ICM, University of Warsaw

Slides:



Advertisements
Similar presentations
Logic Circuits Design presented by Amr Al-Awamry
Advertisements

An Introduction to XML Based on the W3C XML Recommendations.
CS 330 Programming Languages 09 / 13 / 2007 Instructor: Michael Eckmann.
8 November Forms and JavaScript. Types of Inputs Radio Buttons (select one of a list) Checkbox (select as many as wanted) Text inputs (user types text)
Chapter 3 Program translation1 Chapt. 3 Language Translation Syntax and Semantics Translation phases Formal translation models.
Internationalization of Java Platform Presenter: Ataru Nakazawa Advisor: Xiaoping Jia Date: January 23, 2004.
1 The Amazing Group 13 Parser Generator Jon Schmid Matthew Tong Justin Ward.
1 Agenda Variables (Review) Example Input / Output Arithmetic Operations Casting Char as a Number (if time allow)
Chapter 2: Algorithm Discovery and Design
14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.
ASN.1 CNS 4650 Fall 2004 Rev. 2.
LDAP: Information Model Part 2 CNS 4650 Fall 2004 Rev. 2.
Topic #3: Lexical Analysis
Why XML ? Problems with HTML HTML design - HTML is intended for presentation of information as Web pages. - HTML contains a fixed set of markup tags. This.
23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr Michel Jouvin
LDAP: LDIF & DSML Fall 2004 Rev. 2. LDIF Light-weight Data Interchange Format RFC 2849 Common format to exchange data entry schema.
LDAP Items
Ocean Observatories Initiative Data Management (DM) Subsystem Overview Michael Meisinger September 29, 2009.
COP 4620 / 5625 Programming Language Translation / Compiler Writing Fall 2003 Lecture 3, 09/11/2003 Prof. Roy Levow.
Comments on draft-ietf-pkix-scvp-19.txt IETF Meeting Paris - August 2005 Denis Pinkas
1 Compiler Construction (CS-636) Muhammad Bilal Bashir UIIT, Rawalpindi.
3280bis David Cooper. Changes Since Draft 02 ● Section 1 (Introduction): Replaced text highlighting changes between RFC 2459 and 3280 with text highlighting.
Mapping Company Classification Policy to the S/MIME Security Label Weston Nicolls S/MIME Working Group Meeting December 13, 2000.
Errors!. Where do errors occur? Anywhere data is transferred, processed, stored, etc. Input user error Storage magnetic hard drive errors physical tampering.
 2008 Pearson Education, Inc. All rights reserved JavaScript: Introduction to Scripting.
Application support functions Chapter Introduction ASN.1 Security Data encryption Nonrepudiation Authentication Public key certification authorities.
Keyprov PSKC spec Philip Hoyer 71-st IETF, Philadelphia.
Keyprov PSKC spec Philip Hoyer 71-st IETF, Philadelphia.
1 Storing and Maintaining Semistructured Data Efficiently in an Object- Relational Database Mo Yuanying and Ling Tok Wang.
Sudeshna Sarkar, IIT Kharagpur 1 Programming and Data Structure Sudeshna Sarkar Lecture 3.
EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI CF.
OGSA Attributes: Requirements, Definitions, and SAML Profile Abstract This document specifies elements and vocabulary for expressing attribute assertions.
Introduction to Computer Programming Concepts M. Uyguroğlu R. Uyguroğlu.
Chapter 4: Control Structures I (Selection). Objectives In this chapter, you will: – Learn about control structures – Examine relational operators – Discover.
9/21/2016 Presentation layer Abstract Syntax Notation #1 Basic Encoding Rules.
UNICORE and Argus integration Krzysztof Benedyczak ICM / UNICORE Security PT.
2440: 141 Web Site Administration Web Forms Instructor: Joseph Nattey.
Chapter 3 – Describing Syntax
Chapter 4: Control Structures I (Selection)
ASN.1: Introduction Zdeněk Říha.
CHP - 9 File Structures.
XML QUESTIONS AND ANSWERS
Introduction to Scripting
Overview of Hadoop MapReduce MapReduce is a soft work framework for easily writing applications which process vast amounts of.
Update on EDG Security (VOMS)
Intelligent Agents Chapter 2.
Programming Assignment 1
Control Structures – Selection
Programming Languages
PHP: Security issues FdSc Module 109 Server side scripting and
Introduction to C++ Programming
WEB PROGRAMMING JavaScript.
Instance Model Structure
ELECTRONIC MAIL SECURITY
News from the wonderful world of directories
Exception Handling Chapter 9 Edited by JJ.
T. Jumana Abu Shmais – AOU - Riyadh
ELECTRONIC MAIL SECURITY
Mapping E/R to Relational
Review of Week 1 Database DBMS File systems vs. database systems
COMS 161 Introduction to Computing
Python Primer 1: Types and Operators
Metadata The metadata contains
DATA MODELS.
Zorah Fung University of Washington, Spring 2015
Learning Intention I will learn about the standard algorithm for input validation.
Customizing RDA for local applications
Zorah Fung University of Washington, Winter 2016
Introduction to Java Collection
Presentation transcript:

