DOCSLIB.ORG

Web Services Security Using SOAP, \Rysdl and UDDI

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Web Services Security Using SOAP, \Rysdl and UDDI Web Services Security Using SOAP, \rySDL and UDDI by Lin Yan A Thesis Submitted to the Faculty of Graduate Studies in Partial Fulfillment of the Requirements for the Degtee of MASTER OF SCIENCE Department of Electrical and Computer Engineering University of Manitoba Winnipeg, Manitoba, Canada @ Lin Yan, 2006 THE I]NTVERSITY OF MANITOBA FACULTY OF GRÄDUATE STUDIES COPYRIGHT PERMISSION Web Services Security Using SOAP, WSDL and IJDDI BY Lin Yan A Thesis/Practicum submitted to the Faculty ofGraduate Studies ofThe University of Manitoba in partial fulfillment of the requirement of the degree OF MASTER OF SCIENCE Lin Yan @ 2006 Permission has been granted to the Library ofthe University of Manitoba to lend or sell copies of this thesis/practicum' to the National Library of Canada to microfilm this thesis and to lend or sell copies of the film, and to University Microfitms Inc, to publish an abstract of this thesis/practicum, This reproduction or copy ofthis thesis has been made available by authority ofthe copyright orvner solely for the purpose of private study and research, and may only be reproduced and copied as permitted by copyright laws or with express rvritten authorization from the copyright owner. ABSTRACT The Internet is beginning to change the way businesses operate. Companies are using the Web for selling products, to find suppliers or trading partners, and to link existing applications to other applications. With the rise of today's e-business and e-commerce systems, web services are rapidly becoming the enabling technology to meet the need of commerce. However, they are not without problems. While Web services are designed to pass through firewalls and have the capability to access Application Program Interfaces (APIs), they also come with security issues. ln this thesis, I present a viable approach for securing Web services. This approach adopts the Entrust/PKI (Public Key Infrashucture) and PKCS#7 cryptographic message syntax standard. This approach offers the capability to restrict access to an XML Web service to authorized users, and to protect the integrity and confidentiality of XML messages exchanged in a Web se¡vice environment. I make some comparison of this approaclr with existing standards and technologies for Web services security. Finally, a prototype based on the service-oriented architecture (SOA) is developed to validate the performance and effectiveness ofthe proposed approach. lyeb Setnices Secur¡ly, @ Lin Yon 2006 ACKNOWLEDGEMENTS I would like acknowledge foremost the constructive guidance of my advisor, Dr. Robert D. Mcleod. Without his patience, knowledge and encouragement, thìs thesis could not have been completed. Also, I would like to thank my father for his love, suppoñ, and encouragement in my life. Without his contribution for taking care of my son during the period of my graduate studies, it would be impossible for me to have completed my graduate study program. Last but not least, I am grateful to Tao Wang, my husband, and Shi Yan, our son, whose support and understanding was also vital to the completion of my thesis. ll/eb Services Security, @ Lin )'an 2006 TABLE OF CONTENTS Approval Form Abstract .......... i Acknowledgements ................... i i Table ofContents ......... ..........iii List ofFigures ... ....................iii Figure 1-l Web Services Architecture ................4 Figure 2-l IBM and Microsoft Web Se¡vices security specifications . .3 5 Figure3-l 3-tier Design in Credit Card Web Service .. ............ .......40 Figure 3-2 Credit Card Checking Scenario Use Case Diagram ..... ......43 Figure 3-3 Entrust/PKl core components and their relationships ... ... ... ... .. ..... ... ......44 Figure3-4Encryption/DecryptionSequenceDiagram..........................................50 Figure4-l Business Entity in UDDI ...................62 Figure 4-2 Details ofa Business ....... ................63 Figure 4-3 Details ofa Service ............ ..............64 Figure 4-4 UDDI Find Interface ... ............... .............................65 Figure 5-l Entrust/Toolkit for Java Basic Architecture ............ ........70 Figure 5-2 Logic flow of Credit Card Web Service in WebSphere Studio ...... ...............75 Figure 5-3 Web services security standards work together .. .. ... ... .....85 Chapter I Introduction . I l.l The Internet . 