Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Programming "Indigo" Part 2: Secure, Reliable, Transacted Services Session Code: WSV 302 Don Box Architect Microsoft Corporation

Published byAngela Bradley Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Programming "Indigo" Part 2: Secure, Reliable, Transacted Services Session Code: WSV 302 Don Box Architect Microsoft Corporation"— Presentation transcript:

1 1 Programming "Indigo" Part 2: Secure, Reliable, Transacted Services Session Code: WSV 302 Don Box Architect Microsoft Corporation http://www.gotdotnet.com/team/dbox Don Box Architect Microsoft Corporation http://www.gotdotnet.com/team/dbox

2 2 Base Operating System Services CLR TransactionsStorage Protocols Network Services Kernel Mode Base Class Libraries Memory Manager Hosting Layer Code Execution Loader Security Serialization Lightweight Transactions Lightweight Transactions Transaction Coordinator Kernel Transaction Manager Logging Service Kernel Hardware Abstraction Layer Process Manager Process Manager Security Reference Monitor LPC Facility Memory Manager Power Manager Config Manager Plug and Play Transacted NTFS Transacted NTFS Cache Manager Cache Manager Universal Data Format Universal Data Format Filter Engine Filter Engine TPC, UDP IPV4, IPV6 TPC, UDP IPV4, IPV6 IPSEC QOS HTTP Listener HTTP Listener Internet Connection Firewall Demand Activation and Protocol Health PNRP Native WiFi Native WiFi SIP TCP Listener TCP Listener UDP Listener UDP Listener IPC Listener IPC Listener Network Class Library GDI/GDI+ Window Manager Window Manager Global Audio Engine Global Audio Engine DirectX Graphics Graphics drivers DDI Input Manager Input Manager Audio Drivers Audio Drivers DirectX Graphics Mini port DirectX Graphics Mini port Redirectors SCSI/FC 802.3 802.11.. Device Drivers Management PresentationDataCommunication WinFSIndigo Make the connection Windows Forms Avalon ASP.NET ObjectSpaces DataSet SQL XML Providers Framework Services Schemas Data Model ADO.NET Connectivity Synchronization (WinFS, Win32..) InfoAgent (PreferenceRules..) InfoAgent (PreferenceRules..) FileSystem Services (MetaDataHandlers..) FileSystem Services (MetaDataHandlers..) Calendar Media Document … … Items Relationships Extensions Communications Manager (Port) Messaging Services Transport Channels (IPC, HTTP, TCP…) Transport Channels (IPC, HTTP, TCP…) IO Manager Channels (Datagram, Reliable, Peer, …) Policy Engine Policy Engine Message Encoder Message Encoder Channel Security Channel Security Queuing Eventing Routing Transaction Desktop Services Desktop Services Desktop Window Manager Desktop Window Manager Presentation Object Manager Desktop Composition Engine Animation and Composition Media Services Hardware Rendering Hardware Rendering Media Processing Capture and Sourcing Capture and Sourcing Software Rendering and Sinks Software Rendering and Sinks Adaptive UI Engine Adaptive UI Engine Page/Site Composition Personalization and Profiling Services Personalization and Profiling Services Membership and Security Services Membership and Security Services Designer Services Designer Services Controls Interop Engine Controls Interop Engine Controls Windows Forms Application Services Application Services Application Deployment Engine (Click-Once) Application Deployment Engine (Click-Once) People Group Identity & Security System Identity & Security System Collaboration People and Groups People and Groups Collaboration History Collaboration History Real-Time Activities Real-Time Activities Signaling Federation System Services FAT 16/32 Filter Manager Filter Manager Distributed File System Distributed File System Backup / Restore Backup / Restore File Replication Service File Replication Service Virtual Disk Service Virtual Disk Service Models Service Object T/SQL XML Document UI Media

3 3 Connector Communications Manager (Port) Transport Channels (IPC, HTTP, TCP…) Transport Channels (IPC, HTTP, TCP…) Channels (Datagram, Reliable, Peer, …) Policy Engine Policy Engine Message Encoder Message Encoder Channel Security Channel Security Service Model Hosting Environments Instance Manager Context Manager Type Integration Service Methods Declarative Behaviors Transacted Methods ASP.NET.container.exe NT Service DllHost Messaging Services System Services Queuing Routing Eventing … … Transaction Federation … … “Indigo” Architecture

4 4 What Is Indigo? “Indigo” is a set of.NET technologies for building and managing service-oriented systems “Indigo” is scale-invariant “Indigo” is broadly interoperable “Indigo” provides a unified programming model and runtime “Indigo” is a set of.NET technologies for building and managing service-oriented systems “Indigo” is scale-invariant “Indigo” is broadly interoperable “Indigo” provides a unified programming model and runtime

