Kapil Sachdeva's Blog - SmartCard Serenity

Its been on mind for some days to express my gratitude to guys (teams) who make the most wonderful developement environment on planet. In college I used to program primarily in Visual Studio 6.0 with MFC, ATL etc and never saw the importance of IDE until I switched to Java when I started working on JavaCards at Schlumberger (now Axalto Inc). I simply loved Java. Its a revolutionary language and paved the way to another great technology (.NET) & fantastic language C# ...... (pioneers should be given there respect).

Anyways, things were okay with Java but what I missed always was an IDE, I think I tried almost all the IDEs .... from Borland, to disgusting Forte (from SUN) , Visual Cafe, JCreator, Eclipse but none come close to VS.NET.

Forte was the worst with zillions of windows. I think I liked Visual Cafe the most. I loved the simplicty of JCreator and admired its creator for making the IDE in C++ than in Java as most Java-IDE developers do. They simply do not understand Java is not a language to make IDEs.

I recently used Eclipse, for an open source effort its a great IDE but again once you have been charmed by Visual Studio it get tough to be pleased by others.

With Visual studio.NET my love story began when we started our .NET SmartCard effort in 2002 and since then its tough to imagine life with out it. Lot of thanks to VS teams at MSFT for such great IDE.

SAML is a :

• XML Framework for defining tokens / assertions
• Protocol Binding framework
• Solution for SSO

With these questions in mind I started wondering if SAML provides everything then what does Liberty do. I asked this question in OASIS SSTC newsgroup and got some good explanation which I am posting here also.

Below is the answer from Conor P. Cahill from AOL who actively participates/contributes in SAML group.

---------

SAML1.1 does provide a framework upon which you can build a fully operational, privacy aware SSO environment.  This is, in fact, what Liberty did.  Liberty added functionality in the areas of:

• Identity Federation Protocols (how 2 parties agree on an identity handle for the user)
  
• Single Logout Protocols
• Privacy protection
• Authentication Context
• Metadata distribution
• Authentication request extensions
  
• IDP location (Common domain cookie)
• Enabled Client/Proxy
  
• Identity Affiliations
  

Liberty subsequently contributed their work back into the SSTC and the SSTC has incorporated it into the SAML 2.0 work that is currently in progress.   People who understand or have implemented Liberty ID-FF, will feel right at home with SAML 2.0.

-----------

Complete discussion can be found here.

In 1998 when Schlumberger Smart Card Systems (now Axalto, Inc) introduced JavaCards, application development for smart cards saw a revolutionary change. Being able to program in high level object oriented language not only speeded up the application development but bring interoperability of applications with other card manufacturers. JavaCards are/were definitely a mile stone in SmartCard evolution.

Though JavaCards brought Java to SmartCards application model remained essentially the same i.e based on IS07816-4 commuication concepts (commonly known as APDUs). A developer of on-card and off-card applications need to be an expert of this constrained APDU protocol.

With .NET SmartCard we introduce a new Smart Card running a CLR, pure subset of ECMA framework libraries and state-of-art SmartCard operating system. This time we did not want to invent something new as far as appication frameworks are concerned as it not only make developers learn new apis but does not fit in existing off-card frameworks.

Here I am describing our communication framework and will blog other exciting feaures in coming days.

Application model for .NET SmartCard applications (or better call them services) is subset of .NET Remoting framework with transport channel based on IS07816-4 protocol for smart cards. The framework hides all the details of underlying transport protocol from developer. Lets look at the snippet of simple on-card application:

public class MySmartService : MarshalByRefObject{

      public static void Main(){
         APDUServerChannel channel = new APDUServerChannel(0x12);
         ChannelServices.RegisterChannel(channel);
         RemotingConfiguration.RegisterWellKnownServiceType(typeof(MySmartService), “MyService.rem“,  WellKnownObjectMode.Singleton);
      }

      public string SayHello(string name){
         return "Hello " + name;
      }
}

As you can see, other than Transport channel there is no difference between on-card & off-card remoting services.

Real benefit of this application model is encashed when we write client application where again only transport channel needs to be changed.

public class MyClient{

     public static void Main(){
          APUDClientChannel channel = new APDUClientChannel();
          ChannelServices.RegisterChannel(channel);

         MySmartService serv = (MySmartService)Activator.GetObject(typeof(MySmartService), "apdu:\\selfDiscover:na:0x12\MyService.rem");

         Console.WriteLine(serv.SayHello("Mr. Bill gates"));

    }

}

On-card Remoting framework is extensible also as you can write custom sinks.

Sometime back I also wrote a version of SoapChannel (ala WSE2.0 Custom transport channels) which provide seamless connectivity to .NET SmartCard Services from WebServices based on WSE2.0 application framework. Will do a writeup on this later.

