiled to MSIL (Microsoft Intermediate Language) which Runs in CLR C# Code is Never Interpreted, it is Always Natively
Compiled C#’s MSIL is More Type Neutral
SOA+MW-1.127
CSE333 (Continued)
C# access modifier Java access modifier
Private Private
Public public
Internal protected
protected N/A
internal protected N/A
C# vs. Java - Differences/SimilaritiesC# vs. Java - Differences/Similarities Access ModifiersAccess Modifiers
Serialization and DocumentationSerialization and Documentation C# supports XML format as well as binary format
for serialization while Java only supports binary format by default.
JAVA uses Javadoc while C# uses XML for documentation
SOA+MW-1.128
CSE333
.NET Security Capabilities.NET Security Capabilities Code-based Access Control - CBAC: Code-based Access Control - CBAC:
Giving Permissions at the Code Level to Access Resources
Based on the Application Domain That the Code is Assigned to (Information in Evidences)
Role-based Access Control - RBAC: Role-based Access Control - RBAC: Giving Permissions to a User to Access Resources
Based on the User’s Role in the System Secure Code Verification & Execution: Secure Code Verification & Execution:
Similar in Concept to Bytecode Verification in Java, MSIL in .NET
Insures That the Executing Code is Staying Within Its Allowed Domain
SOA+MW-1.129
CSE333
.NET Security Capabilities.NET Security Capabilities Secure Communication Secure Communication
Provides the Ability to Pass Data and Messages Locally or Remotely in a Secure Manner
Avoids Both Intentional and Inadvertent Data/message Modification
Secure Code and Data Protection: Secure Code and Data Protection: Insures That Code Hasn’t Been Modified Without
Authorization Utilizes Cryptographic Solutions and Signed
Distribution Files
SOA+MW-1.130
CSE333
.NET .NET Code-Based Access Control Code-Based Access Control The Determination of What a Piece of Code is The Determination of What a Piece of Code is
Allowed to Do is Decided by the Origins and Allowed to Do is Decided by the Origins and Intentions of the Code ItselfIntentions of the Code Itself
Can Be Decomposed Into Evidence Based Security, Can Be Decomposed Into Evidence Based Security, Permissions, and a Security PolicyPermissions, and a Security Policy
During Execution, the CLR During Execution, the CLR Reviews Evidence of an Assembly Determines an Identity for the Assembly Looks up and Grants Permissions Based on the
Security Policy for That Assembly Identity
SOA+MW-1.131
CSE333
.NET CBAC .NET CBAC Evidence Based Security Evidence Based Security Used by the CLR to Determine the Origin(s) of an Used by the CLR to Determine the Origin(s) of an
AssemblyAssembly At Runtime the CLR At Runtime the CLR
Examines the Meta-data of an Assembly to Determine the Origin of the Code
Determine the Creator of the Assembly Determine the URL and Zone That the Assembly
Came From A Zone Represents the Domain That the Assembly Is A Zone Represents the Domain That the Assembly Is
From, E.G., Internet, LAN, Local Machine, Etc. From, E.G., Internet, LAN, Local Machine, Etc. The Association of the Meta-data and Its The Association of the Meta-data and Its
Corresponding Assembly Is Verified by the CLR Corresponding Assembly Is Verified by the CLR
SOA+MW-1.132
CSE333
.NET CBAC .NET CBAC PermissionsPermissions An Assembly will Request Permissions to ExecuteAn Assembly will Request Permissions to Execute Requests are Answered at Runtime by the CLR, Requests are Answered at Runtime by the CLR,
Assuming that the Assembly Has Provided Evidence Assuming that the Assembly Has Provided Evidence Partially Denied Requests; the CLR Dynamically Partially Denied Requests; the CLR Dynamically
Assigning the Assembly a Lower-level Permission Assigning the Assembly a Lower-level Permission Than Requested Than Requested
