欢迎来到天天文库
浏览记录
ID:7298877
大小:176.36 KB
页数:8页
时间:2018-02-10
《pki security for jxta overlay networks》由会员上传分享,免费在线阅读,更多相关内容在工程资料-天天文库。
1、PKISecurityforJXTAOverlayNetworksJeffreyEricAltman,CTOIAMConsulting,Inc.1February2003IntroductionJXTAisthefirstofanewclassofgeneralpurposeheterogeneouscross-platformpeertopeeroverlaynetworks.An“overlaynetwork”isamiddlewaremessagingsystemarchitectedtoallowforend-to-end
2、connectivitybetweendevicesacrosscombinationsofconnectedheterogeneousnetworksandsegmentedhomogeneousnetworks.JXTAcombinestheoverlaynetworkwithanamespaceabstractionreferredtoasaPeerGroup.EachPeerGroupisinturnavirtualnetworkspaceconsistingofasubsetofalldevicesaccessiblev
3、iatheoverlaynetwork.Adevicemaintainsmultiple“Peer”identities;oneforeachofthePeerGroupsinwhichitisparticipating.JXTAisflexibleenoughtomeettheneedsofanyapplicationspacebynotimposingafixedstructureonthecreationofPeerGroups.AnypeermaycreateanewPeerGroupatanytimeforanyreas
4、ontocommunicatewithanysetofpeers.TheonlyrequirementisthatallPeersparticipatingwithinaPeerGroupmustuseanagreeduponsetofservicesandprotocolsforimplementingauthentication,authorization,auditing,messagepropagation,peerresolution,discovery,andanyapplicationspecificcapabili
5、tiesrequiredtofulfillthePeerGroup’smission.AnetworkofJXTAdevicesissecuredbyimplementingauthentication,authorizationandauditingserviceswithineachPeerGroupandbyrestrictingthetypesofinformationwhichmaybepublishedwithineachPeerGroup.EachPeerwithinaPeerGrouphasitsownidenti
6、ty.(AdeviceparticipatingwithinmultiplePeerGroupswillmaintainseparateidentities;oneforeachPeerinstance.)ThisidentitymaybeboundtoanauthenticatorandauthorizationdatawithinaCredential.TheseCredentialsareusedtoproveaPeer’smembershipwithinthePeerGroup;touniquelyidentifytheP
7、eer;andmaybeusedtograntorrestrictaccesstoservicesorcontentavailablewithinthePeerGroup.ThechoiceofauthenticationandauthorizationschemesandCredentialformatsusedtosecureaPeerGroupareleftuptothePeerGroupimplementer.ParticipationwithinPeerGroupsmaybesecuredwithcentralizedX
8、.509certificatebasedPublicKeyInfrastructures;Kerberos;oranad-hocdistributedtrustmodelsuchasPoblano.MessagePrivacyandNon-Repu
此文档下载收益归作者所有