Kapil Sachdeva's Blog - SmartCard Serenity

SCTP is a new alternative to TCP, a protocol which is a backbone of today's internet. Very much like TCP itself, SCTP has some features which make it to be an ideal candidate for networking stacks in making.

Similar to TCP, SCTP has following features

1. Connection Oriented
2. Full Duplex
3. Reliable data transfer

The extra functionalities that SCTP bring are very interesting. TCP does an ordered data delivery meaning every data is recieved in same order as was sent, however this comes with a price. Say if the first data packet does not arrive then other packets in the sequence have to be either hold up or discarded. This is called “Head of Line Blocking problem”. SCTP is designed to addess this need and it solves it in 2 ways.

1. Un-ordered Messages
2. Muti streaming

Un-ordered messages you can easily see is a feature of UDP. SCTP provides an option for marking the transmission as ordered or un-ordered.

Multi-streaming : Actually name of SCTP - Stream Control Transmission protocol is derived because of this feature. This means that data can be partitioned into multiple streams that have the property of independently sequenced delivery within that stream and not delivery in other streams. Just to mention it, TCP is a single byte stream based protocol. An excellent example of multi-streaming is that delivery of multimedia documents. Since they consists of different objects, each object can be transported in its own stream. The same can be achieved by TCP by opening several connections (one per stream) which would lead to additional overhead. SCTP does it in one association.

One of the core features that SCTP has is called Multi-homing. This means that each of the 2 endpoints during SCTP association setup can specify multiple points of attachment. Having multiple interfaces allow data to be automatically sent to alternate addresses when failure occur and important part here is that it happens without application ever knowing low level failure.Such fault tolerance is not available in TCP, which binds each endpoint to a single interface.

RFCs for SCTP and general information can be found at : http://www.sctp.org

Download WSE 2.0 SP1 from MSDN.

Hervey mentions the change log here

Its bit hard for me to digest that IBM being the WS-Federation standard founder went for a deal with France telecom (one of the founders of Liberty alliance) to conform to Libery standard for identity federation. Not to mention that Libery group members must also be in uncomfortable position as IBM being competitor in the authoring the federation standards.

Read more about the contract here.

At Burton catalyst last week to whomsoever I talked about the religious war between libery and WS-Federation every body has an opinion that they should merge. Most of them were looking to support both though.

.NET SmartCard will be supporting both the standards but definitely its a pain for vendors.

Last week at Microsoft Hospitality suite in Burton Catalyst conference I showed a demo showing the roles smartcards could play in Webservices security & federation. Demo comprised of 2 webservices - AirTicketService & CarRentalService, a company portal (TravelPortal)  and .NET SmartCard hosting Security Token Service (STS) , Pseudonym Service.  Also used was my WS-Federation implementation from Plumbwork workspace at GDN.

Objectives of the demo were :

• .NET SmartCard as a server hosting STS and Pseudonym service.
• Seamless integration of .NET SmartCard with WSE 2.0.

Following were the steps of the demo :

1. User goes to the company Travel portal and presents the pin to authenticate to the smartcard.
2. Travel portal on successful authentication to the card send RST (Request Security Token message) to STS residing in smartcard to get the token for AirTicketService. I used a custom token with has a symmetric key encrypted with public key of the requestor.
3. Travel portal then signs and encrypt the request to airticket service with the token retrived from card.
4. Airticket service after receiving the signed and encrypted makeReservation request, sends the GetPseudonym message to the pseudonym service residing in smart card
5. GetPseudonymResponse is returned by the smartcard containg the attributes of the principal.
6. Similar steps happen for the CarRental service.

The demo basically depicts figure 6 of the IBM/Microsoft paper on federarion.

this is the new home for my blog...... i have been blogging since june 2004 at http://ksachdeva.blogspot.com but decided to buy a domain reflecting the domain I work in  . I will be posting interesting stuff on SmartCards technology & applications, WebServices security, Identity management etc etc.