October 10-11-17, 2003. E-Business Infrastructure Herwig Mannaert Master in e- Business
Dec 19, 2015
October 10-11-17, 2003.
E-BusinessInfrastructure
Herwig Mannaert
Master in e-Business
2Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Prologue
• The Internet
• The Applications
• The Convergence
• The Standards
3Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
The Internet
• Evolution:
Internal External
Sta
tic Intranet Internet
Dyn
am
ic
Intranet Extranet
4Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
The Applications
Enterprise AERP
SCM
CRM
Enterprise BERP
SCM
VirtualMarketplace
Enterprise Portals
5Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
The Applications
• Evolution:
Host
Deskto
p
ExternalInternal
Network
DSS,ERP CRM,SCM
6Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
The Convergence
• Evolution:
ExternalInternal
Network
DSS,ERP CRM,SCM
Dyn
am
ic
Intranet ExtranetAccess PortalsE-Marketplaces
7Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
The Standards
Web
PKI
Comp, Java
XML
TCP/IP
8Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
E-Business Infrastructure
• Data Interchange
• Web Architectures
• E-Trust Services
• Q&A
9Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
E-Business Infrastructure
• Data Interchange– Network Architecture – The XML Data Model
• Web Architectures• E-Trust Services• Q&A
10Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
The Internet
• Network of networks• First: DARPA + NASA + NSF• Replaced by commercial ISPs• Ruled by peering agreements• Paying for potential traffic• Assigning IP addresses to computers• Backbone and access networks
11Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
The Internet
• Universal Resource Locator (URL):
http://www.cnn.com/2003/TECH/biztech/02/24/microsoft.htm
protocol domain name directory path filename
http://www.amazon.com/cgi-bin/view-basket&name=mannaert&first=herwig&...
protocol domain dir parametersapplication
12Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
The Internet
• Domain Name Service (DNS):
– Converts names in IP addresses – Worldwide distributed database– Hierarchical based on delegation– Resolver in operating system– Based on iteration– Example: elessar.ufsia.ac.be
13Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
The Internet
• Networking:
HTTP Get Request: URL
HTTP Get Request: URLSource port: clientDest. port: server
HTTP Get Request: URLSource port: clientDest. port: server
Source addr.: clientDest. addr.: server
14Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
The Internet
• Routing:– Moving information across internetwork– From source to destination– Minimum 1 intermediate node
SD
15Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Internet Architecture
• OSI reference:
L1: Physical
L4: Transport
L5: Session
L6: Presentation
L7: Application
L2: Link
L3: Network
System A System B
Data
H2 Data
H3 Data
16Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Internet Architecture
• OSI terminology:
L1: Physical
L4: Transport
L5: Session
L6: Presentation
L7: Application
L2: Link
L3: Network
Repeater
Router
Bridge
Gateway
Packet
Frame
Message
Scr. router
Firewall
Hardware
Logical
Connectors Data Units Addresses Security
17Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Internet Architecture
• IP standard:
L1: Physical
L4: Transport
L5: Session
L6: Presentation
L7: Application
L2: Link
L3: Network
TCP/UDP
IP
PSTN ISDN ATM SDH GSM LEO CATV
HTTPIIOPSMTP LDAP
On Line Services
DNSFTP SNMP
18Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Internet Architecture
• Definition:
The Internet is a public computer internetwork, based on TCP/IP and standards emerging on top of it.
19Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
E-Business Infrastructure
• Data Interchange– Network Architecture – The XML Data Model
• Web Architectures• E-Trust Services• Q&A
20Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
XML and the Web
• Vision and history:– Need to address deficiencies of HTML– Need to address lack of extensibility of HTML– XML is a meta-language, is about meaning– Feb 98: XML 1.0 approved by W3C– Q4 98: announcements of XML support– 2000: widespread adoption of XML
In 5 years, 80% of all ASCII data will be XML.
21Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
XML and the Web
• The 3rd generation Internet:
Presentation ProgrammabilityConnectivity
TCP/IP
FTP,Mail
HTMLXML
Web Sites Web Services
Technology
Functionality
22Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
XML: Structured Data
<Person><Name>
<First>Herwig </First><Last>Mannaert</Last>
</Name><Email>[email protected]</Email><Mobile>+32-478.94.22.64</Mobile><Address>
<Street>Prinsstraat 13</Street><City>Antwerp</City><ZIP>B-2000</ZIP>
</Address></Person>
23Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
XML Structure
• Namespaces:– Avoid naming conflicts– Mixing vocabularies
• DTDs• XML Schemas:
– Which elements can occur– How nested, in what order
• Access APIs:– DOM: random access– SAX: sequential access
24Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
XML Utilities
• Validation:– Control that document follows the grammar as
described in the DTD/Schema
XMLSchema
XMLValidated
XML XML Parser
25Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
XML Utilities
• Transformation/Translation– Alleviate the XML schema incompatibility issues
XSLTScript
XML(B)
XML(A)
XSLT Proc.
26Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
XML Applications
• Documents and data:– Document management– Web content management– Enterprise Application Integration– B2B e-commerce data exchange
• Simple Object Access Protocol (SOAP):– Open way for application communication– Distributed object protocol– Exchange serialized XML messages
27Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
XML and Business
• Within the enterprise:– Problem: lost information:
the cut and paste crisis– Solution: information chain integration
• Outside the enterprise:– Now: 70% terminations inside company– 2005: 70% terminations outside company
28Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
XML and B2B
• The Hub model:
Customer
Customer
Customer
Customer
Supplier
Supplier
Supplier
Supplier
Hub
29Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
XML and B2B
• The XML business bus:– Business hub with documents– Performs switching of messages– Provides additional services– Examples:
• Microsoft BizTalk• SAP Market Set
– Networks of marketplaces:• Commerce One• Ariba
30Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
E-Business Infrastructure
• Data Interchange
• Web Architectures– Web Interactivity– Component Models
• E-Trust Services• Q&A
31Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Application Architectures
• Client-Server:
Presentation
Presentation
Presentation
Presentation
Application Database
Database
Database
Database
Application
Application
Application
32Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Application Architectures
• Proprietary middleware:
Presentation Application Database
SolarisAIX,HP-UX
WindowsNT/2000
OS2OS400/390
Linux
Apple
Windows95/98/NT/ME
OS2
Linux
SolarisAIX,HP-UX
WindowsNT/2000
OS2OS400/390
Linux
33Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Web-Based Architectures
• Client-side (scripts):
HTTP
Presentation Application
WebBrowser
ScriptInterpreter
Web Page
JavaScriptVBScript
WebServer
34Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Client JavaScript
<HTML><HEAD><TITLE>JavaScript Optelling</TITLE><SCRIPT LANGUAGE=LiveScript>function addForm(form) { form.som.value = parseInt(form.x.value) + parseInt(form.y.value);}</SCRIPT>
</HEAD><BODY><H1>JavaScript : x + y</H1><HR><FORM METHOD="POST"><H1>X: <INPUT TYPE="text" name="x" maxlength=9 size=9></H1><H1>Y: <INPUT TYPE="text" name="y" maxlength=9 size=9></H1><p><H1><INPUT TYPE="submit" value="bereken" onClick=addForm(this.form)></H1><HR><H1>X+Y: <INPUT TYPE="text" name="som" maxlength=10 size=10></H1></FORM></BODY></HTML>
35Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Web-Based Architectures
• Client-side (applets):
HTTP
Presentation Application
WebBrowser
Java Virtual
Machine
Web Page
JavaByte Code
WebServer
Compiler
JavaSource
36Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Client Java Applet
<HTML><HEAD><TITLE>Java Optelling</TITLE>
</HEAD><BODY><H1>Java Applet : x + y</H1><HR><applet code=CalcApplet.class width=250 height=100></applet></BODY></HTML>
37Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Client Java Applet
public class CalcApplet extends Applet implements ActionListener { Button button; int sum=0; TextField field1, field2; String text1, text2, textsum="";
public void init() { field1 = new TextField(10); field2 = new TextField(10); add(field1); add(field2); button = new Button("bereken"); button.addActionListener(this); add(button); } public void actionPerformed(ActionEvent e) { text1 = field1.getText(); text2 = field2.getText(); sum = Integer.parseInt(text1) + Integer.parseInt(text2); textsum = Integer.toString(sum); repaint(); } public void paint(Graphics g) { g.drawString("X + Y =", 75, 90); g.drawString(textsum, 150, 90); }}
38Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Web-Based Architectures
• Server-side CGI (2-tier):
Presentation
WebBrowser
HTTP
Application
WebServer
(Script)Application
CG
I
39Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Server CGI Perl
<HTML><HEAD><TITLE>CGI Perl Optelling</TITLE></HEAD><BODY><H1>CGI - Perl : x + y</H1><HR><FORM ACTION= "http://localhost/cgi-bin/CalcCGIServer.pl" METHOD="GET"><H1>X: <INPUT TYPE="text" name="x" maxlength=9 size=9></H1><H1>Y: <INPUT TYPE="text" name="y" maxlength=9 size=9></H1><p><H1><INPUT TYPE="submit" value="bereken"></H1><HR><H1>X+Y: <INPUT TYPE="text" name="som" maxlength=10 size=10></H1></FORM></BODY></HTML>
40Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Server CGI Perl
#!/usr/bin/perl
