JINI An Authentication and Authorization Architecture for Jini

  • Slides: 10
Download presentation
JINI An Authentication and Authorization Architecture for Jini Services

JINI An Authentication and Authorization Architecture for Jini Services

An ICSI Story • Clients needs services ICSI newcomers need a flat • Services

An ICSI Story • Clients needs services ICSI newcomers need a flat • Services needs clients Landlords want to lease their flats • Marketplace needed Home Finders Bulletin (or ask Diane) • How to find marketplace Yellow Pages

An ICSI Story, Part 2 • Communication marketplace -> Specify preferences -> List of

An ICSI Story, Part 2 • Communication marketplace -> Specify preferences -> List of offerings, + Tel-No. • Client-Server communication -> ICSI newcomer calls a landlord • Problems -> List out of date • Solution -> Landlord must lease entry in list, renewal, otherwise remove from list

= Housing Broker ? ? ? Lookup Service Proxy Proxy Te mp lat e

= Housing Broker ? ? ? Lookup Service Proxy Proxy Te mp lat e Proxy Client Proxy Service

Jini Concepts • • Discovery (Yellow Pages) Lookup (Home Finders Bulletin) Leasing (Leasing of

Jini Concepts • • Discovery (Yellow Pages) Lookup (Home Finders Bulletin) Leasing (Leasing of list entry) Remote Events – ICSI newcomers receives new offers • Transaction – Key exchange at HFB: Key Money

Home Environment • TV service + Storage service = VCR service • lawn sprinkler

Home Environment • TV service + Storage service = VCR service • lawn sprinkler + weather service • defect -> maintenance service -> appointment service • general: leasing appropriate for spontaneous networking • PDA -> conference room -> printer access

Why Security? • Only subscribers should get offers – authentication needed • Different packages

Why Security? • Only subscribers should get offers – authentication needed • Different packages are offered: standard $30, premium $50; restricted access – authorization required • Internet communication insecure: data can be read, altered or replayed – Integrity, Confidentiality required

Secure Communication • Proxies are signed (Integrity + Identity) • All communication is encrypted

Secure Communication • Proxies are signed (Integrity + Identity) • All communication is encrypted using a secret session key (Confidentiality) • Message Authentication Code (Integrity) • Transaction Numbers (Replay attacks)

The Architecture Policy Service Client & Proxy Login Service Remote. Cb Handler User. DB

The Architecture Policy Service Client & Proxy Login Service Remote. Cb Handler User. DB Service Blue. Dot Service Challenge Resp. Srv.

Highlights • • Uses standard Java technology Transparency for the client Minimal Overhead at

Highlights • • Uses standard Java technology Transparency for the client Minimal Overhead at server side Powerful login policies First Prototype up and running Internal Java Authorizations mechanisms Well adapted for home services: TV, fridge

Jini TM Architecture Source Sun Microsystems Inc JiniJini TM Architecture Source Sun Microsystems Inc Jini
An Introduction of Jini Technology How can JINIAn Introduction of Jini Technology How can JINI
User Interfaces for Jini Services The Jini PatternUser Interfaces for Jini Services The Jini Pattern
Jini Service F Service A Service B JiniJini Service F Service A Service B Jini
11 Jini What is Jini A network technology11 Jini What is Jini A network technology
JINI https store theartofservice comitil2011 foundationcompletecertificationkitfourtheditionstudyguideebookandonlinecourse html JiniJINI https store theartofservice comitil2011…
Authentication and Authorization Authentication is the process ofAuthentication and Authorization Authentication is the process of
Computer Security Passwords Authentication vs Authorization Authentication nComputer Security Passwords Authentication vs Authorization Authentication n
Outline User authentication Password authentication salt Challengeresponse authenticationOutline User authentication Password authentication salt Challengeresponse authentication