5 5 The Role Of Transactions Intra-service correctness Availability versus latency Compensation and trust Declarative and ubiquitous Intra-service correctness Availability versus latency Compensation and trust Declarative and ubiquitous

6 6 System.Transactions Manual Transactions (ITransaction, ITransactionManager, IEnlistment) Implicit Transactions (Transaction.Current, TransactionScope) Declarative Transactions (Indigo) ([Transaction]) Resource Manager Utilities (Log, Isolation)

7 7 System.Transactions

8 8 “Indigo” And Transactions Transacted Methods Transaction scopes can be automated through attribute Tx.Current established by Service Model Outcome determined based on normal/abnormal termination Origin of transaction orthogonal to scope Transaction scopes can be automated through attribute Tx.Current established by Service Model Outcome determined based on normal/abnormal termination Origin of transaction orthogonal to scope

9 9 “Indigo” And Transactions Transacted I/O “Indigo” channels can support transaction protection on message delivery Transacted send defers transmission until successful TX outcome Transacted receive returns message to queue upon failed TX Established during channel creation Per-method attribute sets defaults “Indigo” channels can support transaction protection on message delivery Transacted send defers transmission until successful TX outcome Transacted receive returns message to queue upon failed TX Established during channel creation Per-method attribute sets defaults

10 10 “Indigo” And Transactions Transacted Services Common logging facility makes compensation efficient and tractable Unified log between TM, RM, and application Based on ARIES log protocol Isolation support via service-specific optimistic concurrency or via TX-aware locks Common logging facility makes compensation efficient and tractable Unified log between TM, RM, and application Based on ARIES log protocol Isolation support via service-specific optimistic concurrency or via TX-aware locks

11 11 “Indigo” And Transactions Transaction Propagation “Indigo” supports propagation of arbitrary execution context DCOM causality.NET Remoting LCID ILogicalThreadAffinitive Transactions are but another piece of context that can flow Propagation is opt-in for services, opt-out for objects “Indigo” supports propagation of arbitrary execution context DCOM causality.NET Remoting LCID ILogicalThreadAffinitive Transactions are but another piece of context that can flow Propagation is opt-in for services, opt-out for objects

12 12 “Indigo” And Transactions

13 13 The Role Of Reliable Messaging The impact of intermediaries The impact on contracts Immediate versus deferred message transfer The impact of intermediaries The impact on contracts Immediate versus deferred message transfer

14 14 Reliable Messaging In Indigo “Indigo” provides reliable message sequences Uni- or bi-directional Sender/receiver lifetimes may overlap or not Message store is configurable Volatile versus durable Transacted resource manager Parameterized delivery assurances “Indigo” provides reliable message sequences Uni- or bi-directional Sender/receiver lifetimes may overlap or not Message store is configurable Volatile versus durable Transacted resource manager Parameterized delivery assurances

15 15 Reliable Messaging In Indigo RM characteristics specified as channel capabilities/requirements Services specify characteristics via per class/interface attribute Contract carries essential details Characteristics of proxy subject to contract + imperative calls RM characteristics specified as channel capabilities/requirements Services specify characteristics via per class/interface attribute Contract carries essential details Characteristics of proxy subject to contract + imperative calls

16 16 Reliable Messaging

17 17 The Role Of Security Services have a variety of security needs Messages need to be protected or both integrity and confidentiality Services and clients need authentication Services often wish to grant authorization selectively based on client credentials All of this needs to work across organization and platform boundaries Services have a variety of security needs Messages need to be protected or both integrity and confidentiality Services and clients need authentication Services often wish to grant authorization selectively based on client credentials All of this needs to work across organization and platform boundaries

18 18 “Turn-Key” “Indigo” Security Development (code attributes) Annotate services with code attributes Define authentication, confidentiality, integrity, and access control requirements Deployment (configuration) Define and select security profile settings Administration (security data) Specify authorization mappings (user to role) Specify username-password credentials Specify presentation credentials Development (code attributes) Annotate services with code attributes Define authentication, confidentiality, integrity, and access control requirements Deployment (configuration) Define and select security profile settings Administration (security data) Specify authorization mappings (user to role) Specify username-password credentials Specify presentation credentials

19 19 Turn-Key Development Declarative Attributes Annotate Service classes and methods Security Requirement Attributes Integrity Confidentiality ClientAuthentication AccessControl Security Settings Profile Each requirement is scoped to the messages corresponding to the annotated class or method Annotate Service classes and methods Security Requirement Attributes Integrity Confidentiality ClientAuthentication AccessControl Security Settings Profile Each requirement is scoped to the messages corresponding to the annotated class or method

