JNASA Applied Thesis

1
JNASA - Applied Thesis

• Designing and developing a Java Naming
  Application Security Architecture (JNASA) using
  LDAP, RMI and JNDI technologies
• Presented By
• Robert Estey

2
Agenda

• Introduction
• Review of Literature
• Research Design
• Data Presentation and Analysis
• Conclusions and Summary
• Demonstration

3
Introduction

• Overview of Problem
• Several hundred applications
• Development without a standard approach
• Security developed within applications
• Security requires specialized training
• Providing a uniform security process to
  information becomes more complicated.

4
Assumption

• Several security models
• IT needs a security framework that is scalable,
  secure, easy to implement and administrate.
• Scope of the project
• Java, LDAP, JNDI and RMI

5
Background

• Not just a corporate problem, widespread
• Deploying applications to customers must be
  stringent and easy to maintain.
• N-tiered distributed architectures.

6
Common Naming / Directory Framework

• Standards based technologies using common APIs
• APIs should define open object interfaces
• Naming / Directory architectures simplify
  deployment and management, enables dynamic
  configurations

7
Role Based Duties

• Centralizing administration roles
• Lowers cost
• Maintain the highest level of security
• Flexible and adaptive solutions
• Single Signon
• Granular administration capabilities
• Role based task delegation

8
Project Objectives

• Less Training / Simplified Development
• Smaller Programs
• Fewer Security Leaks
• Immediate Reuse
• Logistical Support
• Extended Administration Roles

9
Review of Literature

• Remote Method Invocation (RMI)
• Lightweight Directory Access Protocol (LDAP)
• Java Naming and Directory Interface (JNDI)

10
Remote Method Invocation (RMI)

• Simular to CORBA (Distributed Objects)
• Distributed Java Objects
• Object Oriented Technology
• Mobile Behavior
• Security
• Easy to write and use
• Serialized Objects
• Objects are passed by value

11
RMI Layers
12
RMI Registry

• // remote class
• package framework.server
• public class JNASAServer extends
  UnicastRemoteObject
• implements framework.common.Sentry
• // declare and register a service
• JNASAServer server new JNASAServer()
• Registry registry LocateRegistry.createRegist
  ry( port )
• registry.bind( service, server
  )
• // remote method authenticate
• public ClientProfile authenticate( String
  client, String password ) throws
• RemoteException

13
Finding an Object

• package framework.client
• public class LoginApplet
• // find the service through the registry
• String url "rmi//" node "" port
  "/" service
• Sentry sentry (Sentry)Naming.lookup( url )
• rmi//localhost1500/JNASAServer

14
Remote Method authenticate()

• package framework.client
• public class LoginApplet
• jnasaService
• (JNASAService)loginBean.authenticate(
• username, password )

15
Creating a Common Interface

• // common interface
• package framework.common
• public interface Sentry implements Remote
• public ClientProfile authenticate( String
  client, String password ) throws RemoteException

16
RMIC

• C\gt rmic options classFile
• rmic framework.server.JNASAServer
• rmic framework.server.MessageService
• java -DJNASAServer.configCONFIG
  framework.server.JNASAServer 1500

17
Object Serialization

• Breaking down an object into a stream
• Objects are passed by value
• RMI Strength compared to CORBA

18
Naming Services

• Domain Name System (DNS)
• CORBA and RMI deploy distributed objects through
  naming services

19
Naming Terminology
20
Directory Services

• X.500 Directory Access Protocol (DAP)
• Lightweight DAP (LDAP)
• NetWare Directory Service (NDS)
• Network Information Server (NIS)
• Java Naming and Directory Interface (JNDI)

21
Lightweight Directory Access Protocol (LDAP)

• 1988, X.500 for directory service
• Network Directory Services
• Whitepages
• OSI network
• 1993, LDAP
• 90 functionality of X.500
• 10 size of X.500
• IP network

22
How LDAP works
23
LDAP Example
24
Java Naming and Directory Interface (JNDI)
25
Research Design

• Environment
• Windows NT platform
• Java Developer Kit (JDK 1.2.1) - Java 2
• Netscape Directory Server
• JETTY Web Server
• Netscape Browser

26
Service References
27
(No Transcript)
28
Quantitative Results

• Client Lookup Performance
• Client Authentication and Authorization
• Overall Performance
• Coding size comparisons
• Results Conclusion

29
RMI Registry Lookup
Clients
Average
30
Authentication and Authorization
31
Overall Performance
32
Coding Size Comparison
33
Results Conclusion
34
Conclusion

• Electronic Commerce will continue to grow
• Naming / directory architectures are roadmaps to
  information
• LDAP enables businesses to tightly integrate Web
  access control policies
• JNDI can access many other naming / directory
  interfaces

35
Conclusion (cont.)

• The goals of this project were accomplished
• Design, develop and deliver JNASA
• The JNASA framework can be used by any client or
  server application
• Promoting reuse
• JNASA exceeded expectations

36
Questions?

• Designing and developing a Java Naming
  Application Security Architecture (JNASA) using
  LDAP, RMI and JNDI Technologies
• estey_at_primenet.com
• www.primenet.com/estey/