Presentation is loading. Please wait.

Presentation is loading. Please wait.

Yunling Wang VoIP Security COMS 4995 Nov 24, 2008 XCAP The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)

Similar presentations


Presentation on theme: "Yunling Wang VoIP Security COMS 4995 Nov 24, 2008 XCAP The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)"— Presentation transcript:

1 Yunling Wang yw2291@columbia.edu VoIP Security COMS 4995 Nov 24, 2008 XCAP The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)

2 Contents Motivation Resource list, presence state, presence authentication Application Usage URL Construction XCAP root, document/node selector Operation Create/fetch/delete Security Concerns 2

3 Motivation 3 Presentity Watcher Notify Subscribe Presence System

4 Motivation-Resource list 4 Presentity Presence list server Watcher Notify Subscribe Resource list XCAP Client XCAP Server Presence list server: manages multiple subscriptions to different presentities Resource list: keeps a list of presentities for presence list server XCAP: directly manipulates resource lists stored on presence list server

5 5 Presentity Event Sate Composer Presence Agent Watcher Event State Notify Subscribe Publish Composer: compose event state according to the presence information in PUBLISH Event state: keeps current presence state of the presentity XCAP: directly manipulates event state without constant refreshing publications XCAP Client XCAP Server Motivation-Presence State

6 Motivation -Presence Authentication 6 Presentity Event Sate Composer Presence Agent Watcher Presence Authentication Documentation Notify Subscribe Publish XCAP Client XCAP Server Presence Agent: manages multiple subscriptions from different watchers Presence Authentication Document: the authentication information for all the subscribers XCAP: directly manipulates event state without constant refreshing publications

7 What is XCAP? XCAP allows a client to read, write, and modify application configuration data stored in XML format on a server Normal HTTP primitives can be used to manipulate the data 7 Bob Jones

8 Application Usage Each application has its own Application Usage Define how the XCAP server can manipulate corresponding application documents Key components: AUID, XML Schema, data validation, resource interdependency, authorization policies 8

9 AUID Application Unique ID Unique Identifier for each application Two sub-namespaces IETF tree: IANA Registry Example: resource-lists, pidf-manipulation, pres-rules Vendor tree: prefixed with the reverse domain name of the organization meant to be used in lab environments where no central registry is needed Example: com.example.customer-list 9

10 Application Usage Protection Concerns Authorization policies Default: User can read & write their own data; User can only read global data Resource interdependency Operation of one element may affect other elements; especially cross-document affection Data Validation Uniqueness constraints, referential integrity 10

11 Background: XML Basics XML Document: to structure, store, and transport information XML element: everything from (including) the element's start tag to (including) the element's end tag. XML Attributes: specified in XML elements tags; provide additional information about elements. 11 Bob Jones

12 Background: XPath XPath = XML Addressing How to point to specific pieces of an XML document 12 resource-lists/list/entry/name Bob Jones

13 URI Construction Based on the Concept of XPath Example: XCAP root / Document Selector / Node Selector XCAP root Context in which all other resources exist "http://xcap.example.com" for domain "example.com " Document Selector "/resource-lists/users/sip:joe@example.com/index" Node Selector ~~/resource-lists/list%5b@name=%22l1%22%5d 13

14 The Hierarchy GET http://xcap.example.com/ resource-lists/users/hiroshi/doc1/ ~~/resource-lists/list/list/entry/name Bob Jones Hiroshi Aukia

15 Operations HTTP PUT Create or Replace a Document/Element/Attribute HTTP DELETE Delete a Document/Element/Attribute HTTP GET Fetch a Document/Element/Attribute 15

16 Example: Modify an Element PUT /pidf-manipulation/users /sip:someone@example.com/index/ ~~/presence/tuple%5b@id='x8eg92n'%5d/note HTTP/1.1 I'm sleeping HTTP/1.1 200 OK open auth-1 mailto:someone@example.com I'm reading mail open auth-1 mailto:someone@example.com I'm sleeping index

17 Conditional Operation Conflicts occur with simultaneous multiple modifications Use etag: A version control When one resource changes, all resources in the same documents get the same new etag Client: contain previously known etag in the If- Match header field of request Server: return new etag in response on success 17

18 Security Considerations Data manipulated by XCAP often contains sensitive information Using HTTP port: 80 – Hard to apply port-based filtering 18

19 Solutions Connection over TLS HTTP Digest Authentication URL-analysis-based traffic filtering The presence of the double tilde (~~) is a strong hint that the URL points to an XML element or attribute Authorization policies in Application Usage 19

20 Summary Access configuration documents on server: Presence system Maps XML documents and document components into HTTP URIs HTTP primitives can be used to directly manipulate the data 20

21 References http://tools.ietf.org/html/rfc4825 http://tools.ietf.org/html/rfc5025 http://tools.ietf.org/html/rfc4827 http://tools.ietf.org/html/rfc4826 http://www.jdrosen.net/simple_acap.html http://tools.ietf.org/html/rfc3903 http://tools.ietf.org/html/rfc2778 http://openxcap.org/ http://www.w3schools.com/Xml/xml_attributes.asp 21


Download ppt "Yunling Wang VoIP Security COMS 4995 Nov 24, 2008 XCAP The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)"

Similar presentations


Ads by Google