Permissions are Grouped Into Sets Where Each Set Permissions are Grouped Into Sets Where Each Set Has the Same Level of Security and Trust Has the Same Level of Security and Trust
Example: Example: An Assembly that has Originated From the
Internet Zone May Be Granted an Internet Permission Set that Pertains to the Execution of Un-trusted Code, Allowing the Behavior of Non-local Code to Be Tightly Controlled
SOA+MW-1.133
CSE333
.NET CBAC Security Policies (SPs).NET CBAC Security Policies (SPs) The Grouping of Assemblies Establishes Different The Grouping of Assemblies Establishes Different
Security Policies for Different Code GroupingsSecurity Policies for Different Code Groupings Security Policy Groups Are Hierarchically Security Policy Groups Are Hierarchically
Categorized Based on the Identity That the CLR Categorized Based on the Identity That the CLR Determines From the Evidence in the Meta-dataDetermines From the Evidence in the Meta-data
An Actual Security Policy can be Specified As An Actual Security Policy can be Specified As Permissions for All Assemblies in a GroupPermissions for All Assemblies in a Group
This is Accomplished Using Security Policy Files to This is Accomplished Using Security Policy Files to Capture Security RequirementsCapture Security Requirements
A Policy File May Limit the Permissions of Another A Policy File May Limit the Permissions of Another Policy File, but Can’t Entirely Restrict ItPolicy File, but Can’t Entirely Restrict It
SOA+MW-1.134
CSE333
.NET CBAC Security Policies.NET CBAC Security Policies SP is Set by an Admin to Make Permission Decisions SP is Set by an Admin to Make Permission Decisions
for Assemblies and Domainsfor Assemblies and Domains Three Policies: Total Enterprise, Machine Executing Three Policies: Total Enterprise, Machine Executing
Code, Requesting UserCode, Requesting User Any Policy File May Partially Restrict Permissions of Any Policy File May Partially Restrict Permissions of
Another Policy FileAnother Policy File SP Groups Code into Hierarchical Categories Based SP Groups Code into Hierarchical Categories Based
on Identity Determined by the CLRon Identity Determined by the CLR SP Determines Permissions for Assembly After Code SP Determines Permissions for Assembly After Code
is Grouped and Categorizedis Grouped and Categorized
SOA+MW-1.135
CSE333
.NET Role-Based Access Control.NET Role-Based Access Control A Role Represents a Logical Grouping of Users (e.g., A Role Represents a Logical Grouping of Users (e.g.,
in a Health Care Application: Physician, Nurse)in a Health Care Application: Physician, Nurse) .NET Uses Role-based Security to Authenticate an .NET Uses Role-based Security to Authenticate an
Identity and to Pass on That Identity to Resources Identity and to Pass on That Identity to Resources Resources Authorize the Users Playing Roles Access Resources Authorize the Users Playing Roles Access
According to Policies and PermissionsAccording to Policies and Permissions Principal Defines a Role Membership, and the Principal Defines a Role Membership, and the
Permissions of Role-based Security are Managed by Permissions of Role-based Security are Managed by the Principalpermission Object the Principalpermission Object
Windows Authentication, Passport Authentication, Windows Authentication, Passport Authentication, IIS Authentication, Impersonation AuthenticationIIS Authentication, Impersonation Authentication
SOA+MW-1.136
CSE333
.NET .NET Secure Code Verification/Execution Secure Code Verification/Execution Security Checks Verified During the Code Execution: Security Checks Verified During the Code Execution:
Stack Integrity, Bytecode Structure, Accessibility Buffer Overflows, Semantics
