Presentation is loading. Please wait.

Presentation is loading. Please wait.

Namespaces CPTE 433 John Beckett 1. Namespaces are not new Rev 2:17 He that hath an ear, let him hear what the Spirit saith unto the churches; To him.

Similar presentations


Presentation on theme: "Namespaces CPTE 433 John Beckett 1. Namespaces are not new Rev 2:17 He that hath an ear, let him hear what the Spirit saith unto the churches; To him."— Presentation transcript:

1 Namespaces CPTE 433 John Beckett 1

2 Namespaces are not new Rev 2:17 He that hath an ear, let him hear what the Spirit saith unto the churches; To him that overcometh will I give to eat of the hidden manna, and will give him a white stone, and in the stone a new name written, which no man knoweth saving he that receiveth [it]. 2

3 The Real War Namespaces address the issue of politics directly. The namespace controller controls the technical implementation politics. Thus: Whatever vendor provides your namespace engine is your primary software vendor. –Which is why Microsoft developed Active Directory. –Otherwise Novell would have owned networking! 3

4 Definition “Every multiuser operator operating system (OS) has a namespace that is the list of identifiers for users” Note the difference between: –Abstract concept of a namespace, e.g. People Files Hostname –Implementation by a specific OS 4

5 Namespace “Shape” Flat: No duplicate names allowed –WINS –UNIX –Most personal desktop/laptop OSs Fixed number of levels –HP 3000 (cheap to implement but inflexible) Hierarchical (Current practice) –Directory tree –Novell, Microsoft networking –“Distinguished name”: aka “fully-qualified” 5

6 Who Manages Namespace Small company: one person –Better have a backup person! Large corporation: Multiple users –Distribution along hierarchical lines –“Shared trust” among peers How does it connect with the formal organization? –Management –HR 6

7 Naming Policies What name shall be used? Formulaic (e.g. AcctWs14) Theme –Planets were popular for servers, but there are only so many planets Functional (secretary, admin, dns) No method (people pick what they want) People: Formulaic suggested but optional 7

8 Poor Example From p 228 Give servers names that are more difficult to type if you don’t want people to log into them. This is modified “security by obscurity” – almost always a bad idea. Better: Use permissions to control access. 8

9 Workstation Naming The name should be labeled on the front of the workstation… –Not on the CRT or keyboard (because they get switched around). –User probably calls it the “Hard Drive” Text prefers using peoples’ names –RFC 1178 disagrees. –Reason: workstations tend to be moved from person to person. –Does your naming plan support 20-minute replacement? 9

10 Protection Policy Questions: What kind of protection or security does this namespace require? What are you trying to protect the names from and why? Do the names in the space need to be protected, or just their attributes? Who can add, change, or delete entire records? Can the owner of a record change certain fields within the record? 10

11 Note: “…the complete list of IDs shouldn’t be exposed externally, because spammers will use the list for their mail bombing.” This is an entry point for phishing attacks Perhaps you should require at least two letters on any directory lookup, so the spammer will have to do 26*26 lookups instead of only 26 (if you require 1) or 1. (SAU requires 1). Feed directory lookup response in graphic form so they can’t “scrape” it. 11

12 Longevity Key here is a connection with whoever establishes relationships with the individuals (HR). Failing that, you may have automatic deactivation if the account is not used for a specified period. Non-profits are a special challenge because people aren’t done until they physically die –…and we might name something after them 12

13 Scope Diameter: How many Systems use the namespace –Applications, company divisions, geography –(“Radius” is an Authentication protocol) Thickness is how many Services use it. – name is used for Active Directory, NIS, Radius, db login, etc. Namespace How Many Services Use It How Many Systems Use It Systems: Known to people Services: Known to IT 13

14 Lucent’s “Handles” Single global namespace Encourage all systems to use handles –Or at least have a lookup system so a person can determine their identity on a specific system –Perhaps have a “handle: myid” syntax available Acquisitions: Company being acquired has to deal with collisions –Sorry, that’s part of being eaten by the bigger fish. You lost; they won. 14

15 Unix UID space Integer used to uniquely identify a user anywhere – including “this” machine. Bell Labs divided the space by department. As a result: Reorganizations rarely created collisions of UIDs. This solution lacks scalability. Temptation to “reorganize”. 15

16 Reuse / Change Policy How soon should a name be reusable after it is vacated? –Hopefully never – to avoid confusion. –How crowded is your namespace? How are you going to enforce that policy? What if somebody gets married? Thrice? Again, the key is connecting with whoever establishes the relationship. 16

17 Namespace Change Procedures Document procedures –Monitor compliance –Procedures may or may not be published This is an entry point for “social engineering” Centralize control –Structure is the key to control Distribute the work –Put the data entry as close to the facts as possible –Don’t give the keys to the inmantes 17

18 The Expanding Role of Namespaces Phase 1: Your namespace is created Phase 2: The namespace is recognized as a “lever” controlling the organization –You are custodian of the namespace Phase 3: The legitimate powers directly manipulate the namespace –You are placing control in the right places Legitimate power: power that comes from someone’s position in the organization 18

19 Claim Your Name Toll-free number Web address What’s next? Watching for typing aliases and hostiles 19


Download ppt "Namespaces CPTE 433 John Beckett 1. Namespaces are not new Rev 2:17 He that hath an ear, let him hear what the Spirit saith unto the churches; To him."

Similar presentations


Ads by Google