WS SECURITY SPECS ADVANCE; DEUTSCHE BANK PRESENTS SECURE WS APP

By Nicole Hemsoth

November 15, 2004

WS SECURITY SPECS ADVANCE; DEUTSCHE BANK PRESENTS SECURE WS APP
By Alan J. Weissberger, Contributing Editor

I. Summary

At the Nov. 2-4 meeting of the Web Services Interoperability (WS-I) Organization, excellent progress was made on several WS Basic Security Profile specifications, sample applications and test tools. When packaged together, these will be used (by vendors, systems integrators, and users) to provide the underlying security functionality for GGF compliant Grid computing.

In a Technical Showcase presentation on how member companies are using WS-I deliverables, Deutsche Bank (DB) described a Web services application running on their enterprise Grid of servers. DB's use cases were later presented to the Sample Apps WG, which will include them in future sample applications demonstrating the WS-I Basic Security Profile. End users from BT, IBM, Ford Motor, Daimler Chrysler, Fidelity Investments also participated at this productive and stimulating WS-I meeting

II. WS-I Background

The WS-I Organization mission is to generate specifications that provide vendors, system integrators and developers with guidelines for creating interoperable Web Services solutions. Working with standards from W3C and OASIS TC's, the WS-I organization creates three pillars for each of its activities: profiles, sample applications and test tools. Each of these has its own WS-I Working Group (WG). WS-I has three plenary or “community” meetings per year, with interim meetings scheduled by each WG separately, based on their respective workloads.

More information on WS-I may be obtained from www.ws-i.org/.

WS-I has already published Basic Profiles 1.0 and 1.1, SOAP with Attachments Profile 1.0, and Simple SOAP Binding (with HTTP) Profile 1.0:

III. WS-I Security Activities — 3 WGs are involved:

The next major work item for WS-I, ongoing for the last 18 months, has been the Basic Security Profile (BSP). This work, based on the OASIS WS-Security standard, aims to provide a package of a security scenarios document, a basic profile specification, test tools and sample applications that demonstrate interoperable Web services security.

Any company that intends to use Web services beyond its firewall — for inter-departmental or inter-company communications — will need to ensure that all SOAP messages are secure and not tamper able or decipherable by “the man in the middle.” Interoperable WS Security capabilities will be essential for all eBusiness and eCommerce applications, as well as for Grid computing.

A. The WS-I BSP WG is working on two deliverables:

  • Security Scenarios document includes a Glossary, Security Challenges and Threats, Security Solutions and Mechanisms, Generic Security Requirements and Security Scenario Descriptions. WS-I Board approval is expected this December.
  • Basic Security Profile 1.0 profiles the OASIS WS Security standard in order to promote interoperability. It includes user name and X.509 tokens, and references the WS-I BP 1.0, 1.1, and SOAP with Attachments profile. Initial drafts for SAML and REL Token Profiles have been completed, while drafts for Kerberos Token Profile will be done after OASIS Security TC interoperability testing. These Token Profiles may be separate documents, or folded into the Basic Security Profile document at a later date when all the token profiles have been completed.

There are three sections of the WS-I Basic Security Profile 1.0 document:

  • Section 1 introduces the Profile, and relates the philosophy that it takes with regard to interoperability.
  • Section 2, “Scope of the Profile,” delimits the areas where the Profile improves interoperability.
  • Section 3, “Profile Conformance,” explains what it means to be conformant to the Profile. àA new editors draft was produced at this meeting, with WS-I Board approval for the completed document expected in 1Q 2005.

B. The WS-I Sample Apps WG is working on a Security Architecture document to guide development of source code for sample applications, which will demonstrate use of the BSP 1.0 as well as the Token Profiles (see description above). Currently, the sample applications are based on a supply chain business scenario.

C. The WS-I Test Tools WG is developing a Test Assertion Document (TAD) that will be used to test conformance to the BSP 1.0. This document contains the test assertions for the WS-I SOAP Message Security Profile definition. These test assertions are used by the analyzer testing tool to determine if a Web service is conformant to the Basic Security Profile.

The Test WG voted to make the current BSP 1.0 TAD public, inorder to gather further comments. As such, it will soon be available on the WS-I Web site for public review.

Also at this meeting, a new document on Enhanced Logging for Security was produced by the Test Tools WG.

IV. Deutsche Bank presentation On Use Of WS-I Deliverables, By Kieron Drake

DB uses Web services for four principal reasons:

  • Enabling secure access for external clients to post trade data.
  • Improving automation of trade processing.
  • Trade entry (capture) for structured financial products.
  • It support the move to a (System Oriented Architecture (SOA).

