PROCUREMENT INTEGRITY · Title: PROCUREMENT INTEGRITY Subject: PROCUREMENT INTEGRITY Keywords
Integrity for Activated Content Data Integrity in an Active Content System Active Middleware...
-
Upload
lucas-gordon -
Category
Documents
-
view
214 -
download
0
Transcript of Integrity for Activated Content Data Integrity in an Active Content System Active Middleware...
![Page 1: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/1.jpg)
Integrity for Activated Content
Data Integrity in an Active Content System
Active Middleware WorkshopHilarie Orman
Volera, Inc.August 6, 2001
![Page 2: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/2.jpg)
Trends in Web Content Activity
¯ Complex pages¯ Multiple business interests ¯ Mechanisms
¯ Server side includes¯ Edge Side includes¯ Ad hoc markers¯ URL naming tricks
¯ Efficiency Issue¯ Minimize traffic, maximize cacheability
![Page 3: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/3.jpg)
Data Integrity: It all depends
¯ Traditional Model¯ Header, some fields immutable¯ Content, immutable modulo accidents
¯ IP packets¯ Packets might get to their destination but shouldn’t
be ‘delivered’ anyplace else¯ Security was TBD and emerged in IPsec¯ Awkward and slow standardization
¯ Anything else ‘End-to-End’
![Page 4: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/4.jpg)
Basic Page Options
¯ Prevailing semantic: ‘put a picture here’
<HTML>
<BODY>
<H1>DOGTOWN NEWS</H1>
<HEADLINE>Dog Days</HEADLINE>
<BYLINE>Fidelius Canine</BYLINE>
<REGIONAL_AD h=640 w=480>
<STORY>….</STORY>
DOGTOWN NEWS
Dog Days
Fidelius Canine
A noontime high of 100 has local residents remembering the dog days of 1894, when temperatures were pegged at over the century mark for 45 consecutive days.
SALE atFIDO FOODSBeef Dinners
65 centsall week
![Page 5: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/5.jpg)
The OPES Data Flow
ContentContentTransformationsTransformations
CACHE
Rule Engine
A Caching Proxy
Client Requests Server Requests
Server ResponseClient Response
AdministrativeController
![Page 6: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/6.jpg)
Client ServerRequest
ReplyF(req)=
G(rep)=
ProxyRequest
Reply
ProxyComputed
Reply
RequestData
F(req)=
G(rep)=
Proxy Request
Reply
ContentAdaptation
ContentTransducer
ReplyData
![Page 7: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/7.jpg)
Complex Content Compositionand Validation
Content andModificationDescriptions“insert ad”“wap transcoder”“refresh 10 min”
Original Content Modified Content Recipient Ponders Integrity
![Page 8: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/8.jpg)
Hash-based Editing
¯ Document has a part index and content¯ Index summarizes document by hash of each
“part”¯ Each part index entry has editing permissions¯ Modification audit trail achieved by attaching
‘verifier’ for each editing action¯ Recipient verifies the message by comparing
the received message to the action list
![Page 9: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/9.jpg)
Signatures for Original and Modified Content
gx+ry mod q
![Page 10: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/10.jpg)
Goals of Active Data Integrity¯ Publisher defines document and modification
permissions¯ Delegates can modify the document¯ Anyone can validate the modified document
¯ Document can be cached anywhere¯ Even with partial modifications
¯ Recipient can delegate modifications on his behalf
¯ Recipient can validate document
![Page 11: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/11.jpg)
The Verifiable Editing Language
¯ Delete¯ Add¯ Replaces
¯ (Delete and Add)
¯ Delegate¯ If-Else, Select¯ Boolean combinations¯ Replicate¯ Append
¯ Refresh¯ Permute¯ Cache control¯ ‘Exec’¯ Enduser Policy¯ Enforcement
delegation
![Page 12: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/12.jpg)
Message Structure
¯ Publisher’s index of content and permissions
¯ Signature of Publisher on index
¯ Editor’s indices of actions, delegations
¯ Signature of each editor on own index
¯ Optional intermediate validation signatures (“this message was valid when at ibm.com”)
![Page 13: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/13.jpg)
Example: delete¯ Index:
¯ Part1, hash value = xxx, none¯ Part 2, hash value = yyy, delete¯ Part 3, hash value =zzz, none
¯ Content:¯ This is part 1¯ This is part 2¯ This is part 3
¯ Signature { hash(Index)=¯ AAA}
¯ Index: ¯ Part1, hash value = xxx, none¯ Part 2, hash value = yyy, delete¯ Part 3, hash value =zzz, none
¯ Content:¯ This is part 1¯ This is part 3
¯ Signature {aaa}¯ Delete Signature {AAA,
part2, delete}¯ Verify Index Sig
¯ hash(part 1) = xxx¯ hash(part 2) = zzz
![Page 14: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/14.jpg)
Example: replace¯ Index:
¯ Part1, hash value = xxx, none¯ Part 2, hash value = yyy,
replace¯ Part 3, hash value =zzz, none
¯ Content:¯ This is part 1¯ This is part 2¯ This is part 3
¯ Signature { hash(Index)=¯ AAA}
¯ Index: ¯ Part1, hash value = xxx, none¯ Part 2, hash value = yyy, delete¯ Part 3, hash value =zzz, none