Side-by-Side execution is a great facility but if shared assembly (assembly in GAC) developers maintain backward compatability configuring the publisher's policy for shared assemblies make .NET Rock.

There are basically 2 ways to configure your shared assembly -

• Use the SnapIn [AdministrativeTools\Microsoft .NET Framework 1.1 Configuration]
• Use the policy assembly.

The SnapIn is really fast, neat and less-error prone way to do but in most practical situations not usable.

To configure via SnapIn, right click on Configured assemblies node in the left pane, select 'Add' menu option. After this configuration is intuitive.

Using policy assembly is the way mostly every shared assembly developer will use as it is just to be installed in GAC and then its upto the CLR to do the magic of assembly binding.

Steps for creation of the assembly are :

• Create a policy file
• Put the above created policy file in assembly using al
• Install the above created assembly in GAC.

Here is the snippet for sample policy file which says that CLR should bind the host application reference to version 1.1.0.0 instead of 1.0.0.0

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<runtime>
     <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
        <dependentAssembly>
            <assemblyIdentity name="LibInGac" publicKeyToken="5bb6adc75ec4790c" culture="neutral" />
        <bindingRedirect oldVersion="1.0.0.0" newVersion="1.1.0.0"/>
         </dependentAssembly>
    </assemblyBinding>
</runtime>
</configuration>

Now run the al with the following command line :

al /link:LibInGac.dll.config /out:policy.1.0.LibInGac.dll /keyfile:mysnk.snk /version:1.1.0.0

Important thing here is to get the above command line correct.

1. /link:name_of_file.config
2. /out:policy.MajorVersionOfOldAssembly.MinorVersionOfOldAssembly.OriginalAssemblyName.dll
3. /keyfile:key_pair_file
4. /version:Version_for_policy_file

/version is an important option as you may want to override your previous policy assembly. CLR will look into the policy assembly with greater version number.

/Key_pair_file should be the same key-pair with which assembly being accessed (here LibInGac) was signed.

/out:policy.MajorVersion.MinorVersion.AssemblyName.dll

I was looking at GDN quick start sample and found out after hit-n-trial that options provided to 'al' are wrong. Also MSDN does not specify major version and minor version are that of original assembly or new assembly.

http://www.mindtree.com/ping_me.html

MindTree, a great consulting firm based in Banglore,India is running this seminar where lectures will be delivered by its founder & COO, Surbroto Bagchi. The first one in the series is posted at the site. Title of this lecture is : 9 Key Factors behind a successful technical career.

The lecture is really good and must say I did learn from the experience and guidance of Mr. Surbroto and specially loved the notion of Followership which I must say I have never heard before (although have followed it time and again :) ).

Regards to Mr. Surbroto Bagchi and thanks to MindTree for such a great effort.

I had been avoiding to look into details of Relax NG thinking it to be just another schema proposal until saw some good posts from Tim Ewald and Aaron Skonnard. A good introduction of RelaxNG can be found here at http://relaxng.org but the articles (1, 2, 3) which really throw an insight as far as comparisons are concerned are ones from David Mertz at IBM developerWorks. I found part 1 & part 2 very interesting. David provides the code fragments to assert the differences and way both (RelaxNG & XSD) express the same XML instance.

RelaxNG syntax is definitely way simpler than XSD & provide uniformity in describing elements and attributes. I would definitely agree with its creators when they say you need 30 minutes to understand it.

David mentioned a valid case where XSD scores is that of specifying number of occurrences of elements. RelaxNG is limited to <zeroOrMore>, <OneOrMore>  & <optional> where as XSD can use any range for cardinality. In part 2, David mention about infoset augmentation, siting an example of how in DTD and XSD, default values are inserted in XML instance and James Clark thinks it to be a bug in DTD and XSD specifications rather than a feature. RelaxNG does not support infoset augmentation. Well, in my opinion its definitely a feature and do not buy the argument of consequences of schema document being not available because of network. Network argument can be used on all parts of schema documents.

Except for 2 features described above (cardinality & infoset augmentation) RelaxNG is better than XSD in almost all ways for eg. Uniform treatment for Elements & attributes, modular & extensible data type system etc

Transactions and roll back of data form the core feature of smartcards. These features implied that if tearing or exception occurs during execution of method which was under a transaction then all the modifications made to the application data are discarded or contents should be rolled back to old values. This is all good and fine but sometimes need arise when you would want a particular method to be under transaction & some field/value to be updated irrespective of the fact that tearing occurred or not. The one famous example is that of PIN verification and try counter. PIN verification is under transaction and since this method plays with the try counter decrementation you want that try counter updates to be out of transaction else if card is pulled out during PIN verification, try counter won't decrement and thereby giving the hacker infinite chances to break your card. Mostly (I hope it should be the implementation in other vendor cards) PIN specific libraries take care of this.