Web Services enables DB to accept and process complex transactions from customers and internal traders, while protecting their users confidentiality. In essence, trade confirmations are replaced by a Web service that provides a signed agreement of the financial transaction or trade (e.g. between a broker dealer and investment bank or between two banks directly).

Web Services helps support the move to SOA, internally within DB. They standardized on WS-I BP 1.0 and are now moving to WS-I BP 1.1 (see references above). The WS-I basic profiles are augmented by a secure WS infrastructure, which is based on DB developed “XML firewalls.” Those firewalls provide “secure plumbing” and expose “compensating bugs” in WS vendor solutions. The XML firewalls isolates Java and .NET clients from the J2EE and .NET servers that they access (these servers collectively form an enterprise compute Grid, which is accessed by the client PCs). DB noted one problem with a secure WS: it involves heavy use of asynchronous encryption algorithms, which adds a tremendous amount of overhead to messages.

Editors Note: While the XML firewalls provide the secure WS now, DB will standardize on the WS-I BSP when it has been completed. They later presented their WS Security requirements to the Sample Apps WG.

DB uses WS-I Test Tools to validate conformance to BP 1.0. Those tools have been particularly valuable with respect to validating WS vendor supplied WSDL (Web Services Description Language). The testing of vendor WSDL's drives an XML schema based, data centric approach to transaction processing at DB.

The trades capture system now being implemented by DB is faster and cheaper than the previous system, while permitting them to reuse existing servers. DB clients may access their post trade data over a secure environment that protects their confidentiality requirements.

Postscript: This editor suggested to the WS-I President and several board members that profiling of selected WS Security related specifications (that have not yet been submitted to a standards committee) might be a very useful work item. These specifications include: WS Federation, WS-Trust and WS-Secure Conversation. WS-Policy would also be involved. It remains to be seen if the WS-I Board of Directors will consider this suggestion.

Appendix: WS-I Deliverables

WS-I's deliverables provide resources for Web services developers to create interoperable Web services and verify that their results are compliant with WS-I guidelines. Key WS-I deliverables include Profiles, Sample Applications and Testing Tools, based on Web Services standards (from W3C and/or OASIS TCs):

  • Profiles provide implementation guidelines for how related Web services specifications should be used together for best interoperability. To date, WS-I has finalized the Basic Profile, Attachments Profile and Simple SOAP Binding Profile. Work on a Basic Security Profile is currently underway.
  • Sample Applications demonstrate Web services applications that are compliant with WS-I guidelines. These implementations are developed using multiple platforms, languages and programming tools, demonstrating interoperability in action, and providing readily usable resources for the Web services developer. Sample applications serve as working examples for developers looking to follow the WS-I guidelines in their programming environment of choice. To date, WS-I has delivered eleven implementations of the WS-I Sample Application for the Basic Profile.
  • Testing Tools are used to determine whether the messages exchanged with a Web service conform to WS-I guidelines. These tools monitor the messages and analyze the resulting log to identify any known interoperability issues. These testing capabilities are important for developers to ensure that their implementations comply with the current interoperability guidelines for the use of Web services specifications. Tests are self administered and aimed at uncovering unconventional usage or errors in specification implementations, thus improving interoperability between applications and across platforms. To date, WS-I has developed tests for developers to verify their conformance with the Basic Profile 1.0, and work on the other WS-I profiles is underway.
About Alan J. Weissberger

As the founder and Technical Director of Data Communications Technology (DCT), a technical consulting firm started in March 1983, Alan J. Weissberger specializes in telecommunications standards and their implementation. His clients have included network providers (AT&T, NTT, Pacific Bell, US West, Entel and CTC in Chile, Telkom South Africa, Moroccan PTT, others), equipment and semiconductor manufacturers, and large end users. In 1995 and 1996 Alan was the principal architect for the European Commission's multi-service, multi-country ATM network — the largest private network in Europe (that network has now evolved into Gig Ethernet over CWDM). In 2000-01, he was Ciena's lead ITU-T delegate, contributing to the standardization of the optical control plane in SG13 and SG15. Alan now represents NEC Corp in several OASIS TCs dealing with Web Services, while also attending the Global Grid Forum and the Optical Internetworking Forum (OIF).

Weissberger can be reached via e-mail at [email protected] or [email protected]. To read his entire biography, please visit www.gridtoday.com/04/1011/bio.html.

