1 Programming "Indigo" Part 2: Secure, Reliable, Transacted Services Session Code: WSV 302 Don Box Architect Microsoft Corporation Don Box Architect Microsoft Corporation

2 Base Operating System Services CLR TransactionsStorage Protocols Network Services Kernel Mode Base Class Libraries Memory Manager Hosting Layer Code Execution Loader Security Serialization Lightweight Transactions Lightweight Transactions Transaction Coordinator Kernel Transaction Manager Logging Service Kernel Hardware Abstraction Layer Process Manager Process Manager Security Reference Monitor LPC Facility Memory Manager Power Manager Config Manager Plug and Play Transacted NTFS Transacted NTFS Cache Manager Cache Manager Universal Data Format Universal Data Format Filter Engine Filter Engine TPC, UDP IPV4, IPV6 TPC, UDP IPV4, IPV6 IPSEC QOS HTTP Listener HTTP Listener Internet Connection Firewall Demand Activation and Protocol Health PNRP Native WiFi Native WiFi SIP TCP Listener TCP Listener UDP Listener UDP Listener IPC Listener IPC Listener Network Class Library GDI/GDI+ Window Manager Window Manager Global Audio Engine Global Audio Engine DirectX Graphics Graphics drivers DDI Input Manager Input Manager Audio Drivers Audio Drivers DirectX Graphics Mini port DirectX Graphics Mini port Redirectors SCSI/FC Device Drivers Management PresentationDataCommunication WinFSIndigo Make the connection Windows Forms Avalon ASP.NET ObjectSpaces DataSet SQL XML Providers Framework Services Schemas Data Model ADO.NET Connectivity Synchronization (WinFS, Win32..) InfoAgent (PreferenceRules..) InfoAgent (PreferenceRules..) FileSystem Services (MetaDataHandlers..) FileSystem Services (MetaDataHandlers..) Calendar Media Document … … Items Relationships Extensions Communications Manager (Port) Messaging Services Transport Channels (IPC, HTTP, TCP…) Transport Channels (IPC, HTTP, TCP…) IO Manager Channels (Datagram, Reliable, Peer, …) Policy Engine Policy Engine Message Encoder Message Encoder Channel Security Channel Security Queuing Eventing Routing Transaction Desktop Services Desktop Services Desktop Window Manager Desktop Window Manager Presentation Object Manager Desktop Composition Engine Animation and Composition Media Services Hardware Rendering Hardware Rendering Media Processing Capture and Sourcing Capture and Sourcing Software Rendering and Sinks Software Rendering and Sinks Adaptive UI Engine Adaptive UI Engine Page/Site Composition Personalization and Profiling Services Personalization and Profiling Services Membership and Security Services Membership and Security Services Designer Services Designer Services Controls Interop Engine Controls Interop Engine Controls Windows Forms Application Services Application Services Application Deployment Engine (Click-Once) Application Deployment Engine (Click-Once) People Group Identity & Security System Identity & Security System Collaboration People and Groups People and Groups Collaboration History Collaboration History Real-Time Activities Real-Time Activities Signaling Federation System Services FAT 16/32 Filter Manager Filter Manager Distributed File System Distributed File System Backup / Restore Backup / Restore File Replication Service File Replication Service Virtual Disk Service Virtual Disk Service Models Service Object T/SQL XML Document UI Media

3 Connector Communications Manager (Port) Transport Channels (IPC, HTTP, TCP…) Transport Channels (IPC, HTTP, TCP…) Channels (Datagram, Reliable, Peer, …) Policy Engine Policy Engine Message Encoder Message Encoder Channel Security Channel Security Service Model Hosting Environments Instance Manager Context Manager Type Integration Service Methods Declarative Behaviors Transacted Methods ASP.NET.container.exe NT Service DllHost Messaging Services System Services Queuing Routing Eventing … … Transaction Federation … … “Indigo” Architecture

4 What Is Indigo? “Indigo” is a set of.NET technologies for building and managing service-oriented systems “Indigo” is scale-invariant “Indigo” is broadly interoperable “Indigo” provides a unified programming model and runtime “Indigo” is a set of.NET technologies for building and managing service-oriented systems “Indigo” is scale-invariant “Indigo” is broadly interoperable “Indigo” provides a unified programming model and runtime

5 The Role Of Transactions Intra-service correctness Availability versus latency Compensation and trust Declarative and ubiquitous Intra-service correctness Availability versus latency Compensation and trust Declarative and ubiquitous

6 System.Transactions Manual Transactions (ITransaction, ITransactionManager, IEnlistment) Implicit Transactions (Transaction.Current, TransactionScope) Declarative Transactions (Indigo) ([Transaction]) Resource Manager Utilities (Log, Isolation)

7 System.Transactions

8 “Indigo” And Transactions Transacted Methods Transaction scopes can be automated through attribute Tx.Current established by Service Model Outcome determined based on normal/abnormal termination Origin of transaction orthogonal to scope Transaction scopes can be automated through attribute Tx.Current established by Service Model Outcome determined based on normal/abnormal termination Origin of transaction orthogonal to scope

9 “Indigo” And Transactions Transacted I/O “Indigo” channels can support transaction protection on message delivery Transacted send defers transmission until successful TX outcome Transacted receive returns message to queue upon failed TX Established during channel creation Per-method attribute sets defaults “Indigo” channels can support transaction protection on message delivery Transacted send defers transmission until successful TX outcome Transacted receive returns message to queue upon failed TX Established during channel creation Per-method attribute sets defaults

