07:20:40 RRSAgent has joined #ws-arch2 07:21:33 GlenD has joined #ws-arch2 07:23:16 soliton has joined #ws-arch2 07:23:39 omh has joined #ws-arch2 07:24:16 shishir has joined #ws-arch2 07:26:32 what are our topics? 07:26:41 Integrity 07:32:21 joe has joined #WS-ARCH2 07:32:39 work in subgroups on 07:32:53 http://www.w3.org/2002/ws/arch/2/06/wd-wsa-gloss-20020605.html 07:33:17 That's the glossary w/definiton of "integrity" we're using 07:34:08 1. Hop to hop 07:34:11 2. End to end 07:35:57 Posit that we have nodes and arcs - each interation is two nodes across a single arc 07:36:14 "end to end" service integrity is about securing the arcs 07:36:22 consider that first 07:36:35 Then get into the fact that the nodes must be considered as well 07:37:48 SERVICE TO SERVICE INTEGRITY 07:37:51 -- 07:38:03 we can consider a public-witness model for integrity 07:41:11 are we trying to offer solution here or just locate the problems? 07:42:00 I guess we can classify into: a) one to one 2) one to many 07:42:10 Where are places in the use-case that bring in integrity issues? 07:42:59 omh has joined #ws-arch2 07:43:01 first of all, we need data normalization 07:43:12 1. Travel agent books flight - make sure that the correct flight gets booked 07:46:10 Travel agent needs complete view of data 07:46:17 other parties need their own views 07:46:25 ok, data normalization model can be in next phase 07:46:40 First approx - "bits originated at point A must be reproduced at point B exactly" 07:46:56 different views can be classified into access control 07:47:02 are we doing access control? 07:47:18 don' think so... 07:47:43 SCENARIO : Evil Intermediary Changes Flight Times 07:48:05 Travel agent sends "book a Saturday 1PM flight" to airline A 07:48:20 Evil intermediary changes doc en route to say "Sunday 4AM flight" 07:48:49 (could easily see your own biz doing this to ensure saturday night stays....) 07:49:06 Airline A is able to see that the data was tampered with and fails 07:49:17 (perhaps alerting the net.cops) 07:49:52 07:50:21 well, public key-private key solution will do 07:50:41 OK, so we must have a trusted keystore 07:51:22 symmetry key solution also works, although 07:51:36 symmetry key == secure channel? 07:51:45 very much 07:51:56 So if I trust the pipe, I trust the integrity of the data that passes over it 07:52:13 So there are two levels here - channel security and message security 07:52:13 pre-arranged shared key 07:52:22 If I have a trusted channel, I'm ok 07:52:32 If not, I have to trust each message individually 07:53:05 So this doesn't require particularly web-service-specific technology 07:57:16 the web services specific issues would be to estabilish the 07:57:22 trust between services 07:58:59 Joe describes the fact that integrity via hash comparisions != encryption 07:59:06 Therefore we can separate the issues 07:59:34 Therefore in this case "trusted channel" == channel which periodically hashes the data and allows both ends to check integrity 07:59:42 but you still need to way to pass the hash 07:59:51 yup 08:00:48 question is, would ssl be sufficient? 08:01:06 yup 08:01:10 since ssl is already a web facility 08:01:46 so our mission is to ensure web services does not violate ssl 08:02:39 The hash is embedded in the data packet. 08:03:25 can anyone post of url of the svg? 08:04:17 08:04:42 Customer sends travel agent some information about flights/times/etc 08:05:25 Travel agent, either intentionally (evil) or not (mistake) alters the info 08:05:34 Then they pass it on to an airline or hotel 08:05:53 08:06:40 this looks like business 08:06:57 since the travel agent is trusted service 08:07:10 it has to be responsible for its own actions 08:07:29 Well, yes, but your third-party suggestion from before would work 08:07:44 I.e. both customer and airline/hotel notarize the data 08:07:58 So there's another channel (not via the TA) for confirmation 08:08:10 Can we do it without the third party? 08:08:10 but the airline needs to know where the end customers are 08:10:05 does this mean the location of the customer or the identity of the customer? 08:10:31 the public signature of the customer 08:10:56 or the airline needs to share a secure channel to the customer as well 08:11:12 yep thats what I thought.. 08:11:19 I guess there are two scenarios here 08:11:36 one is that the airline does all the work on behalf of the customer 08:11:54 sorry, I mean agent 08:12:24 the other scenario is that the agent does the initial connection, then the 08:12:34 airline talks directly to the customer 08:13:14 but actually, the agent is already a third party to the airline and customer 08:14:38 I guess the issue here is that we should not interface with the business 08:17:05 There are business problems and technical problems here 08:17:11 We need to deal in the technical space 08:17:27 But there are certainly technical ways to help deal with business problems 08:22:06 "referee" model 08:22:20 I want to use an agent to talk to third parties for me 08:22:32 I don't necessarily trust the agent 100% 08:23:06 Not only is it a good way to maintain data integrity, but it also idiot proofs the system to some extent :) 08:23:06 So I put in a reference to a "referee" (which is hashed/secured) in the request 08:23:21 All transactions before committing MUST go through the referee 08:23:39 slows things down, but ensures the "rules" are followed correctly to all parties' satisfaction 08:23:53 maybe we should think hard about what issues are web services specific issues 08:24:13 omh has joined #ws-arch2 08:24:18 Getting a message from one point to another without tampering 08:24:20 actually, the soap extension you mentioned can be one 08:27:27 To solve these scenarios, we ask: 08:27:39 1) Do we have existing infrastructure to solve these problems? 08:28:21 2) What extensions can we add at the WS layer to solve things if not? 08:33:24 3) Is the problem a technical one or a business one? Where's the line? 08:34:14 * How do you express required technology and policy statements 08:36:07 See http://www.w3.org/2002/06/14-ws-arch2-irc#T08-34-14 08:37:18 bookmark 08:37:32 RRSAgent, bookmark 08:37:32 See http://www.w3.org/2002/06/14-ws-arch2-irc#T08-37-32 08:37:38 RRSAgent, help 09:03:16 chris has joined #ws-arch2 09:04:20 We discussed: 09:04:20 Scenarios - two, one where the integrity issue is in the arc, and one where it's potentially in a node 09:04:20 within the graph of interacting parties. 09:04:20 Difference between business and technical issues 09:04:22 Using pre-existing technical solutions 09:04:24 Some solutions are at the infrastructure layer and others need to be layered on top (smooth spectrum) 09:04:29 Two broad sets of solutions: 09:04:31 1. involve a third party (notaries and referees) 09:04:33 2. rely on two-party technical solutions (end to end) (ssl, xml dsig, hashing) 09:04:33 Agreeing on and descibing policies and technologies to be used 09:05:38 There may be cases where you need the WHOLE bitstream to be safe, and other cases where it's only particular subsets 09:14:02 rrsagent, where am i? 09:14:02 See http://www.w3.org/2002/06/14-ws-arch2-irc#T09-14-02 09:38:22 omh has left #ws-arch2 12:01:49 chris has joined #ws-arch2