WS SECURITY SPECS ADVANCE; DEUTSCHE BANK PRESENTS SECURE WS APP

By Nicole Hemsoth

November 15, 2004

WS SECURITY SPECS ADVANCE; DEUTSCHE BANK PRESENTS SECURE WS APP
By Alan J. Weissberger, Contributing Editor

I. Summary

At the Nov. 2-4 meeting of the Web Services Interoperability (WS-I) Organization, excellent progress was made on several WS Basic Security Profile specifications, sample applications and test tools. When packaged together, these will be used (by vendors, systems integrators, and users) to provide the underlying security functionality for GGF compliant Grid computing.

In a Technical Showcase presentation on how member companies are using WS-I deliverables, Deutsche Bank (DB) described a Web services application running on their enterprise Grid of servers. DB's use cases were later presented to the Sample Apps WG, which will include them in future sample applications demonstrating the WS-I Basic Security Profile. End users from BT, IBM, Ford Motor, Daimler Chrysler, Fidelity Investments also participated at this productive and stimulating WS-I meeting

II. WS-I Background

The WS-I Organization mission is to generate specifications that provide vendors, system integrators and developers with guidelines for creating interoperable Web Services solutions. Working with standards from W3C and OASIS TC's, the WS-I organization creates three pillars for each of its activities: profiles, sample applications and test tools. Each of these has its own WS-I Working Group (WG). WS-I has three plenary or “community” meetings per year, with interim meetings scheduled by each WG separately, based on their respective workloads.

More information on WS-I may be obtained from www.ws-i.org/.

WS-I has already published Basic Profiles 1.0 and 1.1, SOAP with Attachments Profile 1.0, and Simple SOAP Binding (with HTTP) Profile 1.0:

III. WS-I Security Activities — 3 WGs are involved:

The next major work item for WS-I, ongoing for the last 18 months, has been the Basic Security Profile (BSP). This work, based on the OASIS WS-Security standard, aims to provide a package of a security scenarios document, a basic profile specification, test tools and sample applications that demonstrate interoperable Web services security.

Any company that intends to use Web services beyond its firewall — for inter-departmental or inter-company communications — will need to ensure that all SOAP messages are secure and not tamper able or decipherable by “the man in the middle.” Interoperable WS Security capabilities will be essential for all eBusiness and eCommerce applications, as well as for Grid computing.

A. The WS-I BSP WG is working on two deliverables:

  • Security Scenarios document includes a Glossary, Security Challenges and Threats, Security Solutions and Mechanisms, Generic Security Requirements and Security Scenario Descriptions. WS-I Board approval is expected this December.
  • Basic Security Profile 1.0 profiles the OASIS WS Security standard in order to promote interoperability. It includes user name and X.509 tokens, and references the WS-I BP 1.0, 1.1, and SOAP with Attachments profile. Initial drafts for SAML and REL Token Profiles have been completed, while drafts for Kerberos Token Profile will be done after OASIS Security TC interoperability testing. These Token Profiles may be separate documents, or folded into the Basic Security Profile document at a later date when all the token profiles have been completed.

There are three sections of the WS-I Basic Security Profile 1.0 document:

  • Section 1 introduces the Profile, and relates the philosophy that it takes with regard to interoperability.
  • Section 2, “Scope of the Profile,” delimits the areas where the Profile improves interoperability.
  • Section 3, “Profile Conformance,” explains what it means to be conformant to the Profile. àA new editors draft was produced at this meeting, with WS-I Board approval for the completed document expected in 1Q 2005.

B. The WS-I Sample Apps WG is working on a Security Architecture document to guide development of source code for sample applications, which will demonstrate use of the BSP 1.0 as well as the Token Profiles (see description above). Currently, the sample applications are based on a supply chain business scenario.

C. The WS-I Test Tools WG is developing a Test Assertion Document (TAD) that will be used to test conformance to the BSP 1.0. This document contains the test assertions for the WS-I SOAP Message Security Profile definition. These test assertions are used by the analyzer testing tool to determine if a Web service is conformant to the Basic Security Profile.

