resource query authority
play

Resource Query Authority 11 th TF-EMC2 Meeting 9-10 July, 2008, - PowerPoint PPT Presentation

Nov 15, 2022 •348 likes •531 views

Dartmouth College Massimiliano Pala <pala@cs.dartmouth.edu> Proposal for Deploying a PKI Resource Query Authority 11 th TF-EMC2 Meeting 9-10 July, 2008, Umea, Sweden 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden Outline

  1. Dartmouth College Massimiliano Pala <pala@cs.dartmouth.edu> Proposal for Deploying a PKI Resource Query Authority 11 th TF-EMC2 Meeting 9-10 July, 2008, Umea, Sweden 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  2. Outline • Introduction – Introduction & Motivations – Current Solutions & Limitations • Protocol Details – PKI Resource Query Protocol – Resource Query Authority Deployment • Conclusions – Implementation Details – Future Work 2 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  3. Simple Questions (?) Where can I ask for a certificate revocation ? Where do I apply for a new Certificate ? Where do I find the Certificates repository ? 3 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  4. PKI Resource Discovery Enhance Interoperability across PKIs • Ease PKI Management Issues • – Now connected to certificates' contents Foster simpler User Interfaces (UI) • – User awareness Issues • Usability of PKIs 4 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  5. Current Solutions • Certificate Extensions DNS Records • Webservices • Local Network Oriented Solutions • 5 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  6. The Proposed Solution The PKI Resources Query Protocol • Allows a client to request services and repositories URL • associated with a CA • Provides “discovery” for any services (current and future): – Repositories (CRLs and Certs) – Validation Services (OCSP, SCVP, etc...) – Other Services (TimeStamping, Revocation, Subscription, etc... ) – Future services 6 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  7. Status of PRQP The PKI Resources Query Protocol (PRQP) is undergoing • the final call to be accepted as a working item of the PKIX work group (IETF) • The I-D is currently available as <draft-pala- prqp-01.txt> from IETF • We hope to push PRQP on the standard track as soon as possible 7 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  8. PRQP in a “Nut”Shell Simple client-server protocol • The server is the Resource Query Authority • – It is certified by a CA to provide PRQP responses (exactly as an OCSP is authorized to provide OCSP responses) – Can provide responses for multiple CAs • Trusted Mode • Multiple Certificates from different Cas “Where can I find service “X” related to CA “Y” • – “Service “X” from CA “Y” can be found at this URL 8 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  9. The Request Query Authority Authority designated to answer to PKI Resource • Location Resource Additional step: PRQP is used to Query discover the URL of the Authority Validation Service (OCSP) for the presented Client Certificate (3) (2) Validation App. Service (4) (1) Client Certificate 9 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  10. Examples PKIX Services • – id-ad-prqp – id-ad-prqp-ocsp – id-ad-prqp-caIssuers – id-ad-prqp-timestamping – Id-ad-prqp-dvcs – Id-ad-prqp-caRepository • HTTP (Browser) services – id-ad-prqp-http-certs --- HTTP cert repository – id-ad-prqp-http-crls --- HTTP CRL URL – id-ad-prqp-xkmsGateway --- XKMS Gateway – id-ad-prqp-cmsGateway --- CMS Gateway 10 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  11. Examples (2) Certificate Policies • – Id-ad-prqp-certPolicy --- Certificate Policy (CP) URL – Id-ad-prqp-certPracticesStatement --- Certification Practices Statement (CPS) URL Level Of Assurance • – id-ad-prqp-certLOAPolicy --- LOA Policy URL – id-ad-prqp-certLOALevel --- Certificate LOA Modifier URL HTTP (Browsers) based services • – id-ad-prqp-httpRevokeCertificate --- HTTP Based Certificate Revocation Service – id-ad-prqp-httpRequestCertificate --- HTTP Based Certificate Request Service 11 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  12. Examples (3) Grid Specific Services • – Id-ad-prqp-grid-accreditationBody --- CA Accreditation Body(s) – id-ad-prqp-grid-accreditationPolicy --- CA Accreditation Policy Document(s) – id-ad-prqp-grid-accreditationStatus --- CA Accreditation Status Document(s) – id-ad-prqp-grid-commonDistributionUpdate --- Grid Distribution Package(s) – id-ad-prqp-grid-accreditedCACerts --- Certificates of Currently Accredited CAs – Id-ad-prqp-certPolicy --- Certificate Policy (CP) URL – Id-ad-prqp-certPracticesStatement --- Certification Practices Statement (CPS) URL 12 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  13. Deployment Plans TACAR provides trusted certificate repository and • information for many CAs • We propose to run an RQA that will provide support for all the TACAR's CAs The Server will be hosted at Dartmouth College • Two Options • – Operating as a Trusted Responder – Getting a Certificate from each CA that wish to participate in TACAR's RQA We will need to define the policies for CAs admins to • update information related to their CAs – Probably by using an authenticated upload (web) form • A web-based client will be setup 13 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  14. Implementation Details PRQP API included into LibPKI (v0.1.9) • – Provides easy-to-use functionality • PRQP_REQUEST_new_cacert_file() Available for any UniX based system (eg., Linux, • Solaris8-10, OpenSolaris, BSD, MacOS, iPhoneOS2.0, etc... ) • PRQP Server (available version at OpenCA) – Based on OpenCA OCSPD – Implements PRQP over HTTP – Supports multiple CA 14 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  15. Conclusions • PRQP provides/is: – Dynamic Solution – Fast and easy to implement – Specific solution for the problem – Ease rollover of services – Supported in LibPKI (Easy-to-use PKI library) • Initial support for a PKI Discovery Infrastructure for TACAR – Allow writing applications that make use of the deployed infrastructure – Provide us with valuable feedback to improve current specification 15 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  16. Future Works • PKI Usability and Interoperability project at Dartmouth College: – Extending the PRQP to a Peer-2-Peer Authenticated Network (for inter-federation PRQP support) – Already published a paper at EuroPKI (PEACHES and Peers) 16 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  17. ? ?? ?? ? ? ? Questions ? ? ?? ? ? ? ? 17 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

