1 82 nd IETF meeting NETCONF over WebSocket (http://tools.ietf.org/html/draft-iijima-netconf-websocket-ps-01 ) Tomoyuki Iijima, (Hitachi) Hiroyasu Kimura,

Slides:

Advertisements

Similar presentations

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.

Advertisements

71 th IETF meeting Experience of implementing NETCONF over SOAP ( draft-iijima-netconf-soap-implementation-06) Tomoyuki Iijima, Yoshifumi Atarashi, Hiroyasu.

Encrypting Wireless Data with VPN Techniques

Version 1 of EAP-TTLS draft-ietf-pppext-eap-ttls-05.txt Paul Funk Funk Software.

Cryptography and Network Security

Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Pre-Shared Key TLS with GBA support Thesis presentation ESPOO, Finland.

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

HTTP Cookies. CPSC Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP.

Martin Kruliš by Martin Kruliš (v1.0)1.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Chapter 8 Web Security.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Web Service Description KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

ATIS Liaison Pre-letter Ballot Review Security Management System (TMOC Issue 56) Chris Lonvick Joe Salowey Personal Liaisons to the TMOC Chair.

FORESEC Academy FORESEC Academy Security Essentials (II)

Rensselaer Polytechnic Institute CSCI-4220 – Network Programming David Goldschmidt, Ph.D.

NETCONF Server and RESTCONF Server Configuration Models draft-ietf-netconf-server-model-06 NETCONF WG IETF #92 Dallas, TX, USA.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

An XMPP (Extensible Message and Presence Protocol) based implementation for NHIN Direct 1.

Chapter 17 - Deploying Java Applications on the Web1 Chapter 17 Deploying Java Applications on the Web.

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

1 80 th IETF meeting NETCONF Notification over WebSocket Protocol ( draft-iijima-netconf-websocket-ps-00) Tomoyuki Iijima, (Hitachi) Yoshifumi Atarashi,

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Abierman-nanog-30may03 1 XML Router Configs BOF Operator Involvement Andy Bierman

© Hitachi, Ltd All rights reserved. NETCONF Configuration I/F Advertisement by WSDL and XSD Hideki Okita, Tomoyuki Iijima, Yoshifumi Atarashi, Ray.

All Rights Reserved Copyright © 2007,Hitachi.Ltd. VLAN data model for NETCONF ( draft-iijima-ngo-vlandatamodel-00) Thursday, March 22, 2007 Tomoyuki Iijima,

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Cryptography and Network Security (SSL)

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.

February 8, 2005IHE Europe Educational Event 1 Integrating the Healthcare Enterprise Basic Security Robert Horn Agfa Healthcare.

QUALCOMM Incorporated 1 Protocol Options for BSN- BSMCS Controller Interface Jun Wang, Kirti Gupta 05/16/2005 Notice: Contributors grant a free, irrevocable.

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG

Forward: Preventing XML Signature Wrapping Attacks in Cloud Computing Prepared by: Abdulaziz AlShammari Professor Ramasamy Uthurusamy April10, 2014.

All Rights Reserved Copyright © 2005,Hitachi.Ltd. Experience of implementing NETCONF over SOAP ( draft-iijima-netconf-soap-implementation-01) Monday, November.

HTML5 Websockets Norman White Websockets The HTTP protocol is not designed for a continuous connection between the client and the server, but rather.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

WWW: an Internet application Bill Chu. © Bei-Tseng Chu Aug 2000 WWW Web and HTTP WWW web is an interconnected information servers each server maintains.

Hiroyasu Kimura, Yoshifumi Atarashi, and Hidemitsu Higuchi

Protocol for I2RS I2RS WG IETF #89 London, UK Dean Bogdanovic v0.1.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.

70 th IETF meeting Experience of implementing NETCONF over SOAP ( draft-iijima-netconf-soap-implementation-04) Tomoyuki Iijima, Yoshifumi Atarashi, Hiroyasu.

Cryptography and Network Security Chapter 16 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

AN OVERVIEW Rocky K. C. Chang13 Sept The web 2.

Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,

E2EKey Resource Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.3, Agenda Item: End-to-End Security.

All Rights Reserved Copyright © 2007,Hitachi.Ltd. Experience of implementing NETCONF over SOAP ( draft-iijima-netconf-soap-implementation-02) Monday, July.