‘‘Java Sandbox’ of .NET is Called the Application Java Sandbox’ of .NET is Called the Application DomainDomain
Multiple Assemblies May Be Loaded into the Same Multiple Assemblies May Be Loaded into the Same Application DomainApplication Domain
No Way for an Object to Directly Reference Another No Way for an Object to Directly Reference Another Object in a Different Application Domain Object in a Different Application Domain
All of the Security Checks to Verify Code are Done All of the Security Checks to Verify Code are Done on Managed Code in a the CLRon Managed Code in a the CLR
SOA+MW-1.137
CSE333
.NET Secure Communication.NET Secure Communication Transmission and Communication of Sensitive Data Transmission and Communication of Sensitive Data
Across Systems Must Be Securely Accomplished Across Systems Must Be Securely Accomplished Secure Communications Occurs at the Application Secure Communications Occurs at the Application
Level Via SSL and Transport Layer Security (TLS) Level Via SSL and Transport Layer Security (TLS) .NET Applications Can Use the Windows SSPI, but .NET Applications Can Use the Windows SSPI, but
Only As Unmanaged Code With Managed WrappersOnly As Unmanaged Code With Managed Wrappers .NET Promotes the Exclusive Use of IIS.NET Promotes the Exclusive Use of IIS
IIS Supports SSL and TLS But IIS has an Extensive History of Security
Flaws
SOA+MW-1.138
CSE333
.NET Secure Code and Data Protection.NET Secure Code and Data Protection Any Code/data Loaded by the System Must Supply Any Code/data Loaded by the System Must Supply
Evidence of Its Source, Version Signature Proof That There Hasn’t Been Any Unauthorized
Modification .NET Uses Strong-named Assemblies That Include .NET Uses Strong-named Assemblies That Include
the Assembly Name and Version Information the Assembly Name and Version Information Assemblies Are Signed With an RSA Keypair Assemblies Are Signed With an RSA Keypair
Nullifying the Chance of Unauthorized ModificationNullifying the Chance of Unauthorized Modification Version Information is Included in Order to Avoid Version Information is Included in Order to Avoid
DLL Conflicts During ExecutionDLL Conflicts During Execution .Net’s Encryption Functionality is Tied to the .Net’s Encryption Functionality is Tied to the
Windows Cryptographic APIWindows Cryptographic API
SOA+MW-1.139
CSE333
J2EE Security Capabilities J2EE Security Capabilities Platform Independent Java Bytecode That Is Able to Platform Independent Java Bytecode That Is Able to
Execute Either Locally or RemotelyExecute Either Locally or Remotely Bytecode Execution Process Involves a Number of Bytecode Execution Process Involves a Number of
Different Components: Different Components: The Class Loader (With Bytecode Verifier) Java Class Libraries (Apis) Java Virtual Machine (JVM) Which Interacts With
the OS All Three Provide a Secure Runtime Environment All Three Provide a Secure Runtime Environment The Security Manager and Access Controller The Security Manager and Access Controller
Examine and Implement the Security PolicyExamine and Implement the Security Policy
SOA+MW-1.141
CSE333
J2EE Code-Based Access ControlJ2EE Code-Based Access Control CBAC Implemented Through the JVM, Class Loader, CBAC Implemented Through the JVM, Class Loader,
and the Security Manager and Access Controller.and the Security Manager and Access Controller. The Hierarchy of the Class Loader Prevents The Hierarchy of the Class Loader Prevents
Unauthorized and Untrusted Code From Replacing Unauthorized and Untrusted Code From Replacing Any Code in the Base ClassesAny Code in the Base Classes
Multiple Class Loaders Are Permitted, Each With Its Multiple Class Loaders Are Permitted, Each With Its Own Namespace, Are Simultaneously Active.Own Namespace, Are Simultaneously Active.