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

SODALITE: Towards Automated Optimization of HPC Application Deployment

May 29, 2020

Developing and deploying applications across heterogeneous infrastructures like HPC or Cloud with diverse hardware is a complex problem. Enabling developers to describe the application deployment and optimising runtime p Read more…

By the SODALITE Team

What’s New in HPC Research: Astronomy, Weather, Security & More

May 29, 2020

In this bimonthly feature, HPCwire highlights newly published research in the high-performance computing community and related domains. From parallel programming to exascale to quantum computing, the details are here. Read more…

By Oliver Peckham

DARPA Looks to Automate Secure Silicon Designs

May 28, 2020

The U.S. military is ramping up efforts to secure semiconductors and its electronics supply chain by embedding defenses during the chip design phase. The automation effort also addresses the high cost and complexity of s Read more…

By George Leopold

COVID-19 HPC Consortium Expands to Europe, Reports on Research Projects

May 28, 2020

The COVID-19 HPC Consortium, a public-private effort delivering free access to HPC processing for scientists pursuing coronavirus research – some utilizing AI-based techniques – has expanded to more than 56 research Read more…

By Doug Black

What’s New in Computing vs. COVID-19: IceCube, TACC, Watson & More

May 28, 2020

Supercomputing, big data and artificial intelligence are crucial tools in the fight against the coronavirus pandemic. Around the world, researchers, corporations and governments are urgently devoting their computing reso Read more…

By Oliver Peckham

AWS Solution Channel

Computational Fluid Dynamics on AWS

Over the past 30 years Computational Fluid Dynamics (CFD) has grown to become a key part of many engineering design processes. From aircraft design to modelling the blood flow in our bodies, the ability to understand the behaviour of fluids has enabled countless innovations and improved the time to market for many products. Read more…

Supercomputer Simulations Explain the Asteroid that Killed the Dinosaurs

May 28, 2020

The supercomputing community has cataclysms on the mind. Hot on the heels of supercomputer-powered research delving into the fate of the neanderthals, a team of researchers used supercomputers at the DiRAC (Distributed R Read more…

By Oliver Peckham

COVID-19 HPC Consortium Expands to Europe, Reports on Research Projects

May 28, 2020

The COVID-19 HPC Consortium, a public-private effort delivering free access to HPC processing for scientists pursuing coronavirus research – some utilizing AI Read more…

By Doug Black

$100B Plan Submitted for Massive Remake and Expansion of NSF

May 27, 2020

Legislation to reshape, expand - and rename - the National Science Foundation has been submitted in both the U.S. House and Senate. The proposal, which seems to Read more…

By John Russell

IBM Boosts Deep Learning Accuracy on Memristive Chips

May 27, 2020

IBM researchers have taken another step towards making in-memory computing based on phase change (PCM) memory devices a reality. Papers in Nature and Frontiers Read more…

By John Russell

Hats Over Hearts: Remembering Rich Brueckner

May 26, 2020

HPCwire and all of the Tabor Communications family are saddened by last week’s passing of Rich Brueckner. He was the ever-optimistic man in the Red Hat presiding over the InsideHPC media portfolio for the past decade and a constant presence at HPC’s most important events. Read more…

Nvidia Q1 Earnings Top Expectations, Datacenter Revenue Breaks $1B

May 22, 2020

Nvidia’s seemingly endless roll continued in the first quarter with the company announcing blockbuster earnings that exceeded Wall Street expectations. Nvidia Read more…

By Doug Black

Microsoft’s Massive AI Supercomputer on Azure: 285k CPU Cores, 10k GPUs

May 20, 2020

Microsoft has unveiled a supercomputing monster – among the world’s five most powerful, according to the company – aimed at what is known in scientific an Read more…

By Doug Black

HPC in Life Sciences 2020 Part 1: Rise of AMD, Data Management’s Wild West, More 

May 20, 2020

Given the disruption caused by the COVID-19 pandemic and the massive enlistment of major HPC resources to fight the pandemic, it is especially appropriate to re Read more…

By John Russell

AMD Epyc Rome Picked for New Nvidia DGX, but HGX Preserves Intel Option

May 19, 2020

AMD continues to make inroads into the datacenter with its second-generation Epyc "Rome" processor, which last week scored a win with Nvidia's announcement that Read more…

By Tiffany Trader

Supercomputer Modeling Tests How COVID-19 Spreads in Grocery Stores

April 8, 2020

In the COVID-19 era, many people are treating simple activities like getting gas or groceries with caution as they try to heed social distancing mandates and protect their own health. Still, significant uncertainty surrounds the relative risk of different activities, and conflicting information is prevalent. A team of Finnish researchers set out to address some of these uncertainties by... Read more…

By Oliver Peckham

[email protected] Turns Its Massive Crowdsourced Computer Network Against COVID-19

March 16, 2020

For gamers, fighting against a global crisis is usually pure fantasy – but now, it’s looking more like a reality. As supercomputers around the world spin up Read more…

By Oliver Peckham

[email protected] Rallies a Legion of Computers Against the Coronavirus

March 24, 2020

Last week, we highlighted [email protected], a massive, crowdsourced computer network that has turned its resources against the coronavirus pandemic sweeping the globe – but [email protected] isn’t the only game in town. The internet is buzzing with crowdsourced computing... Read more…