SCTP as a transport for Diameter draft-pascual-dime-sctp-00 IETF 79 - DIME WG November 2010,

TLS Renegotiation Vulnerability IETF-76 Joe Salowey Eric Rescorla

Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee.

WREC Working Group IETF 49, San Diego Co-Chairs: Mark Nottingham Ian Cooper WREC Working Group.

Technical Security Issues in Cloud Computing By: Meiko Jensen, Jorg Schwenk, Nils Gruschka, Luigi Lo Lacono Presentation by: Winston Tong 2009 IEEE.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

Research of Web Real-Time Communication Based on WebSocket

Advanced Communication in Web Technologies

Websocket Application

Consistent URIs For Compliance Checking (1)

NETCONF Configuration I/F Advertisement by WSDL and XSD

WebSocket: Full-Duplex Solution for the Web

67th IETF meeting netconf WG

Introduction to HTML5 and WebSockets.

Cryptography and Network Security

Presentation transcript:

1 82 nd IETF meeting NETCONF over WebSocket ( ) Tomoyuki Iijima, (Hitachi) Hiroyasu Kimura, Yoshifumi Atarashi, and Hidemitsu Higuchi (Alaxala Networks)

2 Objective of the I-D To propose a way of sending NETCONF over WebSocket protocol. But, not to intend to make this proposal as mandatory.

3 Background The number of browser-based management system is increasing with the advancement of web technologies and cloud computing. –E.g. AWS (Amazon Web Service), DMTF CIMI (Cloud Infrastructure Management Interface) Although NETCONF has high compatibility with HTML/HTTP in that it uses XML as its messaging, NETCONF is rarely used for browser- based management system. Some of the reasons might be… –There’s no easy way to develop browser-based management system. –HTTP lacks bi-directional capability. But now, WebSocket, an extension of HTTP, is under development. –WebSocket provides JavaScript API to be used for web browser. –WebSocket provides bi-directional capability. NETCONF should be used for browser-based management systems by supporting WebSocket.

Changes since 80 th IETF meeting As per comments received at the 80 th IETF meeting, we’ve made following changes. –Expanded the description into configuration. –Changed the NETCONF diagram from the one from RFC5277 to the one from RFC6241. –Expanded the description about security. 4

5 NETCONF message(1) NETCONF messages are exchanged after WS handshake is complete. NETCONF notifications from NETCONF server are sent after NETCONF session is established by exchange and session ID allocation. NETCONF ClientNETCONF Server GET upgrade: WebSocket protocol: NETCONF HTTP/ upgrade: WebSocket protocol: NETCONF WebSocket handshake NETCONF messages on a single session WS ClientWS Server Load html file that uses WebSocket API

6 NETCONF message(2) NETCONF messages should be sent according to the specification of Data Framing specified by WebSocket protocol. According to the recent specification (-17, and in RFC queue), NETCONF message should be encapsulated as follows. TCPWS headerNETCONF message NETCONF message is created and parsed by using JavaScript DOM API. WS header is added when NETCONF message is handed over to WS through WebSocket API.

Security According to WebSocket I-D, NETCONF’s requirements for transport protocol are fulfilled by following security mechanisms. –Authentication Fulfilled by mechanisms available to generic HTTP server during WS handshake, which include Cookies, HTTP Authentication, and TLS authentication (see WebSocket I-D, sec. 10.5). –Integrity and Confidentiality Fulfilled by TLS (see WebSocket I-D, sec. 10.6). Thus, the use of TLS is necessary for NETCONF over WebSocket, as in the case of NETCONF/SOAP/HTTPS. –TLS is provided as a set of WebSocket. Easy to use. In addition, WebSocket itself has its own security mechanisms. –Client is checked by |Origin| header at server during WS handshake. –Server is checked by |Sec-WebSocket-Accept| header at client. –Payload is masked by masking-key. 7

8 Example of NETCONF/WebSocket Event Notification Configuration NETCONF server (HTTP + WS server) NETCONF client A (HTTP + WS browser) NETCONF client B Operator BOperator A 1. Browser-based NMS is realized, which doesn’t require installment 2. Real time notification is realized, which is useful for failure notification. NETCONF configuration message NETCONF notification message

9 Conclusions We proposed a way of sending NETCONF over WebSocket protocol. We think that for NETCONF to support WebSocket is meaningful for NETCONF’s deployment. Does WG have interests? If YES, should this I-D move forward as an Experimental I-D?