1 ll/eb Services Security, @ Lin |'an 2006 llt 1.2 Web Services ...... .. .. ... .....2 1.3 Associated Web Services Standards .................4 l.3.lExtensibleMarkupLanguage-XML.............. ............4 L3.2 Simple Object Access Protocol- SOAP .......................8 1.3.3 Web Services Description Language - WSDL .....................................8 L3.4 Universal Description, Discovery and Integration - UDDI .......................9 1.4 Motivations and Objectives ...........................9 Summary ..............................1I Chapter 2 Technologies for Web Services Security ... ... ... .. ..............12 2.1 Public Key Infrastructure - PKI... ... ...... ..........12 2.1.1 Security through cryptography.................. .. ..............12 2.1.2 Certificates ............15 2.1.3 Certification Authority ............................15 2.1.4 Public Key Inflastructure ... ... ............. ....................15 2.2XML Signature ...................17 2.2.1 XML Signature Overview ................17 2.2.2 XML Signature Structure .................18 2.2.3 XML Signature Generation ............... ....................20 2.2.4 XML Signature Validation ...............21 2.3 XML Encryption ................. .....................21 2.3.1 XML Encryption Overview ..............21 2.3.2 XMLBncryption Structure ..............22 2.3.3 XML Encryption Types .................23 Iyeb Sen ices Secur'¡ty, @ Lin Yan 2006 lv 2.3.4 Encrypting an XML element, example ........... ...........23 2.3.5 Encryption Steps ...... ........ ...............25 2.3.6 Decryption Steps .............. ............26 2.4 XML Key Management Specification - XKMS .........................27 2.4.1XKMS Overview ............................27 2.4.2XMLKeylnformationServiceSpecification...................................27 2.4.3XMLKeyRegistrationServiceSpecification...................................31 2.5 WS-Security ...... ..............33 2.5.1 WS-Security Overview ..................33 2.5.2 lBM/Microsoft Web Services Security Road Map ..............................33 2.5.3 WS-Security Elements and Attributes ...........................35 Summary......... ..................3 8 Chapter3CreditCardWebServiceA¡chitecture.....................,.........................39 3.l The Client/Server Model and 3-tier Architecture .............-.......39 3.2 The 3{ier Architecture in Credit Card 'üy'eb Service .................40 3.3 UseCaseAnalysis ............... ...................42 3.4 Entrust PKI ....................44 3.4.1 Entrust PKI A¡chitecture ...............44 3.4.2 Entrust PKI User Roles ........ ........46 3.5 PKCS #7: Cryptographic Message Syntax Standard ................47 3.5.1 Overview ...........47 3.5.2 Encryption and Decryption Sequence ......................48 Summary ......... ..................51 Ileb Services Security, @ Lik yan 2006 Chapter 4 Building Credit Card Web Service using SOAP, WSDL and UDDI ... .52 4.1 Overview .......................52 4.2 SOAP ...........................53 4.2.1 SOAP Message Structure ................... .................53 4.2.2 SOAP Message Encoding . .. .... .. ...55 4.2.3 Summary ...........56 4.3 V/SDL .........................57 4.4 UDDL.........................60 4.4.1UDDI Business Registry .......... ....60 4.4.2UsingUDDItoRegisterandFindServices....................................6l Summary ...... ......... ...... .....66 Chapter 5 Credit Card Web Service Implementation ...................67 5.1 Implementation Language .......................67 5.2 Implementation Tools ............ ................68 5.2.1 Entrust Authority Security Toolkit for Java . .........68 5.2.218M Websphere Studio ...............73 5.3 PKCS #7 ImplementationwithEntrustToolkit..........................................75 5.3.1 Encode ............75 5.3.2 Decode ............77 5.4 Database Design and Implementation.............. ..................78 5.5 Comparison with Other Web Services Security Solutions .. ... ...80 5.5.1 Benefits/Limitations of existing technologies . ...... ...80 5.5.2 Benefits/Limitations ofthe proposed solutions ..........87 IVeb Services Secwi6,, @ Lin fan 2006 VI lyeb Ser-vices Secutily, @ Lin Yan 2006 Chopter I lntroduction Chapter 1 Introduction This thesis presents a viable approach for securing Web services. The purpose of this approach is to increase the security of transferring XML (Extensible Markup Language) messages over the Internet. This approach