The Test WG voted to make the current BSP 1.0 TAD public, inorder to gather further comments. As such, it will soon be available on the WS-I Web site for public review.

Also at this meeting, a new document on Enhanced Logging for Security was produced by the Test Tools WG.

IV. Deutsche Bank presentation On Use Of WS-I Deliverables, By Kieron Drake

DB uses Web services for four principal reasons:

  • Enabling secure access for external clients to post trade data.
  • Improving automation of trade processing.
  • Trade entry (capture) for structured financial products.
  • It support the move to a (System Oriented Architecture (SOA).

Web Services enables DB to accept and process complex transactions from customers and internal traders, while protecting their users confidentiality. In essence, trade confirmations are replaced by a Web service that provides a signed agreement of the financial transaction or trade (e.g. between a broker dealer and investment bank or between two banks directly).

Web Services helps support the move to SOA, internally within DB. They standardized on WS-I BP 1.0 and are now moving to WS-I BP 1.1 (see references above). The WS-I basic profiles are augmented by a secure WS infrastructure, which is based on DB developed “XML firewalls.” Those firewalls provide “secure plumbing” and expose “compensating bugs” in WS vendor solutions. The XML firewalls isolates Java and .NET clients from the J2EE and .NET servers that they access (these servers collectively form an enterprise compute Grid, which is accessed by the client PCs). DB noted one problem with a secure WS: it involves heavy use of asynchronous encryption algorithms, which adds a tremendous amount of overhead to messages.

Editors Note: While the XML firewalls provide the secure WS now, DB will standardize on the WS-I BSP when it has been completed. They later presented their WS Security requirements to the Sample Apps WG.

DB uses WS-I Test Tools to validate conformance to BP 1.0. Those tools have been particularly valuable with respect to validating WS vendor supplied WSDL (Web Services Description Language). The testing of vendor WSDL's drives an XML schema based, data centric approach to transaction processing at DB.

The trades capture system now being implemented by DB is faster and cheaper than the previous system, while permitting them to reuse existing servers. DB clients may access their post trade data over a secure environment that protects their confidentiality requirements.

Postscript: This editor suggested to the WS-I President and several board members that profiling of selected WS Security related specifications (that have not yet been submitted to a standards committee) might be a very useful work item. These specifications include: WS Federation, WS-Trust and WS-Secure Conversation. WS-Policy would also be involved. It remains to be seen if the WS-I Board of Directors will consider this suggestion.

Appendix: WS-I Deliverables

WS-I's deliverables provide resources for Web services developers to create interoperable Web services and verify that their results are compliant with WS-I guidelines. Key WS-I deliverables include Profiles, Sample Applications and Testing Tools, based on Web Services standards (from W3C and/or OASIS TCs):

  • Profiles provide implementation guidelines for how related Web services specifications should be used together for best interoperability. To date, WS-I has finalized the Basic Profile, Attachments Profile and Simple SOAP Binding Profile. Work on a Basic Security Profile is currently underway.
  • Sample Applications demonstrate Web services applications that are compliant with WS-I guidelines. These implementations are developed using multiple platforms, languages and programming tools, demonstrating interoperability in action, and providing readily usable resources for the Web services developer. Sample applications serve as working examples for developers looking to follow the WS-I guidelines in their programming environment of choice. To date, WS-I has delivered eleven implementations of the WS-I Sample Application for the Basic Profile.
  • Testing Tools are used to determine whether the messages exchanged with a Web service conform to WS-I guidelines. These tools monitor the messages and analyze the resulting log to identify any known interoperability issues. These testing capabilities are important for developers to ensure that their implementations comply with the current interoperability guidelines for the use of Web services specifications. Tests are self administered and aimed at uncovering unconventional usage or errors in specification implementations, thus improving interoperability between applications and across platforms. To date, WS-I has developed tests for developers to verify their conformance with the Basic Profile 1.0, and work on the other WS-I profiles is underway.
About Alan J. Weissberger