¯ Content:¯ This is part 1¯ This is the new part 2¯ This is part 3
¯ Signature {aaa}¯ Replacer’s Signature {AAA, part2,
replace, hash=ddd}¯ Verify Index Sig on AAA
¯ hash(part 1) = xxx¯ hash(part 2) = zzz
¯ Verify hash(part2)=ddd¯ Verify Replacer’s Sig
![Page 15: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/15.jpg)
Modification Index
Group 3 Parts Part 5: hash = bbb Permission Replace Type = gif Size < 20Kb Subject = *.all_languages.com Signature = dddd
Index Signature = eeee
Index Group 1 Parts Part 1: hash = xxx Part 2: hash = yyy Part 4: hash = zzz Permission none Signature = xxx Group 2 Parts Part 3: hash = aaaa Permission Delete Subject = JohnDDoe Signature = cccc
ContentPart 1This is merely textfor the heading
Part 2Start of the storyand byline
Part 3<REGIONAL_AD>
Part 4Continuing onwardour fearless hero ...
Part 5ALERT: SPECIAL
Document
![Page 16: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/16.jpg)
Basis for Content Descriptors
¯ XML-Signature Syntax and Processing¯ W3C Candidate Recommendation 19-April-
2001¯ http://www.w3.org/TR/xmldsig-core/
![Page 17: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/17.jpg)
Standards: Simple XML Example (Signature, SignedInfo, Methods, and References)
¯ [s01] <Signature Id="MyFirstSignature” xmlns="http://www.w3.org/2000/09/xmldsig#">
¯ [s02] <SignedInfo>¯ [s03] <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-
xml-c14n-20010315"/>
¯ [s04] <SignatureMethod
¯ Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
¯ [s05] <Reference URI="http://www.w3.org/TR/2000/REC-xhtml1-20000126/">
¯ [s11] </Reference>
¯ [s12] </SignedInfo>
¯ [s13] <SignatureValue>MC0CFFrVLtRlk=...</SignatureValue>
![Page 18: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/18.jpg)
A Reference and Digest
¯ Reference ¯ URI="http://www.w3.org/TR/2000/REC-xhtml1-20000126/">
¯ Transforms {¯ Transform Algorithm="http://www.w3.org/TR/2001/REC-
xml-c14n-20010315"/ }¯ DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> DigestValue j6lwx3rvEPO0vKtMup4NbeVu8nk=
![Page 19: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/19.jpg)
[s01] <Signature Id="MyFirstSignature” xmlns="http://www.w3.org/2000/09/xmldsig#">
[s02] <SignedInfo>
[s03] <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
[s04] <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
[s05] <Reference URI="http://www.w3.org/TR/2000/REC-xhtml1-20000126/"> [s06] <Transforms>
[s07] <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
[s08] </Transforms>
[s09] <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
[s10] <DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue>
[s11] </Reference>
[s12] </SignedInfo>
[s13] <SignatureValue>MC0CFFrVLtRlk=...</SignatureValue>
[s14] <KeyInfo>
[s15a] <KeyValue>
[s15b] <DSAKeyValue>
[s15c] <P>...</P><Q>...</Q><G>...</G><Y>...</Y> [s15d] </DSAKeyValue>
[s15e] </KeyValue> [s16] </KeyInfo>
[s17] </Signature>
![Page 20: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/20.jpg)
Trust Model for Mutable Content¯ Subjects: Author, Editors, Enduser Delegates¯ Objects: Content and content subparts¯ Author (aka Publisher) creates
¯ Content¯ Modification Policy¯ Signature on Entirety
¯ Modification policy based on content structure¯ Non-modifiable parts require separate signature
¯ Content modifiers (e.g. OPES)¯ Append signed actions to message¯ Change original message
¯ Recipient validates content wrt index, mods
![Page 21: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/21.jpg)
Modification Permissions¯ Delete¯ Replace
¯ Restrictions:¯ Content type¯ Size¯ URL
¯ Append/Prepend¯ Restrictions: same type; size
¯ Delegate (monotonicity)¯ Allowable subjects
¯ Execute
![Page 22: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/22.jpg)
Modification Index
¯ Part identifier¯ Reference or¯ Digest
¯ Action pairs¯ Subjects
¯ Namespace, name¯ Public key¯ Cert
¯ Privilege
¯ Limitations
![Page 23: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/23.jpg)
Modifier’s Actions
¯ Entity performing the modification must sign a modification notification:
¯ Original message’s index hash¯ Modification index entry¯ Modifier’s ID¯ Hash of new value (none if Delete)
¯ Example: Reference 5, Delete¯ Modifier removes part 5 from message body¯ Modification manifest unchanged¯ Modifier attaches notification to message
![Page 24: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/24.jpg)
Recipient Validation
¯ Optional¯ Get message index¯ Valid each part against permission and
signature¯ Simple case: Delete
¯ Author name and signature
¯ Modifier case: check permission subject and modifier signature
¯ Complex case: follow delegation chain
![Page 25: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/25.jpg)
Dynamic Content
¯ New permission: refresh¯ Applies only to a message part
¯ Included content, not referenced
¯ Permission can require both modifier and location identifier
¯ Stockquotes: only from Nasdaq.com¯ User profile info: refresh every 30 minutes¯ Etc.
