80 likes | 288 Vues
Date : November 17, 2004 Location : TAHI/TEAHA meeting, Henley UK Author : Antonio Kung & Hans Scholten File : SDAL-for-TAHI-v1.ppt * http://www.phill.co.uk/comedy/aybs/index.html. Are you being served?* ("It pays to advertise"). [ SDAL: the TEAHA Secure Service Discovery Abstraction Layer ].
E N D
Date : November 17, 2004Location : TAHI/TEAHA meeting, Henley UK Author : Antonio Kung & Hans ScholtenFile : SDAL-for-TAHI-v1.ppt*http://www.phill.co.uk/comedy/aybs/index.html Are you being served?*("It pays to advertise") [ SDAL: the TEAHA Secure Service Discovery Abstraction Layer ]
Secure Service Discovery ― Objectives • The objective of a service discovery mechanism is to develop a highly dynamic client-service architecture, consisting of • clients able to seek a particular service, and • devices (providing those services) able to announce or advertise their capabilities • Characteristics • Zero configuration requires transparent service discovery • Security parameters initialized during discovery of new devices and services • Security features are embedded in the architecture Nov. 17, Henley - Antonio Kung & Hans Scholten SDAL-for-TAHI-v1.ppt
Two Approaches for Service DiscoveryCentralized (or Hierarchical) Approach • A service is started. Initialization includes the search for a directory service (DS). • After the DS has been found, the service registers itself, so it is known to the rest of the network through a DS query. • A client starts and it searches for a DS. • When the client needs a service, it queries the DS. • If found, the client subscribes to the service. • To be sure the service is still running, the client renews its subscription at regular intervals. TEAHA preferred Nov. 17, Henley - Antonio Kung & Hans Scholten SDAL-for-TAHI-v1.ppt
Two Approaches for Service DiscoveryDecentralized (or Peer-to-Peer) Approach • A service starts. Initialization includes the advertisement, so it is known to the present peers in the network. • A client starts and requests a service. Directly, if it knows the address of the service (through an earlier advertisement). Else it broadcasts the request. • The service answers the client directly. It may accept or reject the client. • If accepted, the client subscribes to the service. • To be sure the service is still running, the client renews its subscription at regular intervals. TEAHA supported Nov. 17, Henley - Antonio Kung & Hans Scholten SDAL-for-TAHI-v1.ppt
Services and appliances Proxies (wrappers) Registry SDAL API Network Abstract Layer Embedded Security SDAL main features: UPnP TEAHAdevices and services UPnP devices and services EHS devices and services Other technologies proxy/wrapper proxy/wrapper proxy/wrapper SDAL Service Discovery Abstract Layer SDAL API SDAL API SDAL API SDAL API SDAL API Network Abstract Layer TEAHAregistry Service Description Abstract Layer { Nov. 17, Henley - Antonio Kung & Hans Scholten SDAL-for-TAHI-v1.ppt
SDAL Secure Primitives • Secure Registry Advertisement • Secure Registry Discovery • Secure Service Advertisement and Registration • Secure P2P Service Discovery and Usage • Secure Service Discovery and Use with Registry Nov. 17, Henley - Antonio Kung & Hans Scholten SDAL-for-TAHI-v1.ppt
Service Query Security Parameter Agreement D1 D2 D1 searches a particular service Search (D1 Identifier, Description, Session Identifier, Data, Security Parameter Ping (optional), D1 Identifier and/or Data Authenticity (optional)) D2 D2 1 2 D2 wants to provide the service Service Requestable (D2 Identifier, Description, Session Identifier, Data, Security Parameter Pong (optional), D2 Identifier and/or Data Authenticity (optional)) 4 3 Optional Confidentiality And/Or Integrity Protection Service Selection And Usage Data Transfer Send/Receive (Session Identifier, Secured (optional) Data) 5 6 6 5 SDAL Secure Primitives Example:Secure P2P Service Discovery and Usage Nov. 17, Henley - Antonio Kung & Hans Scholten SDAL-for-TAHI-v1.ppt