Namespaces Allow the JVM to Group Classes Based Namespaces Allow the JVM to Group Classes Based on Where They Originated (Local, Remote)on Where They Originated (Local, Remote)
Namespaces Insure an Application Can’t Affect the Namespaces Insure an Application Can’t Affect the Rest of the Runtime EnvironmentRest of the Runtime Environment
Bytecode Verifier: All Untrusted Code Is Verified Bytecode Verifier: All Untrusted Code Is Verified Before Permitting Execution Within a Namespace Before Permitting Execution Within a Namespace
SOA+MW-1.142
CSE333
J2EE CBAC: The Security ManagerJ2EE CBAC: The Security Manager The Security Manager Enforces the Boundaries The Security Manager Enforces the Boundaries
Around the Sandbox by Implementing and Imposing Around the Sandbox by Implementing and Imposing the Security Policy for Applicationsthe Security Policy for Applications
All Classes Must Ask the Security Manager for All Classes Must Ask the Security Manager for Permission to Perform Certain OperationsPermission to Perform Certain Operations
By Default, an Application Has No Security Manager, By Default, an Application Has No Security Manager, So All Operations Are AllowedSo All Operations Are Allowed
Java Only Has Two Security Policy Levels, One for Java Only Has Two Security Policy Levels, One for the Executing Machine, and One for the Userthe Executing Machine, and One for the User
Each Level Can Expand or Restrict All of the Each Level Can Expand or Restrict All of the Permissions of Another LevelPermissions of Another Level
There Can Be Multiple Policy Files at Each LevelThere Can Be Multiple Policy Files at Each Level
SOA+MW-1.143
CSE333
J2EE CBAC PermissionsJ2EE CBAC Permissions Permissions Are Determined by the Security Policy at Permissions Are Determined by the Security Policy at
RuntimeRuntime Granted by the Security Policy Based on Evidence, a Granted by the Security Policy Based on Evidence, a
Publisher Signature and Location Origin Publisher Signature and Location Origin Permissions Are Also Grouped Into Protection Permissions Are Also Grouped Into Protection
Domains (Similar to Security Policy Domains in Domains (Similar to Security Policy Domains in CORBA and to Security Policy Files in .NET)CORBA and to Security Policy Files in .NET)
Permissions Are Associated With Groups of Classes Permissions Are Associated With Groups of Classes in Java, and Classes Are Grouped by Their Originsin Java, and Classes Are Grouped by Their Origins
CBAC Isn’t Automatic in J2EE, but Requires CBAC Isn’t Automatic in J2EE, but Requires Programmatic Effort by the Software Engineer Programmatic Effort by the Software Engineer
SOA+MW-1.144
CSE333
J2EE Role-Based Access ControlJ2EE Role-Based Access Control J2EE Uses the Java Authentication and Authorization J2EE Uses the Java Authentication and Authorization
Service (JAAS) Service (JAAS) JAAS: an Integrated Package That Implements a Java JAAS: an Integrated Package That Implements a Java
Version of the Pluggable Authentication Module Version of the Pluggable Authentication Module (PAM) Framework(PAM) Framework
Using JAAS, Software Engineers Are Allowed to Using JAAS, Software Engineers Are Allowed to Modify and Then Plug-in Domain/application Modify and Then Plug-in Domain/application Specific Authentication ModulesSpecific Authentication Modules
JAAS Currently Supports Authentication Methods JAAS Currently Supports Authentication Methods Including Unix, JNDI, and KerberosIncluding Unix, JNDI, and Kerberos
SOA+MW-1.145
CSE333
J2EE Secure Code Verification/ExecutionJ2EE Secure Code Verification/Execution J2EE Security Checks Are Performed During the J2EE Security Checks Are Performed During the
Code Execution Process, and Have Their Roots in the Code Execution Process, and Have Their Roots in the JVM and JRE.JVM and JRE.