20 20 Turn-Key Deployment Configuration and Profiles Define security profiles which indicate how security requirements are to be satisfied Developer or deployer may define their own security profiles Common security profiles are predefined in machine.config A scope of messages are bound to a security profile Define security profiles which indicate how security requirements are to be satisfied Developer or deployer may define their own security profiles Common security profiles are predefined in machine.config A scope of messages are bound to a security profile

21 21 Turn-Key Deployment Configuration and Profiles A security profile is composed of the following security settings Authentication mechanism Intranet (Windows Kerberos) Internet (Username-password) B2B (X.509) Federated (XrML or SAML) Replay Detection mechanism Encryption mechanism Authorization provider A security profile is composed of the following security settings Authentication mechanism Intranet (Windows Kerberos) Internet (Username-password) B2B (X.509) Federated (XrML or SAML) Replay Detection mechanism Encryption mechanism Authorization provider

22 22 Turn-Key Administration Security Administration Data Security Administration Data includes three kinds of information Presentation Credentials – for presenting to other services Trust Credentials – for authorizing trusted users, partners, or issuers Authorization Data – for mapping input claims to authorization data (e.g., user to role) Security Administration Data includes three kinds of information Presentation Credentials – for presenting to other services Trust Credentials – for authorizing trusted users, partners, or issuers Authorization Data – for mapping input claims to authorization data (e.g., user to role)

23 23 “Indigo” Security

24 24 Where Are We? “Indigo” uses transactions to increase the reliability and correctness of services “Indigo” provides reliable and durable message transmission between services “Indigo” supports a broad range of security protocols using a simple declarative programming model “Indigo” uses transactions to increase the reliability and correctness of services “Indigo” provides reliable and durable message transmission between services “Indigo” supports a broad range of security protocols using a simple declarative programming model

25 25 For More Information Come see us Immediately after this session Web/Services Lounge: 309 Foyer MSDN “Longhorn” DevCenter http://msdn.microsoft.com/longhorn http://msdn.microsoft.com/longhorn Newsgroup microsoft.public.windows.developer.winfx.indigo At PDC Hands on labs: On-site or download from CommNet Ask The Experts: Tuesday 7 P.M. – 9 P.M. Hall G, H PDC Weblogs: http://pdcbloggers.nethttp://pdcbloggers.net Come see us Immediately after this session Web/Services Lounge: 309 Foyer MSDN “Longhorn” DevCenter http://msdn.microsoft.com/longhorn http://msdn.microsoft.com/longhorn Newsgroup microsoft.public.windows.developer.winfx.indigo At PDC Hands on labs: On-site or download from CommNet Ask The Experts: Tuesday 7 P.M. – 9 P.M. Hall G, H PDC Weblogs: http://pdcbloggers.nethttp://pdcbloggers.net

26 26 © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

27

Download ppt "1 Programming "Indigo" Part 2: Secure, Reliable, Transacted Services Session Code: WSV 302 Don Box Architect Microsoft Corporation"

Similar presentations

Indigo Jonathan Turnbull Nick Cartwright Ivan Konontsev Chris Bright.

Indigo Jonathan Turnbull Nick Cartwright Ivan Konontsev Chris Bright.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Socket Programming.

Socket Programming.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
1 Introducing the “Longhorn” Identity System Stuart Kwan Product Unit Manager Microsoft Corporation Stuart Kwan

1 Introducing the “Longhorn” Identity System Stuart Kwan Product Unit Manager Microsoft Corporation Stuart Kwan
 The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization.

 The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization.
What’s new for Rich Clients? Martin Parry Developer & Platform Group Microsoft Ltd

What’s new for Rich Clients? Martin Parry Developer & Platform Group Microsoft Ltd
Getting Started with Windows Communication Foundation 4.5 Ed Jones, MCT, MCPD, MCTS Consultant RBA Inc.

Getting Started with Windows Communication Foundation 4.5 Ed Jones, MCT, MCPD, MCTS Consultant RBA Inc.
Getting Started with WCF Windows Communication Foundation 4.0 Development Chapter 1.

Getting Started with WCF Windows Communication Foundation 4.0 Development Chapter 1.
SP2 Mikael Nystrom. Agenda Översikt Installation.

SP2 Mikael Nystrom. Agenda Översikt Installation.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as e-mail.

Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .
1 Using XSD, CLR Types, And Serialization In Web Services Doug Purdy Program Manager Microsoft Corporation Doug Purdy Program Manager.

1 Using XSD, CLR Types, And Serialization In Web Services Doug Purdy Program Manager Microsoft Corporation Doug Purdy Program Manager.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.

Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.

Similar presentations

Ads by Google