adopts the Entrust/PKl (Public Key Iníìastructure) and PKCS #7 cryptographic message syntax standard. A comparison of this approach with existing standards and technologies for Web services security is also reported. As a prototype, a sample credit card Web service is developed with the help of UML (Unified Modeling Language) modeling, to demonstrate the performance and effectiveness of our approaclr. In the remainder of this introductory chapter, I first introduce Internet concepts and Web services in particular in Section 1.1 and Section 1.2 respectively. Following that, I review the associated Web services standards including XML, SOAP (Simple Object Access Protocol), WSDL (Web Services Description Language), and UDDI (Universal Description, Discovery and Integration) in Section
Load more

Recommended publications
  • Second Year Report
    UNIVERSITY OF SOUTHAMPTON Web and Internet Science Research Group Electronics and Computer Science A mini-thesis submitted for transfer from MPhil toPhD Supervised by: Prof. Dame Wendy Hall Prof. Vladimiro Sassone Dr. Corina Cîrstea Examined by: Dr. Nicholas Gibbins Dr. Enrico Marchioni Co-Operating Systems by Henry J. Story 1st April 2019 UNIVERSITY OF SOUTHAMPTON ABSTRACT WEB AND INTERNET SCIENCE RESEARCH GROUP ELECTRONICS AND COMPUTER SCIENCE A mini-thesis submitted for transfer from MPhil toPhD by Henry J. Story The Internet and the World Wide Web are global engineering projects that emerged from questions around information, meaning and logic that grew out of telecommunication research. It borrowed answers provided by philosophy, mathematics, engineering, security, and other areas. As a global engineering project that needs to grow in a multi-polar world of competing and cooperating powers, such a system must be built to a number of geopolitical constraints, of which the most important is a peer-to-peer architecture, i.e. one which does not require a central power to function, and that allows open as well as secret communication. After elaborating a set of geopolitical constraints on any global information system, we show that these are more or less satisfied at the raw-information transmission side of the Internet, as well as the document Web, but fails at the Application web, which currently is fragmented in a growing number of large systems with panopticon like architectures. In order to overcome this fragmentation, it is argued that the web needs to move to generalise the concepts from HyperText applications known as browsers to every data consuming application.
    [Show full text]
  • Mobile Three-Dimensional City Maps
    TKK Dissertations in Media Technology Espoo 2009 TKK-ME-D-2 MOBILE THREE-DIMENSIONAL CITY MAPS Antti Nurminen AB TEKNILLINEN KORKEAKOULU TEKNISKA HÖGSKOLAN HELSINKI UNIVERSITY OF TECHNOLOGY TECHNISCHE UNIVERSITÄT HELSINKI UNIVERSITE DE TECHNOLOGIE D’HELSINKI TKK Dissertations in Media Technology Espoo 2009 TKK-ME-D-2 MOBILE THREE-DIMENSIONAL CITY MAPS Antti Nurminen Dissertation for the degree of Doctor of Science in Technology to be presented with due permission of the Department of Media Technology, for public ex- amination and debate in Lecture Hall E at Helsinki University of Technology (Espoo, Finland) on the 10th of December, 2009, at 12 noon. Helsinki University of Technology Faculty of Information and Natural Sciences Department of Media Technology Teknillinen korkeakoulu Informaatio- ja luonnontieteiden tiedekunta Mediatekniikan laitos Distribution: Helsinki University of Technology Faculty of Information and Natural Sciences Department of Media Technology P.O.Box 5400 FIN-02015 TKK Finland Tel. +358-9-451 2870 Fax. +358-9-451 5253 http://media.tkk.fi/ Available in PDF format at http://lib.tkk.fi/Diss/2009/9789522481931/ c Antti Nurminen ISBN 978-952-248-192-4 (print) ISBN 978-952-248-193-1 (online) ISSN 1797-7096 (print) ISSN 1797-710X (online) Redfina Espoo 2009 ABSTRACT Author Antti Nurminen Title Mobile Three-Dimensional City Maps Maps are visual representations of environments and the objects within, depicting their spatial relations. They are mainly used in navigation, where they act as external information sources, supporting observation and de- cision making processes. Map design, or the art-science of cartography, has led to simplification of the environment, where the naturally three- dimensional environment has been abstracted to a two-dimensional repre- sentation, populated with simple geometrical shapes and symbols.