As the founder and Technical Director of Data Communications Technology (DCT), a technical consulting firm started in March 1983, Alan J. Weissberger specializes in telecommunications standards and their implementation. His clients have included network providers (AT&T, NTT, Pacific Bell, US West, Entel and CTC in Chile, Telkom South Africa, Moroccan PTT, others), equipment and semiconductor manufacturers, and large end users. In 1995 and 1996 Alan was the principal architect for the European Commission's multi-service, multi-country ATM network — the largest private network in Europe (that network has now evolved into Gig Ethernet over CWDM). In 2000-01, he was Ciena's lead ITU-T delegate, contributing to the standardization of the optical control plane in SG13 and SG15. Alan now represents NEC Corp in several OASIS TCs dealing with Web Services, while also attending the Global Grid Forum and the Optical Internetworking Forum (OIF).

Weissberger can be reached via e-mail at [email protected] or [email protected]. To read his entire biography, please visit www.gridtoday.com/04/1011/bio.html.

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

At SC19: What Is UrgentHPC and Why Is It Needed?

November 14, 2019

The UrgentHPC workshop, taking place Sunday (Nov. 17) at SC19, is focused on using HPC and real-time data for urgent decision making in response to disasters such as wildfires, flooding, health emergencies, and accidents. We chat with organizer Nick Brown, research fellow at EPCC, University of Edinburgh, to learn more. Read more…

By Tiffany Trader

China’s Tencent Server Design Will Use AMD Rome

November 13, 2019

Tencent, the Chinese cloud giant, said it would use AMD’s newest Epyc processor in its internally-designed server. The design win adds further momentum to AMD’s bid to erode rival Intel Corp.’s dominance of the glo Read more…

By George Leopold

NCSA Industry Conference Recap – Part 1

November 13, 2019

Industry Program Director Brendan McGinty welcomed guests to the annual National Center for Supercomputing Applications (NCSA) Industry Conference, October 8-10, on the University of Illinois campus in Urbana (UIUC). One hundred seventy from 40 organizations attended the invitation-only, two-day event. Read more…

By Elizabeth Leake, STEM-Trek

Cray, Fujitsu Both Bringing Fujitsu A64FX-based Supercomputers to Market in 2020

November 12, 2019

The number of top-tier HPC systems makers has shrunk due to a steady march of M&A activity, but there is increased diversity and choice of processing components with Intel Xeon, AMD Epyc, IBM Power, and Arm server ch Read more…

By Tiffany Trader

Intel AI Summit: New ‘Keem Bay’ Edge VPU, AI Product Roadmap

November 12, 2019

At its AI Summit today in San Francisco, Intel touted a raft of AI training and inference hardware for deployments ranging from cloud to edge and designed to support organizations at various points of their AI journeys. The company revealed its Movidius Myriad Vision Processing Unit (VPU)... Read more…

By Doug Black

AWS Solution Channel

Making High Performance Computing Affordable and Accessible for Small and Medium Businesses with HPC on AWS

High performance computing (HPC) brings a powerful set of tools to a broad range of industries, helping to drive innovation and boost revenue in finance, genomics, oil and gas extraction, and other fields. Read more…

IBM Accelerated Insights

Help HPC Work Smarter and Accelerate Time to Insight

 

[Attend the IBM LSF & HPC User Group Meeting at SC19 in Denver on November 19]

To recklessly misquote Jane Austen, it is a truth, universally acknowledged, that a company in possession of a highly complex problem must be in want of a massive technical computing cluster. Read more…

SIA Recognizes Robert Dennard with 2019 Noyce Award

November 12, 2019

If you don’t know what Dennard Scaling is, the chances are strong you don’t labor in electronics. Robert Dennard, longtime IBM researcher, inventor of the DRAM and the fellow for whom Dennard Scaling was named, is th Read more…

