Archive

Posts Tagged ‘Security’

My first paper

December 27, 2010 3 comments

I have taken part into a national Workshop around the Web Services organized by CERIST (Centre de Recherche sur l’Information Scientique et Technique) in Algiers.

My work was around the security in the vehicular networks, and my problematic was  how to federate existing authentication protocols and even the future protocols which are not existing yet. We have found in the literature the WS-Federation specification, a great solution, which aims to solve this problem. However, that specification is applied only on SOA based on Web Services.

Consequently, we have another important question about the type of the vehicular applications which are not necessarily  Web Services. For this reason we have thought about integrating the existing native vehicular applications into a Web Services SOA and apply any WS-* specification through embedding a light ESB (Enterprise Service Bus) into each Vehicular Network Entity.

To validate our work, we have developed a POC (Proof Of Concept) for managing Road Intersections using .NET 4.0, WCF 4.0 and WIF (Windows Identity Framework).

You can find here my talk slides : My Talk.

I was surprised, at the close of the Workshop, of having the Best Paper Award Certificate. I am so happy for this distinction and my happiness was so big when I attend some presentations of Pr. Boualem BENTALAH, Pr. Farouk TOUMANI and other big personalities.

I have received another very great present of a tour, for the first time, to “Jardin d’Essai”; the famous big garden. I have really appreciated my trip.

Categories: Security Tags: ,

LinkedIn is OUT!

December 13, 2010 Leave a comment

As I like very much this very exciting LinkedIn, I was so astonished of having this message on my browser “Http/1.1 Service Unavailable” at 16:30 (algerian hour).

This error corresponds to the 503 HTTP error code and, obviously, that means that the server (or the servers) cannot respond at once due to the huge amount of requests received. Consequently, the site may be a D.O.S (Denial Of Service) attack target.

Historically, Youtube knew the same problem just recently.

If the problem is security, the lesson to have is that every one can be victim of security attacks. So don’t be astonished for getting this error when you attempt to access to Google one day.

Categories: Security Tags: ,

Federated access control through Windows Identity Framework (WIF) Part 1

October 12, 2010 Leave a comment

In this post, I will introduce the concept of the federated access control to different resources using the Windows Identity Framework (Geneva framework) delivered by Microsoft. The purpose of this first part is to introduce the concept of the federated authentication.

First of all, let’s imagine the following scenario: You are usually using X.509 certificates technology to access to the resources of your enterprise but in an other enterprise, where you are obliged to spend some days, you won’t be able to use the same resources since they use an other technology like Kerberos for example.

Assuming that you are not obliged to implement the Kerberos technology, so how will you be capable of consuming the services of the new enterprise?

The federation principle is aiming to resolve that problem by federating existing protocols and even future ones.

Secondly, the claims based authentication is a new concept where different credentials used for authentication are considered as claims contained into a serialized structure named token.

The federation principle is based on the concept of the CBA (Claims Based Authentication) through three roles as illustrated in the following image :

 

  1. The user is the entity aiming to consume a service through a passive browser or a thin client.
  2. The identity provider (IP) which is implementing a special service to deliver tokens according to Relying Party policies to the User after authentication. This special service is implementing WS-Trust endpoints and is named Security Token Service (STS).
  3. The application which delivers services to User.

So for our first scenario, the User consults the policy of the application and knows that is requiring a Kerberos ticket. The User generates a Request Security Token to the IP. The IP after authenticating the user (by Certificates) delivers to him a signed token containing the requested kerberos ticket. The user sends finally the generated token to the application which can verify the identity of the IP thanks to its signature.

Finally, the application can rely on a local rules engine or an external process to manage the authorization of the user.

Categories: Security Tags: , , ,

Hello world! This is my first post!

October 12, 2010 1 comment

This is my first post. I am aiming through this blog to present some technologies in the IT world. My topics try to treat MS Technologies, Mac Os Platforms and also Linux.