Presentation is loading. Please wait.

Presentation is loading. Please wait.

Yunling Wang VoIP Security COMS 4995 Nov 24, 2008 XCAP The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)

Published byGreta Yarde Modified over 10 years ago

Similar presentations

Presentation on theme: "Yunling Wang VoIP Security COMS 4995 Nov 24, 2008 XCAP The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)"— Presentation transcript:

1 Yunling Wang yw2291@columbia.edu VoIP Security COMS 4995 Nov 24, 2008 XCAP The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)

2 Contents Motivation Resource list, presence state, presence authentication Application Usage URL Construction XCAP root, document/node selector Operation Create/fetch/delete Security Concerns 2

3 Motivation 3 Presentity Watcher Notify Subscribe Presence System

4 Motivation-Resource list 4 Presentity Presence list server Watcher Notify Subscribe Resource list XCAP Client XCAP Server Presence list server: manages multiple subscriptions to different presentities Resource list: keeps a list of presentities for presence list server XCAP: directly manipulates resource lists stored on presence list server

5 5 Presentity Event Sate Composer Presence Agent Watcher Event State Notify Subscribe Publish Composer: compose event state according to the presence information in PUBLISH Event state: keeps current presence state of the presentity XCAP: directly manipulates event state without constant refreshing publications XCAP Client XCAP Server Motivation-Presence State

6 Motivation -Presence Authentication 6 Presentity Event Sate Composer Presence Agent Watcher Presence Authentication Documentation Notify Subscribe Publish XCAP Client XCAP Server Presence Agent: manages multiple subscriptions from different watchers Presence Authentication Document: the authentication information for all the subscribers XCAP: directly manipulates event state without constant refreshing publications

7 What is XCAP? XCAP allows a client to read, write, and modify application configuration data stored in XML format on a server Normal HTTP primitives can be used to manipulate the data 7 Bob Jones

8 Application Usage Each application has its own Application Usage Define how the XCAP server can manipulate corresponding application documents Key components: AUID, XML Schema, data validation, resource interdependency, authorization policies 8

9 AUID Application Unique ID Unique Identifier for each application Two sub-namespaces IETF tree: IANA Registry Example: resource-lists, pidf-manipulation, pres-rules Vendor tree: prefixed with the reverse domain name of the organization meant to be used in lab environments where no central registry is needed Example: com.example.customer-list 9

10 Application Usage Protection Concerns Authorization policies Default: User can read & write their own data; User can only read global data Resource interdependency Operation of one element may affect other elements; especially cross-document affection Data Validation Uniqueness constraints, referential integrity 10

11 Background: XML Basics XML Document: to structure, store, and transport information XML element: everything from (including) the element's start tag to (including) the element's end tag. XML Attributes: specified in XML elements tags; provide additional information about elements. 11 <entry uri="sip:bob@example.com"> Bob Jones

12 Background: XPath XPath = XML Addressing How to point to specific pieces of an XML document 12 resource-lists/list/entry/name Bob Jones

13 URI Construction Based on the Concept of XPath Example: XCAP root / Document Selector / Node Selector XCAP root Context in which all other resources exist "http://xcap.example.com" for domain "example.com " Document Selector "/resource-lists/users/sip:joe@example.com/index" Node Selector ~~/resource-lists/list%5b@name=%22l1%22%5d 13

14 The Hierarchy GET http://xcap.example.com/ resource-lists/users/hiroshi/doc1/ ~~/resource-lists/list/list/entry/name Bob Jones Hiroshi Aukia

15 Operations HTTP PUT Create or Replace a Document/Element/Attribute HTTP DELETE Delete a Document/Element/Attribute HTTP GET Fetch a Document/Element/Attribute 15

16 Example: Modify an Element PUT /pidf-manipulation/users /sip:someone@example.com/index/ ~~/presence/tuple%5b@id='x8eg92n'%5d/note HTTP/1.1 I'm sleeping HTTP/1.1 200 OK open auth-1 mailto:someone@example.com I'm reading mail open auth-1 mailto:someone@example.com I'm sleeping index

17 Conditional Operation Conflicts occur with simultaneous multiple modifications Use etag: A version control When one resource changes, all resources in the same documents get the same new etag Client: contain previously known etag in the If- Match header field of request Server: return new etag in response on success 17

