Archive for the ‘Computing’ Category

Security Assertion Markup Language (SAML)

17 June 2010

Following Web services notion of inter-operating between different disparate systems, SAML supported the idea of making disparate security systems inter-operate with each other.

SAML merged the following parallel security efforts into a single technology and was submitted to Organisation for the Advancement of Structured Information Standards (OASIS):

  1. Security Services Markup Language (S2ML)
  2. Authentication Markup Language (AuthML)

SAML addresses the main problem with cross-domain sharing of security information which are mostly proprietary and required to be tightly coupled with each other.

Main features:

  1. Development of federated systems
  2. Enable seamless integration
  3. Exchange of information among different security systems
  4. Backoffice Transaction
  5. Single-Sign-On (SSO) – user’s ability to authenticate in one security domain and to use the protected resources of another security domain without re-authenticating
  6. XML-based framework for security-related information over Internet

SAML specification consists of the following set of documents:

  1. Assertions and protocol – defines the syntax and semantics for XML-encoded SAML assertions, protocol requests, and protocol responses.
  2. Binding and profiles – defines the frameworks for embedding and transporting SAML assertion requests and responses.
  3. Security and privacy considerations – to provide information to implementers of SAML systems about possible threats, and security risks to which a SAML-based system is subjected.
  4. Conformance program specification – defines a SAML conformance system that isaimed toward achieving compatibility and interoperability among all applications that implement SAML.

SAML Architecture

  1. XML-based frameworks for exchanging security information in the form of an assertion or facts about subjects.
  2. A subject has an identity in some security domain. This subject can be an identified person or it can be some code in which assertion may be required so that the code can be allowed to execute on a system.
  3. A SAML authority or an issuing authority issues the assertions.
  4. The SAML authority can be performed by the following parties:- 3rd party security providers such as Microsoft with Passport- Individual businesses as security provider within Federations such as AMEX, VISA
  5. Three types of core assertions:- authentication assertion- authorisation assertion- attribute assertion
  6. Assertions can be digitally signed using XML Signature as specified by the SAML profile of XML Digital Signature.
  7. Elements of all assertions:– Issuer and Issuance timestamp- Assertion ID– Subject such as name and security domain which the subject belongs to

    – Advice – additional information that the issuing authority may wish to provide to the relying party in regards to how the assertion was made eg. evidence or proof of assertion claims.

    – Conditions – optional element as its validity id dependent upon the evaluation of the conditions provided. Conditions can be as follows:

      + Validity period within which the assertion remain valid after which the assertion would expire
      + Audience restrictions information, which includes relying parties to whom the issuer of this assertion is liable in terms of accuracy or trustworthiness
      + Target restrictions information, which includes targeting relying parties for which the authority has issued this assertion. If consuming party is not the target party then assertion must be rejected.


ESB Features and Benefits

16 June 2010
  1. Web Services Support
    SOAP, WSDL, POX (Plain Old XML) over HTTP
    Design-time tool to create proxy WSDL to a Web service expose by the ESB
    – Supports REST to invoke endpoint URI with XML messages
  2. Adapter
    – Not directly having SOAP or XML interface
    – Adapters to allow integration specifically with different third party applications or systems
  3. Invocation
    – Supports synchronous and asynchronous calls to services or callbacks
  4. Mediation and Protocol Independence
    – Variety of protocols can be reconciled for complex routes across variety of platforms, maintaining loose-coupling between indirectly connected components
    – example SOAP —-> JMS (via HTTP)
    – Allows to plot different protocols on message path besides HTTP and JMS like HTTPS, SMTP, XMPP, FTP etc
    – HL7, EDI… support
  5. Routing
    – Service look-up with registry or repository to perform dynamic routing
    – content-based, rule-based and policy-based routings
    – example of content-based routing, use XPath to select  data from SOAP envelope and on content select new service destination for current message
    – Some ESB provides service-pooling for dynamic routing of messages to another service instance in the pool
  6. Transformation
    – Using XSLT and queried with XQuery and XPath
    – Enhance content of messages to prepare for downstream invocation of other systems
    – Useful for Canonical Data Model
  7. Orchestration
    – To coordinate multiple services to expose them as a single proxy service
    – BPEL or XPDL engine
  8. Security
    – Security policies with policy enforcement points such as SSL and SAML (Security Assertion Markup Language)
  9. Benefits
    – Reduced time to integrate new and existing applications
    – Increased flexibility as system dependencies are reduced. Applications don’t have to know as much about each other, making it easier to change system interfaces or switch them out
    – Simultaneous centralised management of the service catalogue while services are distributed
    – Because of the centralised management capability, buses can collect service metrics in conjunction with Business Activity Monitoring (BAM) in tracking service-level agreements (SLAs) via JMX
    – Use of industry standard interfaces, reducing total cost of ownership
    – Greater agility and responsiveness to change
    – More accurate and up-to-date information via logical centralisation of data management with a single version of the truth
  10. Relevant Integration Patterns
    – Message Bus
    – Content-based Router
    – Pipes and Filters
    – Point-to-Point Channel
    – Normaliser
    – Canonical Data Model