$query_string = $ENV{'QUERY_STRING'};@key_value_pairs = split(/&/, $query_string);foreach $key_value(@key_value_pairs) { ($key, $value) = split(/=/, $key_value); if ($key eq 'x') { $a = $value; } if ($key eq 'y') { $b = $value; }}$som = $a + $b;print "Content-type: text/html\n\n";print <<Einde;
41Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Server CGI Perl
<HTML><HEAD><TITLE>CGI Perl Optelling</TITLE></HEAD><BODY><H1>CGI - C : x + y</H1><HR><FORM ACTION= "http://localhost/cgi-bin/CalcCGIServer.pl" METHOD="GET"><H1>X: <INPUT TYPE="text" name="x" maxlength=9 size=9 value=$a></H1><H1>Y: <INPUT TYPE="text" name="y" maxlength=9 size=9 value=$b></H1><p><H1><INPUT TYPE="submit" value="bereken"></H1><HR><H1>X+Y: <INPUT TYPE="text" name="som" maxlength=10 size=10 value=$som></H1></FORM></BODY></HTML>
Einde
42Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Web-Based Architectures
• Server-side API (2-tier):
Presentation
WebBrowser
ApplicationModules
HTTP
Application
WebServer
API
43Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Java Servlet API
<HTML><HEAD><TITLE>Java Servlet Optelling</TITLE></HEAD><BODY><H1>CGI - Perl : x + y</H1><HR><FORM ACTION= "http://localhost/servlet/CalcServlet" METHOD="GET"><H1>X: <INPUT TYPE="text" name="x" maxlength=9 size=9></H1><H1>Y: <INPUT TYPE="text" name="y" maxlength=9 size=9></H1><p><H1><INPUT TYPE="submit" value="bereken"></H1><HR><H1>X+Y: <INPUT TYPE="text" name="som" maxlength=10 size=10></H1></FORM></BODY></HTML>
44Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Java Servlet API
public class CalcServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
int sum = request.getParameter("x") + request.getParameter("y") ; response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<HTML>"); out.println("<BODY>"); out.println("<HEAD>"); out.println("<TITLE>Servlet Sum</TITLE>"); out.println("<H1>Java - Servlet : x + y</H1>"); out.println("<HR>"); out.println("<FORM ACTION= "http://localhost/servlet/CalcServlet" METHOD="GET">"); out.println("<H1>X: <INPUT TYPE="text" name="x" maxlength=9 size=9></H1>"); out.println("<H1>Y: <INPUT TYPE="text" name="y" maxlength=9 size=9></H1>"); out.println("<p>"); out.println("<H1><INPUT TYPE="submit" value="bereken"></H1>"); out.println("<HR>"); out.println("<H1>X+Y:" + sum);
out.println("</BODY>"); out.println("</HTML>"); } }
45Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Java Server Pages
<HTML><HEAD><TITLE>Java Server Pages Optelling</TITLE></HEAD><BODY><H1>JSP : x + y</H1><HR><FORM ACTION= "http://localhost/jsp/CalcJSP" METHOD="GET"><H1>X: <INPUT TYPE="text" name="x" maxlength=9 size=9></H1><H1>Y: <INPUT TYPE="text" name="y" maxlength=9 size=9></H1><p><H1><INPUT TYPE="submit" value="bereken"></H1><HR><H1>X+Y: <INPUT TYPE="text" name="som" maxlength=10 size=10></H1></FORM></BODY></HTML>
46Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Java Server Pages
<HTML><HEAD><TITLE>Java Server Pages Optelling</TITLE></HEAD><BODY><H1>JSP : x + y</H1><HR><FORM ACTION= "http://localhost/jsp/CalcJSP" METHOD="GET"><H1>X: <INPUT TYPE="text" name="x" maxlength=9 size=9></H1><H1>Y: <INPUT TYPE="text" name="y" maxlength=9 size=9></H1><p><H1><INPUT TYPE="submit" value="bereken"></H1><HR><H1> X+Y: <%= request.getParameter("x")+request.getParameter("y") %></H1></FORM></BODY></HTML>
47Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Web-Based Architectures
• Server-side CGI (3-tier):
Presentation Database
HTTP
Application
WebBrowser
WebServer
(Script)Application
CG
I
ODBC RDBMS
48Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Web-Based Architectures
• Server-side API (3-tier):
HTTP
Presentation Application Database
WebBrowser
WebServer
ApplicationModules
API
ODBC RDBMS
49Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Web-Based Architectures
• Client-side applet (3-tier):
Presentation Application Database
HTTPWebBrowser
WebServer
ApplicationModules
API
ODBC RDBMSClientObject
IIOP
API
50Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Remote Applet Corba
public void init() { field1 = new TextField(10); field2 = new TextField(10); add(field1); add(field2); props = new Properties(); try { props.put("UseORBLocator", "true"); orb = ORB.init(this, props); calculator = CalculatorHelper.bind(orb, "Calculator"); } catch (Exception e) { e.printStackTrace(); } button = new Button("bereken"); button.addActionListener(new ActionListener() { public void actionPerformed(ActionEvent e) { text1 = field1.getText(); text2 = field2.getText(); if (calculator != null) { sum = calculator.sum(Integer.parseInt(text1), Integer.parseIn (text2)); textsum = Integer.toString(sum); } else textsum = "N/A"; repaint(); } }); add(button); }
51Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Remote Applet Corba
public class CalcServer {
public static void main(String[] args) { try { // Initialize the ORB. ORB orb = ORB.init(args,null); // Create the Inprise specific BOA com.inprise.vbroker.CORBA.BOA boa = ((com.inprise.vbroker.CORBA.ORB)orb).BOA_init(); // Create the servant CalculatorImpl calculator = new CalculatorImpl("Calculator"); // Export the newly created object. boa.obj_is_ready(calculator); System.out.println(calculator + " is ready."); // Wait for incoming requests boa.impl_is_ready(); } catch (Exception e) { e.printStackTrace(); } }}
52Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Remote Applet Corba
import java.util.*;
public class CalculatorImpl extends _CalculatorImplBase {
public CalculatorImpl(String id) { super(id); }
public synchronized int sum(int x, int y) { // Return the sum. return x+y; }}
53Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Web-Based Architectures
• Server-side API (4-tier):
Web Tier EJB Tier Database
WebServer
ApplicationModules
JSP
EnterpriseBeans
RDBMSJDBCRMI
54Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Web-Based Architectures
• Server-side XML (4-tier):
Web Tier EJB Tier Database
WebServer
Out Sream
XS
P
EnterpriseBeans
RDBMSJDBCRMI
Modules
XS
L
55Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
E-Business Infrastructure
• Data Interchange
• Web Architectures– Web Interactivity– Component Models
• E-Trust Services• Q&A
56Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Software Components
• What is a component:– Identifiable pieces– Not too large or too small– With boundaries and container– Defined by a component model
• Component advantages:– Faster installation– Easier maintenance– No large release cycles– Easier use of third party software
57Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Component Models
• What is a model:– Defines component boundaries – Describes component interactions– Component coordinator framework
• Different models:– (E)JB J2EE
• J2EE Application Servers
– (D)COM Microsoft.Net• Microsoft Transaction Server
58Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
J2EE App Server Architectures
Presentation
Web Tier
ObjectsJSP
Servlets
Busines Logic
EJB Tier
ControlSessionEntity
Data Access
Data Tier
JDBCData
ConnectorsHTML Data
Development and Deployment Tools
JTS JNDI Java Mail RMI JMS
Enterprise Deployment Services
Scalability Reliability Security Manageability
59Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Development Approach
• The solution always consists of:
The Open, Standards-based and MultipurposeFoundation Layer
The Solution
Specific Software
Generic Software
60Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Development Approach
• Using an e-business platform:
J2EE Application Server
e-Business Applications
Components Components3rd Party
Components3rd Party
Components
Extensible e-Business Services
Content Management
WorkflowUser
ProfilingXML
Integration
61Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Application Servers
• WebLogic Enterprise• SilverStream Application Server• IBM WebSphere• Netscape/Sun iPlanet• Oracle Application Server• Open Source Tomcat & Jboss
• Microsoft Transaction Server• SAP Application Server
62Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
E-Business Infrastructure
• Data Interchange• Web Architectures
• E-Trust Services– The Services– The Infrastructure
• Q&A
63Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
The Services
Cryptography Trust Services Management
Symmetric Confidentiality
Asymmetric
Message Hash
Integrity
Key Management
Key Distribution
Authentication
Non-Repudiation
64Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Cryptography
• Symmetric encryption:– 1 key to encrypt & decrypt– Standards like DES– State of the art: 128 bit key– Pro:
• Pretty fast
– Con:• Not so strong• Key exchange
65Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Cryptography
• Asymmetric encryption:– Based on key pairs:
• Public key• Private key
– Usage: • Encrypt with public decrypt with private• Encrypt with private decrypt with public
– Standards like RSA, PGP– State of the art: 1024 bit
66Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Cryptography
• Asymmetric encryption (ctd):– Pro:
• Very strong• Trust services
– Con: • Pretty slow• Key management
