IRC log of ws-arch2 on 2002-06-14
Timestamps are in UTC.
- 07:20:40 [RRSAgent]
- RRSAgent has joined #ws-arch2
- 07:21:33 [GlenD]
- GlenD has joined #ws-arch2
- 07:23:16 [soliton]
- soliton has joined #ws-arch2
- 07:23:39 [omh]
- omh has joined #ws-arch2
- 07:24:16 [shishir]
- shishir has joined #ws-arch2
- 07:26:32 [soliton]
- what are our topics?
- 07:26:41 [GlenD]
- Integrity
- 07:32:21 [joe]
- joe has joined #WS-ARCH2
- 07:32:39 [shishir]
- work in subgroups on <http://www.w3.org/2002/06/ws-example.html>
- 07:32:53 [chris]
- http://www.w3.org/2002/ws/arch/2/06/wd-wsa-gloss-20020605.html
- 07:33:17 [GlenD]
- That's the glossary w/definiton of "integrity" we're using
- 07:34:08 [GlenD]
- 1. Hop to hop
- 07:34:11 [GlenD]
- 2. End to end
- 07:35:57 [GlenD]
- Posit that we have nodes and arcs - each interation is two nodes across a single arc
- 07:36:14 [GlenD]
- "end to end" service integrity is about securing the arcs
- 07:36:22 [GlenD]
- consider that first
- 07:36:35 [GlenD]
- Then get into the fact that the nodes must be considered as well
- 07:37:48 [GlenD]
- SERVICE TO SERVICE INTEGRITY
- 07:37:51 [GlenD]
- --
- 07:38:03 [soliton]
- we can consider a public-witness model for integrity
- 07:41:11 [soliton]
- are we trying to offer solution here or just locate the problems?
- 07:42:00 [soliton]
- I guess we can classify into: a) one to one 2) one to many
- 07:42:10 [GlenD]
- Where are places in the use-case that bring in integrity issues?
- 07:42:59 [omh]
- omh has joined #ws-arch2
- 07:43:01 [soliton]
- first of all, we need data normalization
- 07:43:12 [GlenD]
- 1. Travel agent books flight - make sure that the correct flight gets booked
- 07:46:10 [GlenD]
- Travel agent needs complete view of data
- 07:46:17 [GlenD]
- other parties need their own views
- 07:46:25 [soliton]
- ok, data normalization model can be in next phase
- 07:46:40 [GlenD]
- First approx - "bits originated at point A must be reproduced at point B exactly"
- 07:46:56 [soliton]
- different views can be classified into access control
- 07:47:02 [soliton]
- are we doing access control?
- 07:47:18 [omh]
- don' think so...
- 07:47:43 [GlenD]
- SCENARIO : Evil Intermediary Changes Flight Times
- 07:48:05 [GlenD]
- Travel agent sends "book a Saturday 1PM flight" to airline A
- 07:48:20 [GlenD]
- Evil intermediary changes doc en route to say "Sunday 4AM flight"
- 07:48:49 [GlenD]
- (could easily see your own biz doing this to ensure saturday night stays....)
- 07:49:06 [GlenD]
- Airline A is able to see that the data was tampered with and fails
- 07:49:17 [GlenD]
- (perhaps alerting the net.cops)
- 07:49:52 [GlenD]
- </SCENARIO>
- 07:50:21 [soliton]
- well, public key-private key solution will do
- 07:50:41 [GlenD]
- OK, so we must have a trusted keystore
- 07:51:22 [soliton]
- symmetry key solution also works, although
- 07:51:36 [GlenD]
- symmetry key == secure channel?
- 07:51:45 [soliton]
- very much
- 07:51:56 [GlenD]
- So if I trust the pipe, I trust the integrity of the data that passes over it
- 07:52:13 [GlenD]
- So there are two levels here - channel security and message security
- 07:52:13 [soliton]
- pre-arranged shared key
- 07:52:22 [GlenD]
- If I have a trusted channel, I'm ok
- 07:52:32 [GlenD]
- If not, I have to trust each message individually
- 07:53:05 [GlenD]
- So this doesn't require particularly web-service-specific technology
- 07:57:16 [soliton]
- the web services specific issues would be to estabilish the
- 07:57:22 [soliton]
- trust between services
- 07:58:59 [GlenD]
- Joe describes the fact that integrity via hash comparisions != encryption
- 07:59:06 [GlenD]
- Therefore we can separate the issues
- 07:59:34 [GlenD]
- Therefore in this case "trusted channel" == channel which periodically hashes the data and allows both ends to check integrity
- 07:59:42 [soliton]
- but you still need to way to pass the hash
- 07:59:51 [GlenD]
- yup
- 08:00:48 [soliton]
- question is, would ssl be sufficient?
- 08:01:06 [GlenD]
- yup
- 08:01:10 [soliton]
- since ssl is already a web facility
- 08:01:46 [soliton]
- so our mission is to ensure web services does not violate ssl
- 08:02:39 [joe]
- The hash is embedded in the data packet.
- 08:03:25 [soliton]
- can anyone post of url of the svg?