Hanging On to My Dream for iPhone 4G this June!

21 March 2010

4G iPhone: Multitasking, gestures galore, new maps, cloud iTunes

Jan. 19, 2010 (4:46 pm) By: Christian Zibreg

Article teaser (4G iPhone mockup, front - Credit: Designed by  Item)

Thanks to a new iPhone OS 4.0, the fourth-gen iPhone might multitask, run cutting-edge maps, and overlay useful information about nearby buildings on top of live video. You might be able to interact with it using a bunch of new multitouch gestures, stream your media off the cloud, and more.

New pieces of information regarding the iPhone OS 4.0 that are arriving on a daily basis in the run-up to Apple’s January 27 event help paint a better picture of the fourth-generation iPhone, simply regarded to as 4G iPhone. We’ve written quite a lot thus far about its rumored hardware features, ranging from new sensors like RDIF to front-facing camera for videoconferencing to speedy custom chips.

Beyond the hardware, though, the biggest surprises are said to be in the new underlying software and online services. An updated iPhone OS 4.0 software is the cornerstone of the next iPhone and its powerful hardware even though the software should run on the existing iPhone 3G and 3GS devices as well. A tipster in the know told Boy Genius Report that the iPhone OS 4.0 will

put Apple ahead in the smartphone market because it will make them more like full-fledged computers more than any other phone to date.

iPhone OS 4.0 (Settings-General-About)

The same source said that multitouch gestures will be system-wide and used much more extensively than in the current 3.x version that only employs pinch zoom and swipe gestures in the Safari and Photos apps. Apple has also found “a few new ways,” a source said, to multitask apps. iPhone OS 3.x allows only one running app at a time and doesn’t allow third-party apps to multitask arguing that background processes drain the battery. Finally, a source made mention of “brand new syncing ability for the contacts and calendar apps” (perhaps syncing with third-party services like Google, not just with Apple’s $99 a year MobileMe) and UI changes that should simplify navigation.

On the service level, though, Apple is said to be breaking away from its dependency on Google by developing their own replacement services. More precisely, 4G iPhone could run cutting-edge maps called iGuide featuring more detailed overlays and live information, courtesy of Apple’s quiet acquisition of a mapping startup Placebase last July.

Various augmented-reality features also come in mind, such as the ability to detect nearby buildings and other points of interest on images and videos. Finally, as Geek reported earlier today, cloud iTunes might also allow 4G iPhone to stream your entire personal music and video library on demand, off the cloud.

iPhone OS 4.0 is expected to power not only a future iPhone model, but a rumored tablet as well. Apple invited the press to its January 27 media event at the Yerba Buena Center for the Arts in San Francisco to “see its latest creation.” Big media agrees that Apple will unveil iPhone OS 4.0, 4G iPhone, and a tablet at the event. Other items on the agenda could include multitouch iLife and iWork suites, Core i5 MacBooks, and more.

Article teaser (4G iPhone mockup, back - Credit: Designed by  Item)

Meanwhile, a French-language site has published (original in French, Google translation) an interesting mockup visualizing 4G iPhone rumors. Based on a cool rendition by an agency called Designed By Item that depicts a unibody-created 4G iPhone, the mockup lists key rumored featured with an estimated probability of ending up in the actual product:

Check out the below composition (click for the full-size version) and let us know what you think about the next iPhone and its rumored features in the comment section.

4G iPhone - (visual rumor roundup)