By John Russell

Cray, Fujitsu Both Bringing Fujitsu A64FX-based Supercomputers to Market in 2020

November 12, 2019

The number of top-tier HPC systems makers has shrunk due to a steady march of M&A activity, but there is increased diversity and choice of processing compon Read more…

By Tiffany Trader

Intel AI Summit: New ‘Keem Bay’ Edge VPU, AI Product Roadmap

November 12, 2019

At its AI Summit today in San Francisco, Intel touted a raft of AI training and inference hardware for deployments ranging from cloud to edge and designed to support organizations at various points of their AI journeys. The company revealed its Movidius Myriad Vision Processing Unit (VPU)... Read more…

By Doug Black

IBM Adds Support for Ion Trap Quantum Technology to Qiskit

November 11, 2019

After years of percolating in the shadow of quantum computing research based on superconducting semiconductors – think IBM, Rigetti, Google, and D-Wave (quant Read more…

By John Russell

Tackling HPC’s Memory and I/O Bottlenecks with On-Node, Non-Volatile RAM

November 8, 2019

On-node, non-volatile memory (NVRAM) is a game-changing technology that can remove many I/O and memory bottlenecks and provide a key enabler for exascale. That’s the conclusion drawn by the scientists and researchers of Europe’s NEXTGenIO project, an initiative funded by the European Commission’s Horizon 2020 program to explore this new... Read more…

By Jan Rowell

MLPerf Releases First Inference Benchmark Results; Nvidia Touts its Showing

November 6, 2019

MLPerf.org, the young AI-benchmarking consortium, today issued the first round of results for its inference test suite. Among organizations with submissions wer Read more…

By John Russell

Azure Cloud First with AMD Epyc Rome Processors

November 6, 2019

At Ignite 2019 this week, Microsoft's Azure cloud team and AMD announced an expansion of their partnership that began in 2017 when Azure debuted Epyc-backed instances for storage workloads. The fourth-generation Azure D-series and E-series virtual machines previewed at the Rome launch in August are now generally available. Read more…

By Tiffany Trader

Nvidia Launches Credit Card-Sized 21 TOPS Jetson System for Edge Devices

November 6, 2019

Nvidia has launched a new addition to its Jetson product line: a credit card-sized (70x45mm) form factor delivering up to 21 trillion operations/second (TOPS) o Read more…

By Doug Black

In Memoriam: Steve Tuecke, Globus Co-founder

November 4, 2019

HPCwire is deeply saddened to report that Steve Tuecke, longtime scientist at Argonne National Lab and University of Chicago, has passed away at age 52. Tuecke Read more…

By Tiffany Trader

Supercomputer-Powered AI Tackles a Key Fusion Energy Challenge

August 7, 2019

Fusion energy is the Holy Grail of the energy world: low-radioactivity, low-waste, zero-carbon, high-output nuclear power that can run on hydrogen or lithium. T Read more…

By Oliver Peckham

Using AI to Solve One of the Most Prevailing Problems in CFD

October 17, 2019

How can artificial intelligence (AI) and high-performance computing (HPC) solve mesh generation, one of the most commonly referenced problems in computational engineering? A new study has set out to answer this question and create an industry-first AI-mesh application... Read more…

By James Sharpe

Cray Wins NNSA-Livermore ‘El Capitan’ Exascale Contract

August 13, 2019

Cray has won the bid to build the first exascale supercomputer for the National Nuclear Security Administration (NNSA) and Lawrence Livermore National Laborator Read more…

By Tiffany Trader

DARPA Looks to Propel Parallelism

September 4, 2019

As Moore’s law runs out of steam, new programming approaches are being pursued with the goal of greater hardware performance with less coding. The Defense Advanced Projects Research Agency is launching a new programming effort aimed at leveraging the benefits of massive distributed parallelism with less sweat. Read more…

