2004 Fall Simulation Interoperability Workshop

1
Value-Added Simulation Functionality with
Layered Web Services
2004 Fall Simulation Interoperability
Workshop SIW Paper 04F-SIW-099 Mr. Ryan P. Z.
Brunton Dr. Katherine L. Morse Mr. David L. Drake
2
Overview

• XC2I overview and rationale
• Role-based Access Control (RBAC)
• Web-services Interest Management (WSIM)
• Area of Interest Management (AOIM)
• Aggregation Interest Management (AGIM)
• Summary / Future Work
• Questions

3
XC2I Architecture
Visualization Layer using SOFVIZ
Data Storage Layer
Terrain UOB I/F
Common Client Side Web I/F
Dynamically Updated Entity Status
XML Control Messages
Terrain UOB Initialization Data
ltunitgt ltposgt32UCD4314311lt/posgt lttypegttanklt/typegt
ltsidegtredlt/sidegt lt/unitgt
Web Service
HLA to XML (Service)
DIS to XML (Service)
C4I to XML (Service)
XML I/F
XML I/F
Terrain Server
Terrain Server
Different Views
Simulation
GIG ES
4
Role Based Access Control (RBAC) Architecture
Goals

• Define a globally available identity management
  system
• Associate user identities with simulation-specific
  roles
• Transparently limit user interaction with the
  client based on user's available roles

5
Authorization Sequence Diagram
access control server
VAC1viewer access control client
User1user
login (username password)
Standard SSL challenge/ response occurs between
the viewer access control client and the access
control server.
login (certificate, username)
authenticate
interest management selection GUI (visual
representation of ACL)
authorization (access control list XML)
cache ACL
One token for each authorized role
6
Access Control Initialization
VAC1viewer access control
access control server
VV1viewer visualization
WS IM server
User1user
Token for requested authorized role
present list of roles
choose role
role request(token)
verify (token)
authorization
authorization
cache session credential
7
Access Control
VAC1viewer access control
WS IM server
VV1viewer visualization
User1user
IM request(interest expressionC2IML)
verify IE against ACL
IM request(IE C2IML, possibly modified from
above)
verify IE
IM response(entity data C2IEDM)
8
Web Services Interest Management

• Motivation
• Simulation updates generated at a higher rate
  than network could accommodate
• Abstract interface needed to filter based on C2I
  vocabulary
• How does this relate Data Distribution Management
  (DDM)?
• We needed a generic infrastructure
• We can still map to DDM

9
Area of Interest Management (AOIM)

• Viewbox scoping
• Filter dimensions
• Geographic location
• Object type
• Object id
• Update frequency
• Geographical delta

10
Aggregation Interest Management (AGIM)

• Filters on
• Aggregate units (e.g. battalion)
• Updates limited to aggregates individual unit
  updates not transmitted
• Challenges
• Deriving order of battle from available
  simulation data

11
Layered Architecture Stack
Client
Web Service Protocols
Allows Separation of Architectural Components
AGIM
AOIM
RBAC
Simulation
12
Future Work

• Shortcomings of the Web Services standards and
  work being done by the OASIS standards body
  indicate that the current work may be superseded
  by a significantly different message format, such
  as the eXtensible Access Control Meta Language
  (XACML)
• However, the fundamental architecture will
  continue to be appropriate to the application

13
Questions?

• Mr. Ryan P. Z. Brunton
• bruntonr_at_saic.com
• Dr. Katherine L. Morse
• morsek_at_saic.com
• Mr. David L. Drake
• drakedavid_at_saic.com