By Oliver Peckham

Global Supercomputing Is Mobilizing Against COVID-19

March 12, 2020

Tech has been taking some heavy losses from the coronavirus pandemic. Global supply chains have been disrupted, virtually every major tech conference taking place over the next few months has been canceled... Read more…

By Oliver Peckham

DoE Expands on Role of COVID-19 Supercomputing Consortium

March 25, 2020

After announcing the launch of the COVID-19 High Performance Computing Consortium on Sunday, the Department of Energy yesterday provided more details on its sco Read more…

By John Russell

Supercomputer Simulations Reveal the Fate of the Neanderthals

May 25, 2020

For hundreds of thousands of years, neanderthals roamed the planet, eventually (almost 50,000 years ago) giving way to homo sapiens, which quickly became the do Read more…

By Oliver Peckham

Steve Scott Lays Out HPE-Cray Blended Product Roadmap

March 11, 2020

Last week, the day before the El Capitan processor disclosures were made at HPE's new headquarters in San Jose, Steve Scott (CTO for HPC & AI at HPE, and former Cray CTO) was on-hand at the Rice Oil & Gas HPC conference in Houston. He was there to discuss the HPE-Cray transition and blended roadmap, as well as his favorite topic, Cray's eighth-gen networking technology, Slingshot. Read more…

By Tiffany Trader

Honeywell’s Big Bet on Trapped Ion Quantum Computing

April 7, 2020

Honeywell doesn’t spring to mind when thinking of quantum computing pioneers, but a decade ago the high-tech conglomerate better known for its control systems waded deliberately into the then calmer quantum computing (QC) waters. Fast forward to March when Honeywell announced plans to introduce an ion trap-based quantum computer whose ‘performance’ would... Read more…

By John Russell

Leading Solution Providers

SC 2019 Virtual Booth Video Tour

AMD
AMD
ASROCK RACK
ASROCK RACK
AWS
AWS
CEJN
CJEN
CRAY
CRAY
DDN
DDN
DELL EMC
DELL EMC
IBM
IBM
MELLANOX
MELLANOX
ONE STOP SYSTEMS
ONE STOP SYSTEMS
PANASAS
PANASAS
SIX NINES IT
SIX NINES IT
VERNE GLOBAL
VERNE GLOBAL
WEKAIO
WEKAIO

Contributors

Fujitsu A64FX Supercomputer to Be Deployed at Nagoya University This Summer

February 3, 2020

Japanese tech giant Fujitsu announced today that it will supply Nagoya University Information Technology Center with the first commercial supercomputer powered Read more…

By Tiffany Trader

Tech Conferences Are Being Canceled Due to Coronavirus

March 3, 2020

Several conferences scheduled to take place in the coming weeks, including Nvidia’s GPU Technology Conference (GTC) and the Strata Data + AI conference, have Read more…

By Alex Woodie

Exascale Watch: El Capitan Will Use AMD CPUs & GPUs to Reach 2 Exaflops

March 4, 2020

HPE and its collaborators reported today that El Capitan, the forthcoming exascale supercomputer to be sited at Lawrence Livermore National Laboratory and serve Read more…

By John Russell

Cray to Provide NOAA with Two AMD-Powered Supercomputers

February 24, 2020

The United States’ National Oceanic and Atmospheric Administration (NOAA) last week announced plans for a major refresh of its operational weather forecasting supercomputers, part of a 10-year, $505.2 million program, which will secure two HPE-Cray systems for NOAA’s National Weather Service to be fielded later this year and put into production in early 2022. Read more…

By Tiffany Trader

‘Billion Molecules Against COVID-19’ Challenge to Launch with Massive Supercomputing Support

April 22, 2020

Around the world, supercomputing centers have spun up and opened their doors for COVID-19 research in what may be the most unified supercomputing effort in hist Read more…

By Oliver Peckham

Summit Supercomputer is Already Making its Mark on Science

September 20, 2018

Summit, now the fastest supercomputer in the world, is quickly making its mark in science – five of the six finalists just announced for the prestigious 2018 Read more…

By John Russell

15 Slides on Programming Aurora and Exascale Systems

May 7, 2020

Sometime in 2021, Aurora, the first planned U.S. exascale system, is scheduled to be fired up at Argonne National Laboratory. Cray (now HPE) and Intel are the k Read more…

By John Russell

TACC Supercomputers Run Simulations Illuminating COVID-19, DNA Replication

March 19, 2020

As supercomputers around the world spin up to combat the coronavirus, the Texas Advanced Computing Center (TACC) is announcing results that may help to illumina Read more…

By Staff report

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This