By George Leopold

AMD Launches Epyc Rome, First 7nm CPU

August 8, 2019

From a gala event at the Palace of Fine Arts in San Francisco yesterday (Aug. 7), AMD launched its second-generation Epyc Rome x86 chips, based on its 7nm proce Read more…

By Tiffany Trader

D-Wave’s Path to 5000 Qubits; Google’s Quantum Supremacy Claim

September 24, 2019

On the heels of IBM’s quantum news last week come two more quantum items. D-Wave Systems today announced the name of its forthcoming 5000-qubit system, Advantage (yes the name choice isn’t serendipity), at its user conference being held this week in Newport, RI. Read more…

By John Russell

Ayar Labs to Demo Photonics Chiplet in FPGA Package at Hot Chips

August 19, 2019

Silicon startup Ayar Labs continues to gain momentum with its DARPA-backed optical chiplet technology that puts advanced electronics and optics on the same chip Read more…

By Tiffany Trader

Crystal Ball Gazing: IBM’s Vision for the Future of Computing

October 14, 2019

Dario Gil, IBM’s relatively new director of research, painted a intriguing portrait of the future of computing along with a rough idea of how IBM thinks we’ Read more…

By John Russell

Leading Solution Providers

ISC 2019 Virtual Booth Video Tour

CRAY
CRAY
DDN
DDN
DELL EMC
DELL EMC
GOOGLE
GOOGLE
ONE STOP SYSTEMS
ONE STOP SYSTEMS
PANASAS
PANASAS
VERNE GLOBAL
VERNE GLOBAL

Intel Confirms Retreat on Omni-Path

August 1, 2019

Intel Corp.’s plans to make a big splash in the network fabric market for linking HPC and other workloads has apparently belly-flopped. The chipmaker confirmed to us the outlines of an earlier report by the website CRN that it has jettisoned plans for a second-generation version of its Omni-Path interconnect... Read more…

By Staff report

Kubernetes, Containers and HPC

September 19, 2019

Software containers and Kubernetes are important tools for building, deploying, running and managing modern enterprise applications at scale and delivering enterprise software faster and more reliably to the end user — while using resources more efficiently and reducing costs. Read more…

By Daniel Gruber, Burak Yenier and Wolfgang Gentzsch, UberCloud

Dell Ramps Up HPC Testing of AMD Rome Processors

October 21, 2019

Dell Technologies is wading deeper into the AMD-based systems market with a growing evaluation program for the latest Epyc (Rome) microprocessors from AMD. In a Read more…

By John Russell

Rise of NIH’s Biowulf Mirrors the Rise of Computational Biology

July 29, 2019

The story of NIH’s supercomputer Biowulf is fascinating, important, and in many ways representative of the transformation of life sciences and biomedical res Read more…

By John Russell

Xilinx vs. Intel: FPGA Market Leaders Launch Server Accelerator Cards

August 6, 2019

The two FPGA market leaders, Intel and Xilinx, both announced new accelerator cards this week designed to handle specialized, compute-intensive workloads and un Read more…

By Doug Black

When Dense Matrix Representations Beat Sparse

September 9, 2019

In our world filled with unintended consequences, it turns out that saving memory space to help deal with GPU limitations, knowing it introduces performance pen Read more…

By James Reinders

With the Help of HPC, Astronomers Prepare to Deflect a Real Asteroid

September 26, 2019

For years, NASA has been running simulations of asteroid impacts to understand the risks (and likelihoods) of asteroids colliding with Earth. Now, NASA and the European Space Agency (ESA) are preparing for the next, crucial step in planetary defense against asteroid impacts: physically deflecting a real asteroid. Read more…

By Oliver Peckham

Cerebras to Supply DOE with Wafer-Scale AI Supercomputing Technology

September 17, 2019

Cerebras Systems, which debuted its wafer-scale AI silicon at Hot Chips last month, has entered into a multi-year partnership with Argonne National Laboratory and Lawrence Livermore National Laboratory as part of a larger collaboration with the U.S. Department of Energy... Read more…

By Tiffany Trader

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This