Fonkey Project Update: Target Applications TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

Slides:

Advertisements

Similar presentations

1 Ontolog OOR Use Case Review Todd Schneider 1 April 2010 (v 1.2)

Advertisements

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

Web Service Ahmed Gamal Ahmed Nile University Bioinformatics Group

Inter-Institutional Registration UNC Cause December 4, 2007.

Snejina Lazarova Senior QA Engineer, Team Lead CRMTeam Dimo Mitev Senior QA Engineer, Team Lead SystemIntegrationTeam Telerik QA Academy SOAP-based Web.

Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Lecture 23 Internet Authentication Applications

Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Abdelilah Essiari Gary Hoo Keith Jackson William Johnston Srilekha Mudumbai Mary Thompson Akenti - Certificate-based Access Control for Widely Distributed.

Requirements for Format for INcident data Exchange (FINE) draft-ietf-inch-requirements-00.txt INCH WG, IETF56 March 19, 2003 Yuri Demchenko Glenn Mansfield.

XML Security in IODEF INCH WG, IETF56 March 19, 2003 Yuri Demchenko.

Peoplesoft: Building and Consuming Web Services

CORDRA Philip V.W. Dodds March The “Problem Space” The SCORM framework specifies how to develop and deploy content objects that can be shared and.

Application of Attribute Certificates in S/MIME Greg Colla & Michael Zolotarev Baltimore Technologies 47 th IETF Conference Adelaide, March 2000.

14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

Visual Signature Profile OASIS - DSS-X. Agenda General Requirements – Digital Signature operation Visual Signature content Verification Operation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

TechSec WG: Related activities overview and Fonkey Project update TechSec WG, RIPE-46 September 3, 2003 Yuri Demchenko.

Donkey Project Technologies and Target applications March 6, 2003, Vrije Universiteit Yuri Demchenko.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

IODEF Design principles and IODEF Data Model Overview IODEF Data Model and XML DTD pre-draft Version 0.03 TERENA IODEF WG Yuri Demchenko.

Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

An XMPP (Extensible Message and Presence Protocol) based implementation for NHIN Direct 1.

OASIS ebXML Registry Standard Open Forum 2003 on Metadata Registries 10:30 – 11:15 January 20, 2003 Kathryn Breininger The Boeing Company Chair, OASIS.

DP&NM Lab. POSTECH, Korea - 1 -Interaction Translation Methods for XML/SNMP Gateway Interaction Translation Methods for XML/SNMP Gateway Using XML Technologies.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

DICOM Security Lawrence Tarbox, Ph.D. Chair, WG 14 Mallinckrodt Institute of Radiology Washington University in St. Louis School of Medicine.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

Dynamic Content On Edge Cache Server (using Microsoft.NET) Name: Aparna Yeddula CS – 522 Semester Project Project URL: cs.uccs.edu/~ayeddula/project.html.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Chapter 6 Server-side Programming: Java Servlets

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

An XML based Security Assertion Markup Language

Connect. Communicate. Collaborate Place organisation and project logos in this area Usage of SAML in eduGAIN Stefan Winter, RESTENA Foundation TERENA Networking.

1 CS 502: Computing Methods for Digital Libraries Lecture 19 Interoperability Z39.50.

SAML: An XML Framework for Exchanging Authentication and Authorization Information + SPML, XCBF Prateek Mishra August 2002.

All Rights Reserved, Swurv, secure gateway interoperable communication multidomain traffic system APPLICATION LAYER TECHNICAL DISCUSSION.

Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.

Connect. Communicate. Collaborate The MetaData Service Distributing trust in AAI confederations Manuela Stanica, DFN.

PKI Future Directions 29 November 2001 Russ Housley RSA Laboratories CS – Class of 1981.

SOAP-based Web Services Telerik Software Academy Software Quality Assurance.

PAPI: Simple and Ubiquitous Access to Internet Information Services JISC/CNI Conference - Edinburgh, 27 June 2002.

1 Registry Services Overview J. Steven Hughes (Deputy Chair) Principal Computer Scientist NASA/JPL 17 December 2015.

Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.

Module: Software Engineering of Web Applications Chapter 2: Technologies 1.

GPO’s Future Digital System (FDsys) November 2, 2006 LS&CM CENDI Presentation.

1 Public Key Infrastructure Dr. Rocky K. C. Chang 25 February, 2002.

DICOM Security Andrei Leontiev, Dynamic Imaging Presentation prepared by: Lawrence Tarbox, Ph.D. Chair, WG 14 Mallinckrodt Institute of Radiology Washington.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

Module 5: Managing Content. Overview Publishing Content Executing Reports Creating Cached Instances Creating Snapshots and Report History Creating Subscriptions.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

Real time Stock quotes by web Service and Securing XML for Web Services security. Bismita Srichandan

Access Policy - Federation March 23, 2016

Sabri Kızanlık Ural Emekçi

WEB SERVICES From Chapter 19 of Distributed Systems Concepts and Design,4th Edition, By G. Coulouris, J. Dollimore and T. Kindberg Published by Addison.

HMA Identity Management Status

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

S/MIME T ANANDHAN.