In .NET SmartCard we expose this feature ie Out of Transaction counters as an API as we feel that there would be many places where such kind of counters will be required. The class is called TryCounter and have a look at its usage.

public class MyClass
{
  // counter which should be out of
  // transaction
  TryCounter _myOutOfTranCounter;

  MyClass(){
     // 0 here is the initial value
     _myOutOfTranCounter = new TryCounter(0);
  }

  // MyMethod which is under transaction
  [Transaction]
  void MyMethod(int paramA,int paramB){

    // Update the counter reflecting how
    // many times i am called whether or
    // not tearing occurs during execution
    myOutOfTranCounter.Value++;

  }
}

Other methods/properties available in this class are :

Reset() : Reset the counter value to the initial value (value specified as param to the TryCounter ctor).

InitialValue [property] : Get or Set the initial value of the TryCounter.

SCTP is a new alternative to TCP, a protocol which is a backbone of today's internet. Very much like TCP itself, SCTP has some features which make it to be an ideal candidate for networking stacks in making.

Similar to TCP, SCTP has following features

1. Connection Oriented
2. Full Duplex
3. Reliable data transfer

The extra functionalities that SCTP bring are very interesting. TCP does an ordered data delivery meaning every data is recieved in same order as was sent, however this comes with a price. Say if the first data packet does not arrive then other packets in the sequence have to be either hold up or discarded. This is called “Head of Line Blocking problem”. SCTP is designed to addess this need and it solves it in 2 ways.

1. Un-ordered Messages
2. Muti streaming

Un-ordered messages you can easily see is a feature of UDP. SCTP provides an option for marking the transmission as ordered or un-ordered.

Multi-streaming : Actually name of SCTP - Stream Control Transmission protocol is derived because of this feature. This means that data can be partitioned into multiple streams that have the property of independently sequenced delivery within that stream and not delivery in other streams. Just to mention it, TCP is a single byte stream based protocol. An excellent example of multi-streaming is that delivery of multimedia documents. Since they consists of different objects, each object can be transported in its own stream. The same can be achieved by TCP by opening several connections (one per stream) which would lead to additional overhead. SCTP does it in one association.

One of the core features that SCTP has is called Multi-homing. This means that each of the 2 endpoints during SCTP association setup can specify multiple points of attachment. Having multiple interfaces allow data to be automatically sent to alternate addresses when failure occur and important part here is that it happens without application ever knowing low level failure.Such fault tolerance is not available in TCP, which binds each endpoint to a single interface.

RFCs for SCTP and general information can be found at : http://www.sctp.org

Download WSE 2.0 SP1 from MSDN.

Hervey mentions the change log here

Its bit hard for me to digest that IBM being the WS-Federation standard founder went for a deal with France telecom (one of the founders of Liberty alliance) to conform to Libery standard for identity federation. Not to mention that Libery group members must also be in uncomfortable position as IBM being competitor in the authoring the federation standards.

Read more about the contract here.

At Burton catalyst last week to whomsoever I talked about the religious war between libery and WS-Federation every body has an opinion that they should merge. Most of them were looking to support both though.

.NET SmartCard will be supporting both the standards but definitely its a pain for vendors.

Last week at Microsoft Hospitality suite in Burton Catalyst conference I showed a demo showing the roles smartcards could play in Webservices security & federation. Demo comprised of 2 webservices - AirTicketService & CarRentalService, a company portal (TravelPortal)  and .NET SmartCard hosting Security Token Service (STS) , Pseudonym Service.  Also used was my WS-Federation implementation from Plumbwork workspace at GDN.

Objectives of the demo were :

• .NET SmartCard as a server hosting STS and Pseudonym service.
• Seamless integration of .NET SmartCard with WSE 2.0.

Following were the steps of the demo :

1. User goes to the company Travel portal and presents the pin to authenticate to the smartcard.
2. Travel portal on successful authentication to the card send RST (Request Security Token message) to STS residing in smartcard to get the token for AirTicketService. I used a custom token with has a symmetric key encrypted with public key of the requestor.
3. Travel portal then signs and encrypt the request to airticket service with the token retrived from card.
4. Airticket service after receiving the signed and encrypted makeReservation request, sends the GetPseudonym message to the pseudonym service residing in smart card
5. GetPseudonymResponse is returned by the smartcard containg the attributes of the principal.
6. Similar steps happen for the CarRental service.

The demo basically depicts figure 6 of the IBM/Microsoft paper on federarion.

this is the new home for my blog...... i have been blogging since june 2004 at http://ksachdeva.blogspot.com but decided to buy a domain reflecting the domain I work in  . I will be posting interesting stuff on SmartCards technology & applications, WebServices security, Identity management etc etc.