ICM, University of Warsaw What is a DN? DN is an ordered list of unordered sets of attribute type and value pairs. unordered set is called RDN (RelativeDN) attribute type and value is called AVA multivalued RDNs are rare. Each attribute value has its type. PrintableString, UTF8String and IA5String are by far the most common, there are few others rarely occurring. AVAs are defined as OIDs with name, description and other metadata. E.g. 1.3.18.0.2.4.110 = billingCountry Some has short labels, some multiple labels, some no label. DNs are defined as a binary structure (ASN.1) and are used to identify X.509 certificate principals. 9/12/2018 ICM, University of Warsaw

ICM, University of Warsaw RFC 2253 format Defines reliable parsing and encoding algorithms. Does not store an information about AVA value type. Influences case sensitiveness only, sensible default can be usually used using AVA name. Syntax: RDNs are written in reversed order separated by ','. AVAs of one RDN are glued with '+'. There are escaping rules defined, rules for names presentation and for encoding not printable values. Example: CN=Krzysztof Benedyczak,OU=ICM+O=UWAR,C=PL 9/12/2018 ICM, University of Warsaw

ICM, University of Warsaw Why should I care? DNs are often: presented to users (end-, admins) checked for equality (policies, lookups) Often in security area! In all the cases a text representation must be used. Presenting can be tricky. Which one is better: 2.5.4.3=#04024869 CN=Lučić Comparison is super-difficult: OU=Sales+CN=Lučić,O=Widget Inc.,countryName=us 2.5.4.3=#04024869+OU=Sales,O=Widget Inc.,C=US those are the same guys! Note: PrintableString is not case sensitive. UTF8String is. 9/12/2018 ICM, University of Warsaw

ICM, University of Warsaw Openssl legacy format Globus and its heirs used an old Openssl-inspired format for DNs. The format is not defined anywhere. Implementations are not coherent. RFC CN=gateway/hyx.plgrid.icm.edu.pl,O=ICM+C=PL ossl /C=PL/O=ICM/CN=gateway/hyx.plgrid.icm.edu.pl ossl /C=PL+O=ICM/CN=gateway/hyx.plgrid.icm.edu.pl The most important problems: escaping (e.g. '/') encoding of not printable letters encoding of multi RDNs ('+' or '/' which is ambiguous?) 9/12/2018 ICM, University of Warsaw

ICM, University of Warsaw How RFC 2253 is handled? A big map of attribute names, labels and OIDs is implemented. all mandatory and commonly used. more then 100 entries in total! Equality test: the input DNs are parsed to produce semantic representations (may have invalid types!) using the map. the semantic representations are normalized using the 10 step algorithm: http://docs.oracle.com/javase/6/docs/api/javax/security/auth/x500/X500Principal.html#getName(java.lang.String) ... with additional fixes(!) applied in CANL before it. string equality on normalized values is performed. 9/12/2018 ICM, University of Warsaw

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.