A GJXDM-Based Approach for Federated Information Sharing

Presentation transcript:

Fonkey Project Update: Target Applications TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko

May 14, RIPE-45, Barcelona Fonkey Project Update: Target applications Slide _2 Outline  Fonkey Project Status  Design issues  Target applications

May 14, RIPE-45, Barcelona Fonkey Project Update: Target applications Slide _3 Fonkey Project Status Fonkey (former Donkey) Project at NLnet Labs -  System to distribute cryptographic keys and reference/attribute information bound by Digital Signature u To serve as a sort of identification Project Status  Current stage – definition and pilot implementation of basic client-storage functionality, including u Package format u Simple query language u Publish, retrieve, search protocols u Demo - available mid June  For the next stage – p2p network infrastructure and related protocol and data format issues

May 14, RIPE-45, Barcelona Fonkey Project Update: Target applications Slide _4 What is Fonkey: Fonkey functionality  Fonkey allows anyone to publish a named key, together with optional data (Fonkey package) u Fonkey is NOT a permanent storage: key must be republished to remain available u Fonkey does NOT define a policy for key/payload usage –This is an application specific function  Fonkey allows anyone to search for a published key, based on the key's name (required) and signers (optional)  Fonkey allows anyone to sign a published key

May 14, RIPE-45, Barcelona Fonkey Project Update: Target applications Slide _5 Design issues: Package structure  Type – Type of Package: (Key | Named | Signature)  Key – Owner’s public key  Properties – A set of name/value pairs u To serve control/status and identification function  Payload - Application specific content and format u May include specific format definition (e.g., embedded XML Schema)  Signatures – Signature used to ensure integrity and identity of Package u Signed by Owner’s private key u Signed by others

May 14, RIPE-45, Barcelona Fonkey Project Update: Target applications Slide _6 Design issues: Types of Package Generic Package structure – {Type, Public Key, Properties, Payload, Signature}  Key Package – like generic package u Unique ID is defined by Public Key u Location by Public Key attributes/info  Named Package – adds Name field to the generic package u Unique ID is defined by Name and Key u Location by Name  Signature Package – adds Subject (ID of the package signed by this Signature) and References (to signed parts/portions) u Unique ID is defined by Public Key and Subject u Location by (Subject, Public Key) pair

May 14, RIPE-45, Barcelona Fonkey Project Update: Target applications Slide _7 Design issues: More information Package format  Currently used Python data object format as an internal format and XML based exchange format  Prospectively internal XML format and XML Protocol More information – Fonkey Project Overview

May 14, RIPE-45, Barcelona Fonkey Project Update: Target applications Slide _8 Fonkey Target Applications Fonkey is kept as simple as possible to create easily deployable infrastructure  Analysis of target applications requirements allows to define specific requirements and necessary extensions to the generic/basic functionality Applications under discussion  PGP Keyserver with extended payload  Privilege Storage (bound to PK based identity)  Identity Server for Liberty Project applications – under discussion  Other applications u Location Server for IIDS u Client applications requiring XMLSig functionality, e.g. WS/SOAP based AAA Agent, IODEF enabled Incident Handling System

May 14, RIPE-45, Barcelona Fonkey Project Update: Target applications Slide _9 Target Application: Extended PGP Keyserver Reference - The OpenPGP HTTP Keyserver Protocol (HKP) Specific requirements  PGP key request via HTTP GET u Operations - {get, index, vindex, x-?} u Search - variable {key ID, V4 Fingerprint, V3 Fingerprint} u Modifier = {options {mr, nm}, fingerprint, exact  PGP key publish via HTTP POST u OpenPGP Packet in an ASCII Armored format (RFC2440) Benefits/new functionality with Fonkey  Adding application oriented payload  Flexible search for Key information  Building P2P infrastructure  Integration with other types of PK infrastructures

May 14, RIPE-45, Barcelona Fonkey Project Update: Target applications Slide _10 Target Application: Privilege Storage (for PMI) Specific Requirements  Publish and retrieve/search for Subject’s Attribute Certificate/Package  Administrative interface for generating role-based AC (not necessary X.509) Benefits  Flexibility in using XML Schema for Subject’s attributes comparing to LDAP  Possibility to integrate with PKC storage Issues to solve  Policy definition  Administrative interface  Using SAML for attributes assertions

May 14, RIPE-45, Barcelona Fonkey Project Update: Target applications Slide _11 Prospective Target Applications: Identity Server Prospective Target application – Identity Server for federated identity management with Liberty Alliance Project (LAP) New set of LAP specifications published -  Using SAML and Web Services technology  Trust management for dynamic identity federation u Circles of trust initiated and controlled by user Promising area – needs further discussion

May 14, RIPE-45, Barcelona Fonkey Project Update: Target applications Slide _12 Other possible uses (not intended)  Applications requiring XML Signature based functionality u Adding XML Signature to proprietary XML Documents (e.g., IODEF) u Adding XML Signature to SOAP based applications (e.g., AAA/Web Services) u Mostly limited to Client functionality  Location Server for IIDS (Interactive Intelligent Distributed Systems)