– Message hash:• Repeatable digest of message• Leads to unique digital signature
67Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Trust Services
• Confidentiality:– Message unreadable to others
• Integrity– Message cannot be tampered with
• Authentication– Ensure identity of message sender
• Non-repudiation– Avoid possible denial of sender
68Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Trust Services
• Confidentiality:– Operates on message:– Encrypt: public key receiver– Decrypt: private key receiver
• Other services:– Operates on message hash:– Encrypt: private key sender– Decrypt: public key sender
69Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Hybrid Solutions
• Concept:– Use symmetric encryption for data– Use asymmetric encryption to exchange and
agree on keys
• Advantages– Speed from symmetric encryption– Reliability from asymmetric encryption
70Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Hybrid Solutions
• Applications:
– Session security:• Between network hops• Fast and reliable mechanism
– Content distribution:• Avoids separate encryption• Allows multicast distribution• Enables different activation times
71Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Security Layers
• Security combined in layers:– IP: IPSec– TCP: SSL– HTTP: HTTP-S– Application: PKI
A BR
Application
Transport Transport
72Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
E-Business Infrastructure
• Data Interchange• Web Architectures
• E-Trust Services– The Services– The Infrastructure
• Q&A
73Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Key Management
• Key management:– Generation, storage, distribution, deletion,
archiving and application of keys in accordance with a security policy.
• Key distribution:– Cooperatively generated by local and remote
entities
74Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Certificates
• Digital certificate:– Unique identification of user entity– Administered and distributed by a Certificate
Authority (CA)– Contains:
• Identity• Public key• CA signature
– Available on a directory server
75Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Certificates
• Security profile:– Private information for a user– Administered and distributed by a Certificate
Authority (CA)– Contains:
• Identity• Private key• Public key CA
– Stored on a PC or smart card– Locked by a user password
76Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
Public Key Infrastructure
• Certificate Authority (CA):– Certification process– Generates and revokes keys– Verifies validity of keys
• Registration Authority (CA):– Administration process– Defines users with secret codes
• Directory Server (LDAP):– Directory of entities and keys
77Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
PKI Security Processes
• Architecture:
ClientApp
PKIAgent
CAServer
LDAPServer
RAServer
Port 709
Port 389
78Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
PKI Security Processes
• Certification Process:– Security officer defines user– User receives out-of-band secrets– User sends out-of-band secrets to CA– User stores and locks certificate
• Logon process:– User unlocks certificate– CA checks validity of certificate
79Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
PKI Security Processes
• Encryption Process:– User asks for public key receiver– CA checks validity of certificate– User performs message encryption– User sends encrypted message
• Signing process:– CA checks validity of certificate– User performs hash encryption– User sends message and hash
80Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
SWIFT Next Generation
• Three levels of security
– IPSec at transport level– EntrustSession Toolkit at session level:
• Session-based GSS API• Certificates encoded and stored
– EntrustFile Toolkit at user level• Application entities encryption• Certificates on smart cards
81Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
SWIFT Next Generation
• Session layer:
– Stored certificate– Stored encrypted password– Default time credentials– Default time context– Diffie-Hellman for key establishment
82Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
SWIFT Next Generation
• Application layer:– Store and forward– Encrypt and sign– Certificate on smart card
• Administration– SWIFT certifies Local Security Officer– EntrustAdmin prepares CA– LSO uses Admin client software
83Master in e-Business, October 10-11-17, 2003.
Cast4AllThe Content Conductor
E-Business Infrastructure
• Data Interchange
• Web Architectures
• E-Trust Services
• Q&A