Lecture 22 – April 9, 2002 Subprotocols – static and dynamic. Property access subprotocol Security models

Subprotocols Dialects – Conversations The set of Bond messages is partitioned into small closed subsets of commands necessary to perform a specific task. Each message identifies the subprotocol the message belongs to. Closed set of messages – commands in a subprotocol do not reference commands outside it. An object either understands all messages in a subprotocol or none of them.

Subprotocols Each Bond object has a property called SubprotocolsImplemented that lists the subprotocols implemented by the object. All Bond objects implement the Property Access subprotocol. All agents including implement the Agent Control subprotocol. Other suprotocols: Security, Monitoring, Scheduling, Data Staging, Persistent Storage, Registration

Static subprotocols A Bond object hierarchy inherits the subprotocols implemented by the objects above it in the object hierarchy. The messaging thread delivers an incoming message to the say() method of the object. If the say() method of the object does not understand the message it passes it to the say() methods of the immediate ancestor of the object.

Example of protocol inheritance The ancestors of the bondSchedulerAgent are bondScheduler, bondAgent, bondExecutable, bondObject. The bondSchedulerAgent is capable of understanding all messages in the Agent Control subprotocol. But it does not understand any message in the Monitoring subprotocol because none of its ancestors does.

Dynamic subprotocols; probes Some objects in a class may need to understand a subprotocol while others do not, e.g., some agents agents may need to monitor others. It would be wasteful to have all agents speak the monitoring subprotocol. Probes are specialized objects that can be attached to a regular object as dynamic properties The only function of a probe is to speak a certain subprotocol.

Dynamic subprotocols; probes The implementation of the bondObject guarantees that when an object does not understand a message, its dynamic properties list is searched for a probe that can handle the subprotocol and then deliver the message to the object. If no probe is found, the object replies sorry.

A bondScheduler agent extended with a monitoring probe

Probes Regular - activated after searching the list of the static subprotocols understood by an object, e.g., the monitoring probe. Preemptive - activated before searching the list, e.g., the security probe. Autoprobes – used to load dynamically a probe at run time.

public class bondAutoProbe extends bondProbe { Hashtable lookup; public bondAutoProbe(bondObject parent) { super(parent); lookup = new Hashtable(); initDefaults(); }

public void addAutoLoad(String name, String public void initDefaults() { addAutoLoad("Monitoring","bondMonitoringProbe"; addAutoLoad("AgentControl","bondAgentFactory"); } public void addAutoLoad(String name, String probename){ lookup.put(name, probename); public boolean implementsSubprotocol(String name) { if (lookup.get(name) != null) { return true; } return false;

// the say() function is used to receive a message public void say(bondMessage m, bondObject sender){ String name = (String)m.getParameter(":subprotocol"); String val = (String)lookup.get(name); bondProbe p = loader.loadProbe(val); p.parent = parent; parent.set("AutoProbe_"+name, p); p.say(m,sender); }

Message sending and delivery- say() public void say(bondMessage m, bondObject sender) { if (sender == null) { sender = m.getSender(); } String sp = m.getSubprotocol(); if( sp != null ){ if (sp.equals("PropertyAccess")) { sphPropertyAccess(m,sender); return; } } else { switch (m.performative) { case bondMessage.PF_SORRY: case bondMessage.PF_ERROR: case bondMessage.PF_DENY: return; default;} }

if (values != null) { bondAutoProbe ap = null; for (Enumeration e = values.elements(); e.hasMoreElements();) { bondObject o = (bondObject)e.nextElement(); if (bondProbe.class.isAssignableFrom(o.getClass()) && o.implementsSubprotocol(sp)) { if (o instanceof bondAutoProbe) ap (bondAutoProbe)o; } else { o.say(m,sender); return; } } if (ap != null) { ap.say(m,sender);}

Property access subprotocol A message consists of a performative, content, and parameters. The performative gives the broad meaning of the message. For example, ask-one is a question requesting an answer, achieve is an imperative request, tell is the response to a question. The content specifies the actual function requested. For example, to store and read a property set get

Examples If object X wants to obtain the value of the property w of object Y it sends the following message: (ask-one :sender X :receiver Y :subprotocol PropertyAccess :content get :property w :reply-with zzzz)

Example Assuming that property w of object Y has value 7 then object Y replies with the following message: (tell :sender Y :receiver X :subprotocol PropertyAccess :content value :value 7 :in-reply-to zzzz)

Security models Authentication Access Control PAP CHAP Kerberos Certificate-based Access Control

CHAP CHAP - Challenge Handshake Authentication Protocol The authentication agent, typically a network server, sends the client program a key to encrypt the username and the password.

Kerberos Kerberos - ticket-based authentication The authentication server assigns a unique key, called a ticket, to each user that logs on to the network. The ticket is then embedded in every message to identify the sender of the message.

Certificate-based This model is based on public key cryptography. Each user holds two different keys: public and private. The user can get a certificate that proves the binding between the user and its public key from a third party. The private key is used to generate evidence that can be sent with the certificate to the server side. The server uses the certificate and evidence to verify the identity of the user.