  18. Thank You! Contacts: • Massimiliano Pala <pala@cs.dartmouth.edu> OpenCA <project.manager@openca.org> • Website http://mm.cs.dartmouth.edu/prqp/ (DEMO) https://www.openca.org/projects/prqpd/ 18 11 th TF-EMC2 Meeting, 9-10 July, 2008, Umea Sweden

Recommend

z Towards Plan-aware Resource Allocation in Serverless Query Processing Malay Bag Alekh Jindal

z Towards Plan-aware Resource Allocation in Serverless Query Processing Malay Bag Alekh Jindal

z Towards Plan-aware Resource Allocation in Serverless Query Processing Malay Bag Alekh Jindal z Hiren Patel z Resour ource Alloc ocati tion Issue ue in Serverless Query Processing Hard to estimate resource requirement at compile

673 views • 11 slides
Well Permitting &amp; Approvals Thomas Donohue, PG Authority? Authority? Most of our authority

Well Permitting &amp; Approvals Thomas Donohue, PG Authority? Authority? Most of our authority

Well Permitting &amp; Approvals Thomas Donohue, PG Authority? Authority? Most of our authority comes from: Act 223 Pennsylvanias Oil and Gas Act Act 214 Coal and Gas Resource Coordination Act Act 359 Oil and Gas Conservation Law

764 views • 30 slides
Uniform Resource Locators (URLs) Scheme Port Number Query

Uniform Resource Locators (URLs) Scheme Port Number Query

Uniform Resource Locators (URLs) Scheme Port Number Query http://www.company.com:81/a/b/c.html?user=Alice&amp;year=2008#p2 Host Name Hierarchical portion Fragment CS 142 Lecture Notes: URLs and Links Slide 1 &lt;a&gt; Examples Full

315 views • 4 slides
Query Processing, Resource Management, And Approximation in a Data Stream Management System

Query Processing, Resource Management, And Approximation in a Data Stream Management System

Query Processing, Resource Management, And Approximation in a Data Stream Management System Kevin Hoeschele Archana Joshi References R. Motwani, J. Widom, A. Arasu, B. Babcock, S. Babu, M. Datar, G. Manku, C. Olston, J. Rosenstein and R.