    [Show full text]
  • Addressing Threats and Security Issues in World Wide Web Technology∗†
    Addressing Threats and Security Issues in World Wide Web Technology∗† Stefanos Gritzalis Department of Informatics University of Athens TYPA Buildings, Athens GR-15771, GREECE tel.: +30-1-7291885, fax: +30-1-7219561 Department of Informatics Technological Educational Institute (T.E.I.) of Athens Ag.Spiridonos St. Aegaleo GR-12210, GREECE tel.: +30-1- 5910974, fax.: +30-1-5910975 email: [email protected] Diomidis Spinellis Department of Mathematics University of the Aegean Samos GR-83200, GREECE tel.: +30-273-33919, fax: +30-273-35483 email:[email protected] May, 1997 Abstract We outline the Web technologies and the related threats within the framework of a Web threat environment. We also examine the issue surrounding dowloadable executable content and present a number of security services that can be used for Web transactions categorised according to the Internet layering model. ∗In Proceedings CMS ’97 3rd IFIP TC6/TC11 International joint working Conference on Communica- tions and Multimedia Security, pages 33–46. IFIP, Chapman & Hall, September 1997. †This is a machine-readablerendering of a working paper draft that led to a publication. The publication should always be cited in preference to this draft using the reference in the previous footnote. This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author’s copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
    [Show full text]
  • Reflections on the REST Architectural Style and “Principled Design of the Modern Web Architecture”
    Reflections on the REST Architectural Style and “Principled Design of the Modern Web Architecture” Roy T. Fielding Adobe Richard N. Taylor University of California, Irvine Justin R. Erenkrantz Bloomberg Michael M. Gorlick University of California, Irvine Jim Whitehead University of California, Santa Cruz Rohit Khare Google Peyman Oreizy Dynamic Variable LLC Outline 1. The Story of REST § Early history of the Web § What REST is (and is not) § Contemporary influences 2. Work inspired by REST § Decentralization § Generalization § Secure computation 3. Reflections on REST § Investing in entrepreneurial students § Role of Software Engineering research ESEC/FSE’17, September 8, 2017, Paderborn, Germany 2 Original proposal for the World Wide Web IBM Computer GroupTalk conferencing Hyper for example Card uucp News ENQUIRE VAX/ NOTES Hierarchical systems for example for example unifies A Proposal Linked "Mesh" CERNDOC information describes describes includes includes C.E.R.N This describes document division "Hypertext" refers group group includes describes to wrote section Hypermedia etc Tim Comms Berners-Lee ACM [Berners-Lee, 1989] ESEC/FSE’17, September 8, 2017, Paderborn, Germany 3 The Web is an application integration system IBM Computer GroupTalk conferencing Hyper for example Card uucp News ENQUIRE VAX/ NOTES Hierarchical systems for example for example unifies A Proposal Linked "Mesh" CERNDOC information describes [Berners-Lee, 1989] ESEC/FSE’17, September 8, 2017, Paderborn, Germany 4 describes includes includes C.E.R.N This describes document
    [Show full text]
  • Pay-As-You-Go Data Cleaning and Integration
    Pay-as-you-go Data Cleaning and Integration Shawn Jeffery Electrical Engineering and Computer Sciences University of California at Berkeley Technical Report No. UCB/EECS-2008-102 http://www.eecs.berkeley.edu/Pubs/TechRpts/2008/EECS-2008-102.html August 20, 2008 Copyright 2008, by the author(s). All rights reserved. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission. Pay-as-you-go Data Cleaning and Integration by Shawn R. Jeffery B.S. (University of Wisconsin, Madison) 2002 M.S. (University of California, Berkeley) 2005 A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the GRADUATE DIVISION of the UNIVERSITY OF CALIFORNIA, BERKELEY Committee in charge: Professor Michael J. Franklin, Chair Professor Joseph M. Hellerstein Professor Dara O’Rourke Fall 2008 The dissertation of Shawn R. Jeffery is approved. Chair Date Date Date University of California, Berkeley Fall 2008 Pay-as-you-go Data Cleaning and Integration Copyright c 2008 by Shawn R. Jeffery Abstract Pay-as-you-go Data Cleaning and Integration by Shawn R. Jeffery Doctor of Philosophy in Computer Science University of California, Berkeley Professor Michael J. Franklin, Chair Many emerging applications such as Web mash-ups and large-scale sensor deploy- ments seek to make use of large collections of heterogeneous data sources to enable powerful new services.