![Page 26: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/26.jpg)
Conditional Modificationscf: Edge Side Includes, www.edge-side.com
¯ Simple conditionals¯ If URL ; URL can be fetched without error¯ Else
¯ Another URL¯ Endif
¯ Modification Index¯ Part reference for embedded conditional¯ Subreferences for options
¯ Modifier signs reference and selection¯ Removes embedded conditional¯ Inserts selected option (e.g. URL)¯ Signs Notification including hash of selection
![Page 27: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/27.jpg)
Authenticated Includes
¯ Signed message¯ { If URL else Other_URL by cdn.cnn.com }¯ Signature¯ Appended data:¯ { Original message hash, byte offset of
¯ { If URL else Other_URL by cdn.cnn.com }
¯ Signature of cdn.cnn.com }
![Page 28: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/28.jpg)
Dynamic and Active Content
¯ A distributed computing model¯ Definition of end-to-end integrity¯ Allows complex content composition¯ Merges local and remote concepts¯ Based on known technologies
![Page 29: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/29.jpg)
Active Content
¯ Permission type: execute¯ Additional parameters: locality
¯ “who” can execute it, “where” they are
¯ Arguments: message parts and environment info
¯ Output replaces the message part¯ Notification same as ‘replace’
¯ but includes ‘location’ signature over message hash, part hash, output
![Page 30: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/30.jpg)
Executable Content
¯ Two parts¯ Input¯ Program
¯ Modifier certifies to performing the replacement,
¯ Execution agent certifies to executing the program on the content
¯ Output replaces the message part
![Page 31: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/31.jpg)
Further Delegation
¯ Modification Index may be extended by message editors
¯ Add ModIndex part¯ Sign Original Message (hash = AAA)¯ and Hash of New ModIndex
¯ Their permissions cannot exceed permissions granted to them
¯ ‘Downstream’ recipients must verify permissions before exercising delegation
![Page 32: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/32.jpg)
Modifications based on Recipient Policy
¯ Recipient policies¯ Content type, size, origin, freshness, price¯ Delegates modification rights
¯ Delete, replace, select, translate, etc.¯ “Delete *.badplace.com/*.gif”¯ “Translate *.ru content-type/text to English” ¯ Redelegation to partner ISP, for example
¯ Might ban certain content parts¯ “Never”, “always”
![Page 33: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/33.jpg)
Rights Delegated from Recipients¯ Enterprise policy, ISP service¯ Generic policy delegation¯ Enduser -> ISP,
¯ http, content-type/html, delete *.badstuff.com/*.gif¯ enduser signs hash of policy¯ Might result in deletion of entire message part
¯ ISP would delete part and add signed addendum¯ includes hash of policy authorizing the action
¯ NB: No request integrity definition
![Page 34: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/34.jpg)
Complex Policy
¯ Reordering¯ Restrictions (“not valid in Indiana”)¯ If part 4 is deleted then add a delegation to modify
part 7¯ Refresh times, parameters¯ Reuse of individual parts
¯ “over 18 only”¯ “3 uses only”
¯ Billing¯ Audit
![Page 35: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/35.jpg)
Policy Resolution
¯ Publisher: do not delete¯ Enduser: delete this junk¯ Enduser delegate: delete or not?
¯ SLA’s with publishers¯ SLA’s with publisher agents (CDN’s)¯ Contract with endusers
¯ SEP (Douglas Adams)
![Page 36: Integrity for Activated Content Data Integrity in an Active Content System Active Middleware Workshop Hilarie Orman Volera, Inc. August 6, 2001.](https://reader030.fdocuments.us/reader030/viewer/2022032708/56649e6a5503460f94b6805e/html5/thumbnails/36.jpg)
msg, policy Data Integrity(m,p)
¯ Even for complex composition systems, there is a verifiably meaning to data integrity
¯ Overhead appears tolerable¯ Caching is enhanced¯ Scalable, layer 6 policy and mechanisms¯ Consistent with emerging standards