559 views • 23 slides
Improve Query Performance with the Query Log Analyzer Kees Vegter Field Engineer Query Log

Improve Query Performance with the Query Log Analyzer Kees Vegter Field Engineer Query Log

Improve Query Performance with the Query Log Analyzer Kees Vegter Field Engineer Query Log Analyzer kees@neo4j.com Query Log dbms.logs.query.enabled=true # If the execution of query takes more time than this threshold, # the query is

1.12k views • 27 slides
Query Processing Relevance feedback; query expansion; Web Search 1 Overview Indexes Query

Query Processing Relevance feedback; query expansion; Web Search 1 Overview Indexes Query

Query Processing Relevance feedback; query expansion; Web Search 1 Overview Indexes Query Indexi xing Ranki king Applica cation Results Documents User Information Query y Query analys ysis proce cess ssing Multimedia

740 views • 32 slides
Query Op)miza)on 1 Query op)miza)on Given an SQL query,

Query Op)miza)on 1 Query op)miza)on Given an SQL query,

Query Op)miza)on 1 Query op)miza)on Given an SQL query, the query op)mizer tries to figure out the order of opera)ons that will make the

550 views • 23 slides
Query Answering in (Resource-Based) answer set semantics Stefania Costantini and Andrea

Query Answering in (Resource-Based) answer set semantics Stefania Costantini and Andrea

Query Answering in (Resource-Based) answer set semantics Stefania Costantini and Andrea Formisano University of L Aquila and University of Perugia, Italy LRC15, Corunna, Spain Speaker: Stefania Answer Set Semantics The answer set

515 views • 23 slides
Query Execu*on Declara*ve Query (SQL) We start from

Query Execu*on Declara*ve Query (SQL) We start from

SQL The Query Language R &amp; G - Chapter 5 2 Query Execu*on Declara*ve Query (SQL) We start from here Query Op*miza*on and Execu*on (Rela*onal)

808 views • 44 slides
Query Execution 2 and Query Optimization Instructor: Matei Zaharia cs245.stanford.edu Query

Query Execution 2 and Query Optimization Instructor: Matei Zaharia cs245.stanford.edu Query

Query Execution 2 and Query Optimization Instructor: Matei Zaharia cs245.stanford.edu Query Execution Overview Query representation (e.g. SQL) Logical query plan (e.g. relational algebra) Query optimization Optimized logical plan Physical

1.17k views • 92 slides
Query Execu:on Declara:ve Query (SQL) We start from

Query Execu:on Declara:ve Query (SQL) We start from

SQL III The Query Language R &amp; G - Chapter 5 Based on Slides from UC Berkeley and book. Query Execu:on Declara:ve Query (SQL) We start from here

1.02k views • 64 slides
Query Execu:on Declara:ve Query (SQL) We start from

Query Execu:on Declara:ve Query (SQL) We start from

SQL The Query Language R &amp; G - Chapter 5 Based on Slides from UC Berkeley and book. 2 Query Execu:on Declara:ve Query (SQL) We start from

689 views • 34 slides
Query Understanding: A Manifesto Daniel Tunkelang queryunderstanding.com Overview What is

Query Understanding: A Manifesto Daniel Tunkelang queryunderstanding.com Overview What is

Query Understanding: A Manifesto Daniel Tunkelang queryunderstanding.com Overview What is query understanding? Query performance prediction. Query rewriting. Query suggestions. Search is a conversation. tl;dr: Query

940 views • 37 slides
Perfect Query FORMULA 5 critical sections in every successful query letter (c) 2019

Perfect Query FORMULA 5 critical sections in every successful query letter (c) 2019

Perfect Query FORMULA 5 critical sections in every successful query letter (c) 2019 GetaBookDeal101.com is this you Why am I not hearing back? the query conundrum giving up too early the query conundrum blaming the system the query

974 views • 61 slides
Module 13: Optimizing Query Performance Overview Introduction to the Query Optimizer

Module 13: Optimizing Query Performance Overview Introduction to the Query Optimizer