Java Interprets Compiled Bytecodes Java Interprets Compiled Bytecodes A Bytecode Verifier Traverse the Bytecodes Before It A Bytecode Verifier Traverse the Bytecodes Before It
Goes to the Just-in-time (JIT) Compiler or JVM.Goes to the Just-in-time (JIT) Compiler or JVM. Java's ‘Sandbox’ Protected Domains, Are Similar to Java's ‘Sandbox’ Protected Domains, Are Similar to
Application Domains in .NETApplication Domains in .NET Protected Domains Constitute an Extension of the Protected Domains Constitute an Extension of the
Sandbox, Determining the Domain and Scope in Sandbox, Determining the Domain and Scope in Which an Application Can Execute Which an Application Can Execute
SOA+MW-1.146
CSE333
J2EE Secure Code Verification/ExecutionJ2EE Secure Code Verification/Execution Two Different Protected Domains Can Interact Two Different Protected Domains Can Interact
Through Trusted Code Explicit Consent of Both Parties (Remotely
Possible in .NET) An Object Can Access Another Object in Another An Object Can Access Another Object in Another
Protection Domain Protection Domain As Long As They Were Both Loaded From the
Same Class Loader This Is Due to the Hierarchical Class Loader
Structure
SOA+MW-1.147
CSE333
J2EE Secure CommunicationJ2EE Secure Communication Like .NET, J2EE Supports Secure Sockets Layer Like .NET, J2EE Supports Secure Sockets Layer
(SSL) and Transport Layer Security (TLS)(SSL) and Transport Layer Security (TLS) Java Provides Java Secure Sockets Extensions (JSSE) Java Provides Java Secure Sockets Extensions (JSSE)
for Implementing Secure Communicationsfor Implementing Secure Communications JSSE Is a Configurable and Flexible Solution That JSSE Is a Configurable and Flexible Solution That
Uses SSL and TLS to Create a Secure Connection Uses SSL and TLS to Create a Secure Connection Using Sockets (Sslsocketfactory)Using Sockets (Sslsocketfactory)
The Secure Connection Can Be Used for Remote The Secure Connection Can Be Used for Remote Method Invocations (RMI)Method Invocations (RMI)
SOA+MW-1.148
CSE333
J2EE Secure Code and Data ProtectionJ2EE Secure Code and Data Protection J2EE Provides Java Cryptography Extensions (JCE) J2EE Provides Java Cryptography Extensions (JCE)
and Java Cryptography Architecture (JCA) and Java Cryptography Architecture (JCA) Java Provides the Functionality of a Message Digest Java Provides the Functionality of a Message Digest
Algorithm for Use of Digital SignaturesAlgorithm for Use of Digital Signatures A Supplier Bundles Java Code Into a JAR (Java A Supplier Bundles Java Code Into a JAR (Java
Archive), Signing the File With a Digital SignatureArchive), Signing the File With a Digital Signature The JAR is Released As a Version, and the Client Can The JAR is Released As a Version, and the Client Can
Verify the Authenticity of the Supplier by Verifying Verify the Authenticity of the Supplier by Verifying the Signaturethe Signature
An Unsigned Class May Be Added to a JAR File, but An Unsigned Class May Be Added to a JAR File, but Not to a Package Within a JAR FileNot to a Package Within a JAR File
SOA+MW-1.149
CSE333
Java CBAC vs. .NET CBACJava CBAC vs. .NET CBAC Permissions Are Grouped Into Protection Domains Permissions Are Grouped Into Protection Domains
and Associated W/ Groups of Classesand Associated W/ Groups of Classes Permissions Are Grouped Into Sets and Associated Permissions Are Grouped Into Sets and Associated
