An architecture for a secure service discovery service

The widespread deployment of inexpensive communications technology, computational resources in the networking infrastructure, and network-enabled end devices poses an interesting problem for end users: how to locate a particular network service or device out of hundreds of thousands of accessible services and devices. This paper presents the architecture and implementation of a secure Service Discovery Service (SDS). Service providers use the SDS to advertise complex descriptions of available or already running services, while clients use the SDS to compose complex queries for locating these services. Service descriptions and queries use the eXtensible Markup Language (XML) to encode such factors as cost, performance, location, and deviceor service-specific capabilities. The SDS provides a highlyavailable, fault-tolerant, incrementally scalable service for locating services in the wide-area. Security is a core component of the SDS and, where necessary, communications are both encrypted and authenticated. Furthermore, the SDS uses an hybrid access control list and capability system to control access to service information.

[1]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[2]  Eric C. Rosen,et al.  The New Routing Algorithm for the ARPANET , 1980, IEEE Trans. Commun..

[3]  Roger M. Needham,et al.  Experience with Grapevine: the growth of a distributed system , 1984, TOCS.

[4]  Paul V. Mockapetris,et al.  Development of the domain name system , 1988, SIGCOMM '88.

[5]  Stephen E. Deering,et al.  Host extensions for IP multicasting , 1986, RFC.

[6]  Stephen Deering,et al.  Multicast routing in a datagram internetwork , 1992 .

[7]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[8]  David A. Patterson,et al.  A case for networks of workstations (now) , 1994, Symposium Record Hot Interconnects II.

[9]  David E. Culler,et al.  A case for NOW (networks of workstation) , 1995, PODC '95.

[10]  James A. Gosling,et al.  The java language environment: a white paper , 1995 .

[11]  T. Howes The Lightweight Directory Access Protocol: X.500 Lite , 1995 .

[12]  P. Mockapetris,et al.  Development of the Domain Name System , 1988, CCRV.

[13]  Ian Dickinson,et al.  A Means for Expressing Location Information in the Domain Name System , 1996, RFC.

[14]  Charles E. Perkins,et al.  IP Mobility Support , 1996, RFC.

[15]  Henning Schulzrinne,et al.  RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[16]  Srinivasan Seshan,et al.  SPAND: Shared Passive Network Performance Discovery , 1997, USENIX Symposium on Internet Technologies and Systems.

[17]  Henning Schulzrinne,et al.  Wide Area Network Service Location , 1997 .

[18]  C. M. Sperberg-McQueen,et al.  Extensible Markup Language (XML) , 1997, World Wide Web J..

[19]  Charles E. Perkins,et al.  Service Location Protocol , 1997, RFC.

[20]  Rajesh Raman,et al.  Matchmaking: distributed resource management for high throughput computing , 1998, Proceedings. The Seventh International Symposium on High Performance Distributed Computing (Cat. No.98TB100244).

[21]  Steven McCanne,et al.  An active service framework and its application to real-time multimedia transcoding , 1998, SIGCOMM '98.

[22]  Franz J. Hauck,et al.  Locating objects in wide-area systems , 1998, IEEE Commun. Mag..

[23]  Henry McGilton,et al.  The JavaTM Language Environment , 1998 .

[24]  J. J. Garcia-Luna-Aceves,et al.  Organizing multicast receivers deterministically by packet-loss correlation , 1998, MULTIMEDIA '98.

[25]  David Meyer,et al.  Administratively Scoped IP Multicast , 1998, RFC.

[26]  Charles E. Perkins,et al.  Service Location Protocol, Version 2 , 1999, RFC.

[27]  James H. Aylor,et al.  Computer for the 21st Century , 1999, Computer.

[28]  Steven McCanne,et al.  Inference of multicast routing trees and bottleneck bandwidths using end-to-end measurements , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[29]  Li Fan,et al.  Summary cache: a scalable wide-area web cache sharing protocol , 2000, TNET.

[30]  Samuel P. Midkiff,et al.  The NINJA project , 2001, CACM.