18 Security Considerations Data manipulated by XCAP often contains sensitive information Using HTTP port: 80 – Hard to apply port-based filtering 18

19 Solutions Connection over TLS HTTP Digest Authentication URL-analysis-based traffic filtering The presence of the double tilde (~~) is a strong hint that the URL points to an XML element or attribute Authorization policies in Application Usage 19

20 Summary Access configuration documents on server: Presence system Maps XML documents and document components into HTTP URIs HTTP primitives can be used to directly manipulate the data 20

21 References http://tools.ietf.org/html/rfc4825 http://tools.ietf.org/html/rfc5025 http://tools.ietf.org/html/rfc4827 http://tools.ietf.org/html/rfc4826 http://www.jdrosen.net/simple_acap.html http://tools.ietf.org/html/rfc3903 http://tools.ietf.org/html/rfc2778 http://openxcap.org/ http://www.w3schools.com/Xml/xml_attributes.asp 21

Download ppt "Yunling Wang VoIP Security COMS 4995 Nov 24, 2008 XCAP The Extensible Markup Language (XML) Configuration Access Protocol (XCAP)"

Similar presentations

Chungnam National University DataBase System Lab. 2014 1 4 2014 1 4 2014 1 4 2014 1 4 2014 1 4 2014 1 4 2014.

Chungnam National University DataBase System Lab
Copyright © 2003 Pearson Education, Inc. Slide 7-1 Created by Cheryl M. Hughes, Harvard University Extension School Cambridge, MA The Web Wizards Guide.

Copyright © 2003 Pearson Education, Inc. Slide 7-1 Created by Cheryl M. Hughes, Harvard University Extension School Cambridge, MA The Web Wizards Guide.
Copyright © 2003 Pearson Education, Inc. Slide 3-1 Created by Cheryl M. Hughes The Web Wizards Guide to XML by Cheryl M. Hughes.

Copyright © 2003 Pearson Education, Inc. Slide 3-1 Created by Cheryl M. Hughes The Web Wizards Guide to XML by Cheryl M. Hughes.
Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 10 Servlets and Java Server Pages.

Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 10 Servlets and Java Server Pages.
Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 9 Using Perl for CGI Programming.

Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 9 Using Perl for CGI Programming.
SIP, Presence and Instant Messaging

SIP, Presence and Instant Messaging
Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
SIP and Instant Messaging. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.

SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.
SIMPLE Open Issues Jonathan Rosenberg dynamicsoft IETF 52.

SIMPLE Open Issues Jonathan Rosenberg dynamicsoft IETF 52.
XCAP Tutorial Jonathan Rosenberg.

XCAP Tutorial Jonathan Rosenberg.
2000-08-01Delivery Methods forIPP Event Notifications 1 Internet Printing Protocol (IPP) Delivery Methods for IPP Event Notifications.

Delivery Methods forIPP Event Notifications 1 Internet Printing Protocol (IPP) Delivery Methods for IPP Event Notifications.
What's a Proxy Printer Provider? PWG WIMS-CIM Working Group Rick Landau Dell, CTO Office 2008/08/08 v0.2.

What's a Proxy Printer Provider? PWG WIMS-CIM Working Group Rick Landau Dell, CTO Office 2008/08/08 v0.2.
Relational data integrity

Relational data integrity
UKOLN, University of Bath

UKOLN, University of Bath
22-Sep-06 CS6795 Semantic Web Techniques 0 Extensible Markup Language.

22-Sep-06 CS6795 Semantic Web Techniques 0 Extensible Markup Language.
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
4. Internet Programming ENG224 INFORMATION TECHNOLOGY – Part I

4. Internet Programming ENG224 INFORMATION TECHNOLOGY – Part I
Overview Environment for Internet database connectivity

Overview Environment for Internet database connectivity
INTERNET PROTOCOLS Class 9 CSCI 6433 David C. Roberts Entire contents copyright 2011, David C. Roberts, all rights reserved.

INTERNET PROTOCOLS Class 9 CSCI 6433 David C. Roberts Entire contents copyright 2011, David C. Roberts, all rights reserved.
Representational State Transfer (REST): Representing Information in Web 2.0 Applications this is the presentation Emilio F Zegarra CS 2650.

Representational State Transfer (REST): Representing Information in Web 2.0 Applications this is the presentation Emilio F Zegarra CS 2650.

Similar presentations

Ads by Google