with Code Groupswith Code Groups Classes Are Grouped by Their Origin Like Code Is Classes Are Grouped by Their Origin Like Code Is
Categorized by Assembly’s ZoneCategorized by Assembly’s Zone No Security Manager by Default in JavaNo Security Manager by Default in Java J2EE Has 2 Security Policy Types: J2EE Has 2 Security Policy Types:
Executing Machine & Requesting User .NET Provides a Lot of Standard Permissions.NET Provides a Lot of Standard Permissions Stronger Credentials Needed for Permissions in .NET Stronger Credentials Needed for Permissions in .NET
(Evidence)(Evidence) SP Files Are More Configurable in Java, but Doesn’t SP Files Are More Configurable in Java, but Doesn’t
Help W/o All Perm SetsHelp W/o All Perm Sets
SOA+MW-1.150
CSE333
J2EE RBAC vs. .NET RBACJ2EE RBAC vs. .NET RBAC .Net Supports Both Imperative and Declarative Role .Net Supports Both Imperative and Declarative Role
Permission CheckingPermission Checking Java Servlets Provide Declarative Checking at the Java Servlets Provide Declarative Checking at the
Servlet LevelServlet Level EJB’s Provide Declarative Checking Down to Method EJB’s Provide Declarative Checking Down to Method
LevelLevel JAAS Provides Imperative Checking Within Method JAAS Provides Imperative Checking Within Method
LevelLevel .Net Flexibility is Limited Severely.Net Flexibility is Limited Severely IIS is Only Supported Server of .Net FrameworkIIS is Only Supported Server of .Net Framework Passport Requires Users to Be Members of Microsoft Passport Requires Users to Be Members of Microsoft
Passport ServicePassport Service
SOA+MW-1.151
CSE333
Code Verification/ExecutionCode Verification/Execution Prevent System Weaknesses Exposure by Application Prevent System Weaknesses Exposure by Application
Errors; Malicious or NotErrors; Malicious or Not .NET and Java Perform Security Checks During Code .NET and Java Perform Security Checks During Code
ExecutionExecution Stack Integrity, Bytecode Structure, Buffer Stack Integrity, Bytecode Structure, Buffer
Overflows, SemanticsOverflows, Semantics Application Domains Have Static Boundaries Application Domains Have Static Boundaries Protection Domains Have Dynamic Boundaries Protection Domains Have Dynamic Boundaries All Security Checks to Verify Code Are Done on All Security Checks to Verify Code Are Done on
Managed CodeManaged Code Both .NET and Java Allow Unmanaged Code to Both .NET and Java Allow Unmanaged Code to
Bypass the CLR and JRE Bypass the CLR and JRE
SOA+MW-1.152
CSE333
Concluding RemarksConcluding Remarks Objective of this Material:Objective of this Material:
Detail Security Requirements for Middleware (CORBA’s Meta Model)
Illustrate the Realization of the Meta-Model (Microsoft’s .NET and Java’s J2EE)
Compare and Contrast .NET and J2EE Touching Only Surface of Capabilities and Touching Only Surface of Capabilities and
FunctionalitiesFunctionalities See Paper on Web Site and Various References for See Paper on Web Site and Various References for
Additional DetailAdditional Detail
SOA+MW-1.153
CSE333
Interoperability via ArchitecturesInteroperability via Architectures Reviewing Simple Architectural VariantsReviewing Simple Architectural Variants
Java Client to Legacy Appl. via RDBS ORB Integration of Java Client and Legacy
Application Java Client with Wrapper to Legacy Appl. One COTS and One Legacy Appl. to Java Clients
Explore Java Based Architectural VariantsExplore Java Based Architectural Variants Two Tier Three Tier Four Tier
Pros/Cons – What to Use When?Pros/Cons – What to Use When?