10 “Indigo” And Transactions Transacted Services Common logging facility makes compensation efficient and tractable Unified log between TM, RM, and application Based on ARIES log protocol Isolation support via service-specific optimistic concurrency or via TX-aware locks Common logging facility makes compensation efficient and tractable Unified log between TM, RM, and application Based on ARIES log protocol Isolation support via service-specific optimistic concurrency or via TX-aware locks

11 “Indigo” And Transactions Transaction Propagation “Indigo” supports propagation of arbitrary execution context DCOM causality.NET Remoting LCID ILogicalThreadAffinitive Transactions are but another piece of context that can flow Propagation is opt-in for services, opt-out for objects “Indigo” supports propagation of arbitrary execution context DCOM causality.NET Remoting LCID ILogicalThreadAffinitive Transactions are but another piece of context that can flow Propagation is opt-in for services, opt-out for objects

12 “Indigo” And Transactions

13 The Role Of Reliable Messaging The impact of intermediaries The impact on contracts Immediate versus deferred message transfer The impact of intermediaries The impact on contracts Immediate versus deferred message transfer

14 Reliable Messaging In Indigo “Indigo” provides reliable message sequences Uni- or bi-directional Sender/receiver lifetimes may overlap or not Message store is configurable Volatile versus durable Transacted resource manager Parameterized delivery assurances “Indigo” provides reliable message sequences Uni- or bi-directional Sender/receiver lifetimes may overlap or not Message store is configurable Volatile versus durable Transacted resource manager Parameterized delivery assurances

15 Reliable Messaging In Indigo RM characteristics specified as channel capabilities/requirements Services specify characteristics via per class/interface attribute Contract carries essential details Characteristics of proxy subject to contract + imperative calls RM characteristics specified as channel capabilities/requirements Services specify characteristics via per class/interface attribute Contract carries essential details Characteristics of proxy subject to contract + imperative calls

16 Reliable Messaging

17 The Role Of Security Services have a variety of security needs Messages need to be protected or both integrity and confidentiality Services and clients need authentication Services often wish to grant authorization selectively based on client credentials All of this needs to work across organization and platform boundaries Services have a variety of security needs Messages need to be protected or both integrity and confidentiality Services and clients need authentication Services often wish to grant authorization selectively based on client credentials All of this needs to work across organization and platform boundaries

18 “Turn-Key” “Indigo” Security Development (code attributes) Annotate services with code attributes Define authentication, confidentiality, integrity, and access control requirements Deployment (configuration) Define and select security profile settings Administration (security data) Specify authorization mappings (user to role) Specify username-password credentials Specify presentation credentials Development (code attributes) Annotate services with code attributes Define authentication, confidentiality, integrity, and access control requirements Deployment (configuration) Define and select security profile settings Administration (security data) Specify authorization mappings (user to role) Specify username-password credentials Specify presentation credentials

19 Turn-Key Development Declarative Attributes Annotate Service classes and methods Security Requirement Attributes Integrity Confidentiality ClientAuthentication AccessControl Security Settings Profile Each requirement is scoped to the messages corresponding to the annotated class or method Annotate Service classes and methods Security Requirement Attributes Integrity Confidentiality ClientAuthentication AccessControl Security Settings Profile Each requirement is scoped to the messages corresponding to the annotated class or method

20 Turn-Key Deployment Configuration and Profiles Define security profiles which indicate how security requirements are to be satisfied Developer or deployer may define their own security profiles Common security profiles are predefined in machine.config A scope of messages are bound to a security profile Define security profiles which indicate how security requirements are to be satisfied Developer or deployer may define their own security profiles Common security profiles are predefined in machine.config A scope of messages are bound to a security profile

21 Turn-Key Deployment Configuration and Profiles A security profile is composed of the following security settings Authentication mechanism Intranet (Windows Kerberos) Internet (Username-password) B2B (X.509) Federated (XrML or SAML) Replay Detection mechanism Encryption mechanism Authorization provider A security profile is composed of the following security settings Authentication mechanism Intranet (Windows Kerberos) Internet (Username-password) B2B (X.509) Federated (XrML or SAML) Replay Detection mechanism Encryption mechanism Authorization provider

22 Turn-Key Administration Security Administration Data Security Administration Data includes three kinds of information Presentation Credentials – for presenting to other services Trust Credentials – for authorizing trusted users, partners, or issuers Authorization Data – for mapping input claims to authorization data (e.g., user to role) Security Administration Data includes three kinds of information Presentation Credentials – for presenting to other services Trust Credentials – for authorizing trusted users, partners, or issuers Authorization Data – for mapping input claims to authorization data (e.g., user to role)

23 “Indigo” Security

24 Where Are We? “Indigo” uses transactions to increase the reliability and correctness of services “Indigo” provides reliable and durable message transmission between services “Indigo” supports a broad range of security protocols using a simple declarative programming model “Indigo” uses transactions to increase the reliability and correctness of services “Indigo” provides reliable and durable message transmission between services “Indigo” supports a broad range of security protocols using a simple declarative programming model

25 For More Information Come see us Immediately after this session Web/Services Lounge: 309 Foyer MSDN “Longhorn” DevCenter Newsgroup microsoft.public.windows.developer.winfx.indigo At PDC Hands on labs: On-site or download from CommNet Ask The Experts: Tuesday 7 P.M. – 9 P.M. Hall G, H PDC Weblogs: Come see us Immediately after this session Web/Services Lounge: 309 Foyer MSDN “Longhorn” DevCenter Newsgroup microsoft.public.windows.developer.winfx.indigo At PDC Hands on labs: On-site or download from CommNet Ask The Experts: Tuesday 7 P.M. – 9 P.M. Hall G, H PDC Weblogs:

26 © Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.