Module 13: Optimizing Query Performance Overview Introduction to the Query Optimizer Obtaining Execution Plan Information Using an Index to Cover a Query Indexing Strategies Overriding the Query Optimizer Introduction to

450 views • 34 slides
Introduction Query Execution Engine Implements a set of physical operators 2 key

Introduction Query Execution Engine Implements a set of physical operators 2 key

Overview of Query Optimization in Relational Systems An overview of current query optimization techniques Overview of Query Optimization Provides fundamentals of query in Relational Systems optimization Presenter: Albert Wong

294 views • 4 slides
Chapter 3: Top-k Query Processing and Indexing 3.1 Top-k Algorithms 3.2 Approximate Top-k Query

Chapter 3: Top-k Query Processing and Indexing 3.1 Top-k Algorithms 3.2 Approximate Top-k Query

Chapter 3: Top-k Query Processing and Indexing 3.1 Top-k Algorithms 3.2 Approximate Top-k Query Processing 3.3 Index Access Scheduling 3.4 Index Organization and Advanced Query Types 3-1 IRDM WS 2005 3.1 Top-k Query Processing with Scoring

592 views • 36 slides
Capabilities in seL4 Types of Authority Resource Management Implementation Model

Capabilities in seL4 Types of Authority Resource Management Implementation Model

Capabilities in seL4 David Cock Background Microkernel Systems seL4 &amp; Barrelfish Authorisation and Delegation Capabilities in seL4 Types of Authority Resource Management Implementation Model Representation David Cock Operations

1.41k views • 118 slides
CSE 232A Graduate Database Systems Arun Kumar Topic 4: Query Optimization Chapters 12 and

CSE 232A Graduate Database Systems Arun Kumar Topic 4: Query Optimization Chapters 12 and

CSE 232A Graduate Database Systems Arun Kumar Topic 4: Query Optimization Chapters 12 and 15 of Cow Book Slide ACKs: Jignesh Patel, Paris Koutris 1 Lifecycle of a Query Query Result Query Database Server Query Execute Parser

735 views • 50 slides
Query Optimization Through the Looking Glass Some Lessons From Building an LLVM-Based Query

Query Optimization Through the Looking Glass Some Lessons From Building an LLVM-Based Query

Query Optimization Through the Looking Glass Some Lessons From Building an LLVM-Based Query Compiler Viktor Leis Technische Universitt Mnchen Introduction: Query Optimization HJ B cardinality cost INL B T SELECT ... estimation

679 views • 25 slides
Mediator y e r u Q d e t a l u Query m r o e f K L M R Reformulated Query O

Mediator y e r u Q d e t a l u Query m r o e f K L M R Reformulated Query O

Motivation Approach Search Scoring Experiments Related Work Conclusions O r b i t z F l i g h t lowestFare(MXP,HYD) S e a r c h Mediator y e r u Q d e t a l u Query m r o e

242 views • 21 slides
Developing a Magnesium Resource in Developing a world class magnesium resource in Western Canada

Developing a Magnesium Resource in Developing a world class magnesium resource in Western Canada

Developing a Magnesium Resource in Developing a world class magnesium resource in Western Canada Western Canada TSXV - WHY Disclaimer and Forward Looking Statement No stock exchange, securities commission or other regulatory authority has

353 views • 23 slides
CAS CS 460/660 Introduction to Database Systems Query Evaluation II 1.1 Cost-based Query

CAS CS 460/660 Introduction to Database Systems Query Evaluation II 1.1 Cost-based Query

CAS CS 460/660 Introduction to Database Systems Query Evaluation II 1.1 Cost-based Query Sub-System Select * Queries From Blah B Where B.blah = blah Query Parser Query Optimizer Plan Plan Cost Catalog Manager Generator Estimator

711 views • 44 slides
SQL for the IoT Move the query to the data, not the data to the query. Internals Why Do You

SQL for the IoT Move the query to the data, not the data to the query. Internals Why Do You

SQL for the IoT Move the query to the data, not the data to the query. Internals Why Do You Care? So you can better understand what your query is doing. So that you can appreciate how much work the database is saving you. So that

1.24k views • 99 slides

More recommend