SOA+MW-1.154
CSE333
Java Client to Legacy App via RDBSJava Client to Legacy App via RDBS
Java ClientJava Client
LegacyLegacyApplicationApplication
Relational Relational DatabaseDatabase
System(RDS)System(RDS)
Transformed Transformed Legacy DataLegacy Data
Updated DataUpdated Data
Extract and Extract and Generate DataGenerate Data
Transform andTransform andStore DataStore Data
SOA+MW-1.155
CSE333
ORB with Java Client & Legacy ApplicationORB with Java Client & Legacy Application
Java ClientJava ClientLegacyLegacy
ApplicationApplication
JavaJavaWrapperWrapper
Object Request Broker (ORB)Object Request Broker (ORB)
CORBA is the Medium of Info. Exchange
Requires Java/CORBA Capabilities
SOA+MW-1.156
CSE333
Wrapped Java Client to Legacy ApplicationWrapped Java Client to Legacy Application
LegacyLegacyApplicationApplication
NetworkNetwork
Java ClientJava Client
Java Application CodeJava Application Code
WRAPPERWRAPPER
Mapping ClassesMapping Classes
JAVA LAYERJAVA LAYER
NATIVE LAYERNATIVE LAYER
Native Functions (C++)Native Functions (C++)RPC Client Stubs (C)RPC Client Stubs (C)
Interactions Between Java ClientInteractions Between Java Clientand Legacy Appl. via C and RPCand Legacy Appl. via C and RPC
C is the Medium of Info. ExchangeC is the Medium of Info. Exchange
Java Client with C++/C WrapperJava Client with C++/C Wrapper
SOA+MW-1.157
CSE333
Two-, Three-, & Four-Tier ArchitecturesTwo-, Three-, & Four-Tier Architectures
From: http://java.sun.com/javaone/javaone98/sessions/T400/index.html
SOA+MW-1.158
CSE333
Wombat SecuritiesWombat Securities Web Access to Brokerage Accounts Web Access to Brokerage Accounts Only HTML Browser Required on Front End Only HTML Browser Required on Front End "Brokerbean" EJB Provides Business Logic "Brokerbean" EJB Provides Business Logic Login, Query, Trade Servlets Call Brokerbean Login, Query, Trade Servlets Call Brokerbean Use JNDI to Find EJBs, RMI to Invoke ThemUse JNDI to Find EJBs, RMI to Invoke Them Order and History Records from Java Blend Product Order and History Records from Java Blend Product Records Mapped to Oracle Tables, JDBC Calls Records Mapped to Oracle Tables, JDBC Calls
SOA+MW-1.160
CSE333
Nocturnal Aviation, Inc.Nocturnal Aviation, Inc. Passenger Check-in for Regional Airline Passenger Check-in for Regional Airline Local Database for Seating on Today's Flights Local Database for Seating on Today's Flights Clients Invoke EJBs at Local Site Through RMI Clients Invoke EJBs at Local Site Through RMI EJBs Update Database and Queue Updates EJBs Update Database and Queue Updates JMS Queues Updates to Legacy System JMS Queues Updates to Legacy System DBC API Used to Access Local Database DBC API Used to Access Local Database JTS Synchs Remote Queue With Local UpdatesJTS Synchs Remote Queue With Local Updates
SOA+MW-1.162
CSE333
Santa Cruz WidgetsSanta Cruz Widgets Small Manufacturer Previously on C++ Small Manufacturer Previously on C++ New Order Entry, Inventory, and Invoicing New Order Entry, Inventory, and Invoicing
Applications in Java Programming Language Applications in Java Programming Language Existing Customer and Order Database Existing Customer and Order Database Most of Business Logic in Stored Procedures Most of Business Logic in Stored Procedures Tool-generated GUI Forms for Java ObjectsTool-generated GUI Forms for Java Objects Located Company on Web Using Widgets and Tcl, Located Company on Web Using Widgets and Tcl,
but Not Widgets and Javabut Not Widgets and Java
SOA+MW-1.164
CSE333
Architecture ComparisonsArchitecture Comparisons Two-tier Through JDBC API: Simplest Two-tier Through JDBC API: Simplest Multi-tier: Separate Business Logic, Protect Database Multi-tier: Separate Business Logic, Protect Database
Integrity, More Scaleable Integrity, More Scaleable JMS Queues Vs Synchronous (RMI or IDL): JMS Queues Vs Synchronous (RMI or IDL):
Availability, Response Time, Decoupling JMS Publish & Subscribe: Off-line Notification RMI JMS Publish & Subscribe: Off-line Notification RMI
IIOP Vs JRMP Vs Java IDL: IIOP Vs JRMP Vs Java IDL: Standard Cross-language Calls or Full Java
Functionality JTS: Distributed Integrity, Lockstep ActionsJTS: Distributed Integrity, Lockstep Actions