|
|
SpeakersP2P2003 has scheduled two keynote sepakers (Colin Upstill and Bill Yeager) and two invited speakers (Martin King and Jakka Sairamesh).
Affiliation: IT Innovation Centre, Southampton, UK Bio Abstract The Grid by its nature involves access to computer systems and data outside one's own company or institution. Security is therefore a major element in any Grid infrastructure, as it is necessary to ensure that only authorised access is permitted. However, early developments of the Grid were strongly motivated by the performance benefits of sharing resources, and Grid security models were designed not to interfere with this. We show by comparison with mainstream e-Commerce experience that early Grid security models exhibit several weaknesses [2]. The early development of the Grid also largely failed to take account of operational realities such as network administrator responsibilities and network devices such as firewalls. Early Grid systems were simply not operable outside academic institutions and closed research networks, and we contend that the most common strategy for making them work "in the real world" represents a short-term fix that is likely to produce conflict between users and application developers on the one hand, and those responsible for network administration and security on the other. We believe that the peer-to-peer community is also likely to face similar conflicts between its decentralised management approach and the day-to-day concerns of those entrusted to maintain our security. IT Innovation is playing a leading role in the UK E-Science Programme and the exploitation of Grids for industrial and commercial purposes in the European Framework programmes. We have found it necessary to propose and begin development of radical solutions to some of these problems, including "proxy-free" delegation models and semantically-aware firewalls. There are numerous other problems with the operational security of Grid systems, such as the scalability and appropriateness of Grid authorisation management systems, etc. The Grid community is seeking to address these through a range of developments to support the virtual organisation as depicted by Foster et al in [1]. Most of these challenges will be familiar to the peer-to-peer community, and experience from the Grid suggests there are no easy solutions. Our main concern today is that even more basic problems like proxy-free delegation and firewall-friendly operation appear to require quite radical technical solutions. The difficulties experienced by the early Grid pioneers are not technical in nature, but stem from human, organisational and in some cases legal aspects of operating a decentralised infrastructure. The Grid Security Arms Race is a direct consequence of adopting solutions that don't take these non-technical and operational issues fully into account. Technical people can always find technical solutions to their current problems, but unless the operational needs of organisations are taken into account, such solutions will not provide us with a sustainable future in either Grid or peer-to-peer infrastructure.   Bill Yeager
Affiliation: Sun Microsystems Bio At Sun Bill invented, architected, and with a small team, developed the Sun Internet Message Server (SIMS) software for which he his filed four patents, and received three; Invented, and programmed the iPlanet Wireless Server; Led Sun's WAP Forum team; Architected a security model for Java Mobile Phones that is incorporated in MIDP 2.0; And, was the CTO of Sun's Jxta team, there inventing and writing the code for the Jxta Security Model. Bill has filed 26 patents on his Jxta work. Bill is now at Sun Labs. In his current project, "The Virsona," personal privacy is fundamental, Virsona's are Jxta peers, and his is initial objective is to tweak the Jxta security model to support enterprise strength security. Finally, Bill is the co-chair of the recently formed Internet Research Task Force Research Group on P2P. Abstract It is easy enough for each peer node to be its own certificate authority, create its own root and service certificates, distribute the root certificate out-of-band or in some cases in-band, different sockets for different scenarios, and then use transport layer security to insure two way authorization and privacy. Then again, one cannot help think about Philip Zimmermann, PGP, and "webs-of-trust." This is surely another socket that can be used by small communities of peers to assure that the public keys that they distribute can be trusted with some degree of certainty based on the reputation of the signers. If we imagine small groups of peers on a purely ad-hoc P2P network, for example, a family, then either mom or dad might be the certificate authority, place their root certificate on each family member's system by infra-red, eyeball-to-eyeball communication, and yes, if a certificate is signed by the CA, you trust it or else. One more socket for our toolbox. Finally, without actually using a recognized CA, one can apply even more torque to tighten the security on a P2P network. Select one or more well protected and trusted systems, and give to them certificate-granting authority. These systems are unlike standard CA's in the sense that they are peers in the P2P Network, albeit, special peers. Each peer using these CA's boots with the appropriate root certificates, and acquires a root certificate from one of the CA's using a Certificate Signing Request. Furthermore, to acquire a certificate the peer must be authorized perhaps by using an LDAP directory with a recognized protected password. Here, the CA can also use a secure connection to a corporate LDAP service to authorize requesting peers. In the end, each of the above scenarios, each socket in our mythical toolbox, is a not so mythical. This is how Project JXTA approaches security, and what we will discuss in this keynote presentation. Invited speakers
Affiliation: Quick Com Bio Abstract The IP Internet Protocol is used to create a common overlay network on top of many existing networks using other transport protocols to suite their physical requirements. A technique known as tunneling, where the payload of an IP data packet carries another full IP packet including its header information, is an overlay networking method for creating a VPN Virtual Private Network on top of the existing Internet or IP based network. VPNs are typically edge-based requiring static real IP addresses at each LAN gateway on the Internet side. Such solutions are cumbersome and inflexible requiring considerable additional infrastructure and reconfiguration of network components. VPNs for the remote user usually involve connection into a hub as a single branch of a network star formation. A number of protocols are used on the Internet today for different purposes HTTP, HTTPs, SSL, TCP, UDP to name just a few. Tunnels can be created using these protocols to passively enable overlay networking in the IP environment. For example the establishment of an HTTP tunnel can be used to bridge a firewall whereas SSL can be applied where added security is required. An approach will be presented for generically creating IP Multicast Overlay networks in a fully distributed environment. This brings several advantages: a) Nodes can be dynamically meshed together resulting in load balancing of the network traffic and the creation of a web on top of the web. b) Multicast can now be communicated from any node to any multiple selection of neighboring nodes in an "Any to Many" fashion, rather than the traditional centralized approach of "One to Many". This is consistent with many of the distributed media-streaming solutions being discussed. c). In a distributed environment overlay networks can be constructed with No Single Point of Failure. This is an important step towards fully fault tolerant distributed software infrastructure. d). The application developer is equipped with a Communications Middleware that permits the establishment of a true VPN without the need to configure additional network infrastructure. e) A turn-key solution for empowering the end-user to establish an overlay network without compromising the network administrator or service provider. The approach realised is applicable to broadband, narrowband, mobile and static environments. Finally some user case studies for applying this technology will be presented. Jakka Sairamesh
Affiliation: IBM T. J. Watson Research Bio Abstract In this paper, we present the grand challenges involved in designing and implementing reliable and transparent e-business applications in a decentralized and autonomous fashion that can handle business-critical applications in Enterprises and virtual organizations. We present a novel architecture and framework for end-to-end mobile e-business applications based on concepts from P2P, dynamic socio-economic networks (overlays) and resource allocation from Grid computing. The architecture takes into consideration disconnection, application context, synchronization, transactions and self-managing failure recovery modes to provide mobile users with seamless and transparent access to data and resources when needed. In addition, the mechanisms designed consider decentralized resource management for providing data availability and fast access. In our architecture, we consider a business process design based on state-machines and failure event management to handle disconnection, resource limitations and failures in open dynamic networks. We consider simple cost-based P2P networks as the underlying framework for connecting millions of mobile devices to thousands computational servers. A first-version of this system was designed, implemented and deployed a network of mobile clients using open Webservices standards. |
|
|
|
|
|