Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?

Published byDeirdre Armstrong Modified over 9 years ago

Similar presentations

Presentation on theme: "Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?"— Presentation transcript:

1

2

3 Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?

4 What are the provisioning methods used in the Australian registry systems?

5 The Key points: Object model Web based interface Socket based interface (EPP)

6 The Object Model Registrars – Registrar name, address, telephone Contacts – contact name, organisation, address, telephone, fax, email Hosts – host name, IP address Domains – domain name, name servers, subordinate hosts, associated contacts

7 Object State - Status Objects maintain status Available statuses include: client/server – approved, cancelled, deleteProhibited, hold, rejected, renewProhibited, transferProhibited, updateProhibited inactive, linked, ok, pending pending – delete, transfer, verification

8 Web Based Interface Encrypted and secured using HTTPS(SSL) Good for small volumes Contains most features Limited technical knowledge Standard Web based forms – like objects

9 Socket Interface IETF EPP Protocol Extensible and Customisable SSL Encryption Full Automation Good for high volumes

10 EPP in detail An XML based protocol Full W3C compliant XML schema definition Makes use of XML namespaces Extensibility UTF - Internationalisation Manipulate all properties of objects Transport independent

11 Typical EPP command XML Header EPP Namespace EPP Command Object Specific Namespace Object Specific Information EPP Transaction ID

12 Typical EPP response XML Header EPP Namespace EPP Response Object Specific Namespace Object Specific Information EPP Transaction IDs EPP Response Code EPP Response Message

13 EPP Commands Hello and Greeting Login and Logout Check and Info Create, Modify and Delete Transfer (request, cancel and approve) Poll Status

14 Hello and Greeting Used to establish presence and server capabilities Client says “Hello” Server replies with its capabilities, current time and policies in effect. Sent as soon as transport session established

15 Login and Logout Used to start and stop session based communications Username and password Objects to be managed in that session Client can request policies to be used during that session Credentials used in the login are assumed for all following transactions in the established session

16 Check and Info Used to view information on objects in the registry database Check availability of objects e.g. Domains Names Retrieve the properties of objects you sponsor Retrieve information on other objects using the “authinfo”

17 Create, Modify and Delete Used to manipulate objects in the registry database Create new objects (Domains, Contacts and Hosts) Creating registrar becomes “sponsor” of object Modify details of existing objects that logged in registrar currently “sponsors” Delete objects, objects may fall into a pending delete status depending on policies in effect

18 Transfer (request, cancel and approve) Transfer of objects (Domains and Contacts) Gaining Registrar requests transfer from another Registrar Losing Registrar can approve or reject the transfer depending on policy Transfers will be server approved after a timeout period

19 Poll Used to check the server message queue Low balance messages Transfer request messages Expiry messages Used to acknowledge receipt of messages Also used to keep sessions active

20 Status Commands are atomic i.e. succeed or fail Can look up a command by transaction ID and find out if it succeeded or failed Can get details of previous command

21 Advantages of using EPP Industry standard - IETF Extensible - will support modifications or fit policy Vast array of toolkits available Well-defined atomic operation Full Automation

22 Example of Extensibility NAPTR records in domain create command

23

24 How are these provisioning systems secured?

25 Security viewed on three Levels Security of systems Authentication of Registrars (Tier 2) Authentication of Registrants

26 Security of systems Physical Security Firewalls – Authorised IPs only Security Policies Data

27 Registrar Authentication 3 Layers Secure Certificate Signed by AusRegistry Access given only to Registrar IP address range EPP Credentials (Username and Password)

28 Registrar Authentication Certificate Common name must match Username Username must match IP addresses being used Certificate must match IP address range Can’t use someone else’s certificate from your addresses

29 Registrant Authentication All domains contain “authinfo” field (domain password) “authinfo” is required to perform operations on domain, especially transfers Exactly how this is implemented is based on policy

30 Questions?

31 Thank you

32

33

Download ppt "Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?"

Similar presentations

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
Using the Self Service BMC Helpdesk

Using the Self Service BMC Helpdesk
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
A Comprehensive Web Application Development and Deployment Platform.

A Comprehensive Web Application Development and Deployment Platform.
By: E. Susheel Chandar M. Guna Sekaran Intranet Mail Server.

By: E. Susheel Chandar M. Guna Sekaran Intranet Mail Server.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.

 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
GrapevineCS-4513, D-Term 20071 Introduction to the Grapevine Distributed System CS-4513 Distributed Computing Systems.

GrapevineCS-4513, D-Term Introduction to the Grapevine Distributed System CS-4513 Distributed Computing Systems.
03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.

03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
CS682- Session 10 Prof. Katz. Well-Known Attacks By far the most common security vulnerabilities Attacks that Script-Kiddies are capable of performing.

CS682- Session 10 Prof. Katz. Well-Known Attacks By far the most common security vulnerabilities Attacks that Script-Kiddies are capable of performing.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
Introduction 1 Lecture 7 Application Layer (FTP, e-mail) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.

Introduction 1 Lecture 7 Application Layer (FTP, ) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.
TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.

TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.
Email Basics Dayton Metro Library Place photo here August 10, 2015.

Basics Dayton Metro Library Place photo here August 10, 2015.
Introduction 1-1 Chapter 2 FTP & Email Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 IC322 Fall.

Introduction 1-1 Chapter 2 FTP & Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 IC322 Fall.

Similar presentations

Ads by Google