1 / 28

Topics Covered

T-110.5140 Network Application Frameworks and XML Summary and Conclusions 22.04.2008 Sasu Tarkoma. Topics Covered. Distributed systems security Multi-addressing: Mobility and multi-homing Building applications Distributed objects Role of directory services Mobile and wireless applications

jrosemary
Télécharger la présentation

Topics Covered

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. T-110.5140 Network Application Frameworks and XML Summary and Conclusions22.04.2008Sasu Tarkoma

  2. Topics Covered • Distributed systems security • Multi-addressing: Mobility and multi-homing • Building applications • Distributed objects • Role of directory services • Mobile and wireless applications • XML-based presentation and RPC • Scalability and performance issues

  3. Objects Interconnections • Interconnections applicable on many levels • Network-level operation • DNS, overlay lookup, IPsec • Application-level operation • DHTs, SSL, SOAP, WS-Security Network Security Directories

  4. Mobility and Routing

  5. Process Transport IP Layer Link Layer Identity/Locator split • New name space for IDs • Maybe based on DNS • Maybe a separate namespace • Maybe IP addresses are used for location • Good for hiding IP versions • Communication end-points (sockets) bound to identifiers identifier ID Layer locator

  6. Upper layer view • IP connectivity problematic today • Broken by firewalls, NATs, mobility • Two versions of IP: IPv4 and IPv6 • HIP has a potential remedy • Restores end-to-end connectivity (NAT traversal possible but may require changes / tunnelling) • Adds opportunistic security • Handles mobility and multi-homing • Requires DHT based overlay (currently missing) • Where is the network state? • Routers know addresses • Like today • DHT knows HITs / SIDs • Lease based storage • Middleboxes know SPIs • Soft state

  7. Lessons to learn • Hierarchical routing likely to stay • Addresses carry topological information • Efficient and well established • Applications face changing connectivity • QoS varies • periods of non-connectivity • Identifiers and locators likely to split • Mobility management is needed • Probably changes in directory services • Overlays have been proposed

  8. Summary • Topology based routing is necessary • Mobility causes address changes • Address changes must be signalled end-to-end • Mobility management needed • Initial rendezvous: maybe a directory service • Double jump problem: rendezvous needed • Many engineering trade-offs

  9. Distributed Hash Tables and Overlays

  10. Overlay Networks • Origin in Peer-to-Peer (P2P) • Builds upon Distributed Hash Tables (DHTs) • Easy to deploy • No changes to routers or TCP/IP stack • Typically on application layer • Overlay properties • Resilience • Fault-tolerance • Scalability

  11. Some DHT applications • File sharing • Web caching • Censor-resistant data storage • Event notification • Naming systems • Query and indexing • Communication primitives • Backup storage • Web archive

  12. Middleware

  13. Examples • Middleware • CORBA • Message-oriented Middleware • Event Systems & tuple spaces • Java Message Service • Java 2 Enterprise Edition (J2EE) • .NET • Mobile middleware • WAE • J2ME • Wireless CORBA • FUEGO

  14. Summary • Middleware • for application development and deployment • for supporting heterogeneous environments • Main communication paradigms: RPC/RMI, asynchronous events (publish/subscribe) • J2EE, CORBA, .. • Mobile middleware • Desktop middleware not usable on small, mobile devices • Special solutions are needed • J2ME, Wireless CORBA, ..

  15. Web Services

  16. Standardization • W3C Web Services • XML Protocol Working Group • SOAP • Web Services Addressing Working Group • Web Services Choreography Working Group • Web Services Description Working Group • WSDL • OASIS • E-business standards, UDDI • WS-I (Web Service Interoperability Org.) • Binding profiles,..

  17. Web Service Architecture • The three major roles in web services • Service provider • Provider of the WS • Service Requestor • Any consumer / client • Service Registry • logically centralized directory of services • A protocol stack is needed to support these roles

  18. Web Services Protocol Stack • Message Transport • Responsible for transporting messages • HTTP, BEEP • XML Messaging • Responsible for encoding messages in common XML format • XML-RPC, SOAP • Service Description • Responsible for describing an interface to a specific web service • WSDL • Service discovery • Responsible for service discovery and search • UDDI

  19. Web Services Security

  20. Need for XML security • XML document can be encrypted using SSL or IPSec • this cannot handle the different parts of the document • documents may be routed hop-by-hop • different entities must process different parts of the document • SSL/TLS/IPSec provide message integrity and privacy only when the message is in transit • We also need to encrypt and authenticate the document in arbitrary sequences and to involve multiple parties

  21. Application-layer Security • Identity-based security • Authentication and authorization information shared across security domains • Content-based security • Protecting against buffer overflow and CGI-like attacks • Must have knowledge about the applications to which these messages are directed • Accountability or non-repudation • Need message level security • Maintain integrity, archived audit trails • The standards and specifications mentioned earlier address these issues

  22. Basic XML Security • XML Digital Signatures (XMLDSIG) • XML Encryption • XML Canonicalization • XML Key Management

  23. Summary • Security contexts • Security needed within and between contexts • XML validation, encryption, and authentication needed between security contexts! • WS security standard revisited • SOAP header carries security information (and other info as well) • Selective processing • SAML • Statements about authorization, authentication, attributes • SAML & WS-Security & XACML • Implementations available

  24. Putting it together

  25. With identity/locator split + overlays? CONTROL Upper layers DNS names, custom identifiers Overlay Overlay addresses Host Identities Congestion ID Layer IP addresses IP addresses End-to-end DATA Routing Routing paths Routing paths

  26. ”Theory” ”Practice” ”Future?” WS Security WS Security WS Security SOAP H I P C TRL SOAP SOAP HTTP?/sockets HTTP/TLS/sockets TCP TCP TCP4 TCP6 HIPsec IP IPv4 IPv6 IPv4 IPv6

  27. Discussion • Interesting things are happening on L7 • Ajax, content delivery, BitTorrent, DHTs, OpenID, mashups, REST, .. • Web services have enabled significant business • Google, Amazon, .. • Based on custom software • Network layer support for applications is not perfect • Channel binding, end-host reachability, trust, DoS • Incremental network evolution vs. clean slate developments • Control points • Interdomain policies and peering

  28. Important Dates • Exam on 9.5. 9-12 in T1. • Deadline for the second assignment 12.5. • Remember course feedback • http://www.cs.hut.fi/Opinnot/Palaute/kurssipalaute.html

More Related