8,924 research outputs found
Samba Openldap: An Evolution And Insight
Directory services facilitate access to information
organized under a variety of frameworks and applications. The
Lightweight Directory Access Protocol is a promising technology
that provides access to directory information using a data
structure similar to that of the X.500 protocol. IBM Tivoli,
Novell, Sun, Oracle, Microsoft, and many other vendor features
LDAP-based implementations. The technology’s increasing
popularity is due both to its flexibility and its compatibility with
existing applications. A directory service is a searchable
database repository that lets authorized users and services find
information related to people, computers, network devices, and
applications. Given the increasing need for information —
particularly over the Internet — directory popularity has grown
over the last decade and is now a common choice for distributed
applications. Lightweight Directory Access Protocol (LDAP)
accommodates the need of high level of security, single sign-on,
and centralized user management. This protocol offers security
services and integrated directory with capability of storage
management user information in a directory. Therefore at the
same time the user can determine application, service, server to
be accessed, and user privileges. It is necessary to realize files
sharing between different operating systems in local area
network. Samba software package, as the bridge across Windows
and Linux, can help us resolve the problem. In this paper, we try
to explore previous literature on this topic and also consider
current authors work then come out with our views on the
subject matter of discussion based on our understanding
Internet X.509 Public Key Infrastructure Operational Protocols -- LDAPv3
This document describes the features of the Lightweight Directory Access Protocol v3 that are needed in order to support a public key infrastructure based on X.509 certificates and CRLs
LPKI - A Lightweight Public Key Infrastructure for the Mobile Environments
The non-repudiation as an essential requirement of many applications can be
provided by the asymmetric key model. With the evolution of new applications
such as mobile commerce, it is essential to provide secure and efficient
solutions for the mobile environments. The traditional public key cryptography
involves huge computational costs and is not so suitable for the
resource-constrained platforms. The elliptic curve-based approaches as the
newer solutions require certain considerations that are not taken into account
in the traditional public key infrastructures. The main contribution of this
paper is to introduce a Lightweight Public Key Infrastructure (LPKI) for the
constrained platforms such as mobile phones. It takes advantages of elliptic
curve cryptography and signcryption to decrease the computational costs and
communication overheads, and adapting to the constraints. All the computational
costs of required validations can be eliminated from end-entities by
introduction of a validation authority to the introduced infrastructure and
delegating validations to such a component. LPKI is so suitable for mobile
environments and for applications such as mobile commerce where the security is
the great concern.Comment: 6 Pages, 6 Figure
Authorization Framework for the Internet-of-Things
This paper describes a framework that allows fine-grained
and flexible access control to connected devices with very
limited processing power and memory.
We propose a set of security and performance requirements
for this setting and derive an authorization framework distributing
processing costs between constrained devices and less constrained back-end servers while keeping message exchanges
with the constrained devices at a minimum.
As a proof of concept we present performance results from
a prototype implementing the device part of the framework
Delivering Live Multimedia Streams to Mobile Hosts in a Wireless Internet with Multiple Content Aggregators
We consider the distribution of channels of live multimedia content (e.g., radio or TV broadcasts) via multiple content aggregators. In our work, an aggregator receives channels from content sources and redistributes them to a potentially large number of mobile hosts. Each aggregator can offer a channel in various configurations to cater for different wireless links, mobile hosts, and user preferences. As a result, a mobile host can generally choose from different configurations of the same channel offered by multiple alternative aggregators, which may be available through different interfaces (e.g., in a hotspot). A mobile host may need to handoff to another aggregator once it receives a channel. To prevent service disruption, a mobile host may for instance need to handoff to another aggregator when it leaves the subnets that make up its current aggregator�s service area (e.g., a hotspot or a cellular network).\ud
In this paper, we present the design of a system that enables (multi-homed) mobile hosts to seamlessly handoff from one aggregator to another so that they can continue to receive a channel wherever they go. We concentrate on handoffs between aggregators as a result of a mobile host crossing a subnet boundary. As part of the system, we discuss a lightweight application-level protocol that enables mobile hosts to select the aggregator that provides the �best� configuration of a channel. The protocol comes into play when a mobile host begins to receive a channel and when it crosses a subnet boundary while receiving the channel. We show how our protocol can be implemented using the standard IETF session control and description protocols SIP and SDP. The implementation combines SIP and SDP�s offer-answer model in a novel way
Enabling the Internet White Pages Service -- the Directory Guardian
The Internet White Pages Service (IWPS) has been slow
to materialise for many reasons. One of them is the
security concerns that organisations have, over allowing
the public to gain access to either their Intranet or their
directory database. The Directory Guardian is a firewall
application proxy for X.500 and LDAP protocols that is
designed to alleviate these fears. Sitting in the firewall
system, it filters directory protocol messages passing into
and out of the Intranet, allowing security administrators
to carefully control the amount of directory information
that is released to the outside world. This paper describes
the design of our Guardian system, and shows how
relatively easy it is to configure its filtering capabilities.
Finally the paper describes the working demonstration of
the Guardian that was built for the 1997 World
Electronic Messaging Association directory challenge.
This linked the WEMA directory to the NameFLOWParadise
Internet directory, and demonstrated some of
the powerful filtering capabilities of the Guardian
Integration of heterogeneous devices and communication models via the cloud in the constrained internet of things
As the Internet of Things continues to expand in the coming years, the need for services that span multiple IoT application domains will continue to increase in order to realize the efficiency gains promised by the IoT. Today, however, service developers looking to add value on top of existing IoT systems are faced with very heterogeneous devices and systems. These systems implement a wide variety of network connectivity options, protocols (proprietary or standards-based), and communication methods all of which are unknown to a service developer that is new to the IoT. Even within one IoT standard, a device typically has multiple options for communicating with others. In order to alleviate service developers from these concerns, this paper presents a cloud-based platform for integrating heterogeneous constrained IoT devices and communication models into services. Our evaluation shows that the impact of our approach on the operation of constrained devices is minimal while providing a tangible benefit in service integration of low-resource IoT devices. A proof of concept demonstrates the latter by means of a control and management dashboard for constrained devices that was implemented on top of the presented platform. The results of our work enable service developers to more easily implement and deploy services that span a wide variety of IoT application domains
Leveraging upon standards to build the Internet of things
Smart embedded objects will become an important part of what is called the Internet of Things. However, the integration of embedded devices into the Internet introduces several challenges, since many of the existing Internet technologies and protocols were not designed for this class of devices. In the past few years, there were many efforts to enable the extension of Internet technologies to constrained devices. Initially, this resulted in proprietary protocols and architectures. Later, the integration of constrained devices into the Internet was embraced by IETF, moving towards standardized IP-based protocols. Long time, most efforts were focusing on the networking layer. More recently, the IETF CoRE working group started working on an embedded counterpart of HTTP, allowing the integration of constrained devices into existing service networks. In this paper, we will briefly review the history of integrating constrained devices into the Internet, with a prime focus on the IETF standardization work in the ROLL and CoRE working groups. This is further complemented with some research results that illustrate how these novel technologies can be extended or used to tackle other problems.The research leading to these results has received funding from the
European Union's Seventh Framework Programme (FP7/2
007-2013) under
grant agreement n°258885 (SPITFIRE project), from the iMinds ICON projects
GreenWeCan and O’CareCloudS, and a VLI
R PhD scholarship to Isam Ishaq
- …