- 08:04:17 [GlenD]
- <SCENARIO name="Evil Travel Agent">
- 08:04:42 [GlenD]
- Customer sends travel agent some information about flights/times/etc
- 08:05:25 [GlenD]
- Travel agent, either intentionally (evil) or not (mistake) alters the info
- 08:05:34 [GlenD]
- Then they pass it on to an airline or hotel
- 08:05:53 [GlenD]
- </SCENARIO>
- 08:06:40 [soliton]
- this looks like business
- 08:06:57 [soliton]
- since the travel agent is trusted service
- 08:07:10 [soliton]
- it has to be responsible for its own actions
- 08:07:29 [GlenD]
- Well, yes, but your third-party suggestion from before would work
- 08:07:44 [GlenD]
- I.e. both customer and airline/hotel notarize the data
- 08:07:58 [GlenD]
- So there's another channel (not via the TA) for confirmation
- 08:08:10 [GlenD]
- Can we do it without the third party?
- 08:08:10 [soliton]
- but the airline needs to know where the end customers are
- 08:10:05 [omh]
- does this mean the location of the customer or the identity of the customer?
- 08:10:31 [soliton]
- the public signature of the customer
- 08:10:56 [soliton]
- or the airline needs to share a secure channel to the customer as well
- 08:11:12 [omh]
- yep thats what I thought..
- 08:11:19 [soliton]
- I guess there are two scenarios here
- 08:11:36 [soliton]
- one is that the airline does all the work on behalf of the customer
- 08:11:54 [soliton]
- sorry, I mean agent
- 08:12:24 [soliton]
- the other scenario is that the agent does the initial connection, then the
- 08:12:34 [soliton]
- airline talks directly to the customer
- 08:13:14 [soliton]
- but actually, the agent is already a third party to the airline and customer
- 08:14:38 [soliton]
- I guess the issue here is that we should not interface with the business
- 08:17:05 [GlenD]
- There are business problems and technical problems here
- 08:17:11 [GlenD]
- We need to deal in the technical space
- 08:17:27 [GlenD]
- But there are certainly technical ways to help deal with business problems
- 08:22:06 [GlenD]
- "referee" model
- 08:22:20 [GlenD]
- I want to use an agent to talk to third parties for me
- 08:22:32 [GlenD]
- I don't necessarily trust the agent 100%
- 08:23:06 [shishir]
- Not only is it a good way to maintain data integrity, but it also idiot proofs the system to some extent :)
- 08:23:06 [GlenD]
- So I put in a reference to a "referee" (which is hashed/secured) in the request
- 08:23:21 [GlenD]
- All transactions before committing MUST go through the referee
- 08:23:39 [GlenD]
- slows things down, but ensures the "rules" are followed correctly to all parties' satisfaction
- 08:23:53 [soliton]
- maybe we should think hard about what issues are web services specific issues
- 08:24:13 [omh]
- omh has joined #ws-arch2
- 08:24:18 [GlenD]
- Getting a message from one point to another without tampering
- 08:24:20 [soliton]
- actually, the soap extension you mentioned can be one
- 08:27:27 [GlenD]
- To solve these scenarios, we ask:
- 08:27:39 [GlenD]
- 1) Do we have existing infrastructure to solve these problems?
- 08:28:21 [GlenD]
- 2) What extensions can we add at the WS layer to solve things if not?
- 08:33:24 [GlenD]
- 3) Is the problem a technical one or a business one? Where's the line?
- 08:34:14 [GlenD]
- * How do you express required technology and policy statements
- 08:36:07 [RRSAgent]
- See http://www.w3.org/2002/06/14-ws-arch2-irc#T08-34-14
- 08:37:18 [soliton]
- bookmark
- 08:37:32 [soliton]
- RRSAgent, bookmark
- 08:37:32 [RRSAgent]
- See http://www.w3.org/2002/06/14-ws-arch2-irc#T08-37-32
- 08:37:38 [soliton]
- RRSAgent, help
- 09:03:16 [chris]
- chris has joined #ws-arch2
- 09:04:20 [GlenD]
- We discussed:
- 09:04:20 [GlenD]
- Scenarios - two, one where the integrity issue is in the arc, and one where it's potentially in a node
- 09:04:20 [GlenD]
- within the graph of interacting parties.
- 09:04:20 [GlenD]
- Difference between business and technical issues
- 09:04:22 [GlenD]
- Using pre-existing technical solutions
- 09:04:24 [GlenD]
- Some solutions are at the infrastructure layer and others need to be layered on top (smooth spectrum)
- 09:04:29 [GlenD]
- Two broad sets of solutions:
- 09:04:31 [GlenD]
- 1. involve a third party (notaries and referees)
- 09:04:33 [GlenD]
- 2. rely on two-party technical solutions (end to end) (ssl, xml dsig, hashing)
- 09:04:33 [GlenD]
- Agreeing on and descibing policies and technologies to be used
- 09:05:38 [GlenD]
- There may be cases where you need the WHOLE bitstream to be safe, and other cases where it's only particular subsets
- 09:14:02 [chris]
- rrsagent, where am i?
- 09:14:02 [RRSAgent]
- See http://www.w3.org/2002/06/14-ws-arch2-irc#T09-14-02
- 09:38:22 [omh]
- omh has left #ws-arch2
- 12:01:49 [chris]
- chris has joined #ws-arch2