    [Show full text]
  • Requests for Comments (RFC)
    ,QWHUQHW6RFLHW\ ,62& ,QWHUQHW$UFKLWHFWXUH%RDUG Requests for Comments (RFC) 6HOHFWHG5HTXHVWVIRU&RPPHQWVUHOHYDQWWRLQVWUXFWLRQDOGHVLJQ5HTXHVWV IRU&RPPHQWVRU5)&VLQFOXGH,QWHUQHWVWDQGDUGVGHYHORSHGE\WKH ,QWHUQHW$UFKLWHFWXUH%RDUGIRUWKH,QWHUQHW6RFLHW\0DQ\RIWKH5)&V SURYLGHLPSRUWDQWWHFKQLFDOLQIRUPDWLRQDQGDUHQRWFODVVLILHGDV ³VWDQGDUGV´ 5HSURGXFHGLQDFFRUGDQFHZLWKWKHSROLFLHVRIWKH,QWHUQHW6RFLHW\)RUWKH ODWHVWLQIRUPDWLRQDERXWWKH6RFLHW\VHHZZZLVRFRUJ)RUPRUH LQIRUPDWLRQDERXWVWDQGDUGVVHHZZZLDERUJ RFC1314 Web Address: Image Exchange Format http://sunsite.cnlab-switch.ch/ By: Katz & Cohen Network Working Group A. Katz Request for Comments: 1314 D. Cohen ISI April 1992 A File Format for the Exchange of Images in the Internet Status of This Memo This document specifies an IAB standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "IAB Official Protocol Standards" for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract This document defines a standard file format for the exchange of fax-like black and white images within the Internet. It is a product of the Network Fax Working Group of the Internet Engineering Task Force (IETF). The standard is: ** The file format should be TIFF-B with multi-page files supported. Images should be encoded as one TIFF strip per page. ** Images should be compressed using MMR when possible. Images may also be MH or MR compressed or uncompressed. If MH or MR compression is used, scan lines should be "byte-aligned". ** For maximum interoperability, image resolutions should either be 600, 400, or 300 dpi; or else be one of the standard Group 3 fax resolutions (98 or 196 dpi vertically and 204 dpi horizontally). Note that this specification is self contained and an implementation should be possible without recourse to the TIFF references, and that only the specific TIFF documents cited are relevant to this specification.
    [Show full text]
  • CV January 2001 Geoffrey Charles
    Geoffrey Charles Fox Phone Email Cell: 8122194643 [email protected] Informatics: 8128567977 [email protected] Lab: 8128560927 [email protected] Home: 8123239196 Web Site: http://www.infomall.org Addresses ..................................................................................................... 2 Date of Birth ................................................................................................. 2 Education ...................................................................................................... 2 Professional Experience .................................................................................. 2 Awards and Honors ........................................................................................ 3 Board Membership ......................................................................................... 3 Industry Experience ....................................................................................... 3 Current Journal Editor..................................................................................... 3 Previous Journal Responsibility ........................................................................ 4 PhD Theses supervised ................................................................................... 4 Research Activities ......................................................................................... 7 Conferences Organized ................................................................................... 8 Publications: Introduction ..............................................................................
    [Show full text]
  • Cgcopyright 2013 Alexei Czeskis
    c Copyright 2013 Alexei Czeskis Practical, Usable, and Secure Authentication and Authorization on the Web Alexei Czeskis A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy University of Washington 2013 Reading Committee: Tadayoshi Kohno, Chair Arvind Krishnamurty Hank Levy Raadhakrishnan Poovendran Program Authorized to Offer Degree: UW Computer Science and Engineering University of Washington Abstract Practical, Usable, and Secure Authentication and Authorization on the Web Alexei Czeskis Chair of the Supervisory Committee: Associate Professor Tadayoshi Kohno Department of Computer Science and Engineering User authentication and authorization are two of the most critical aspects of computer security and privacy on the web. However, despite their importance, in practice, authen- tication and authorization are achieved through the use of decade-old techniques that are both often inconvenient for users and have been shown to be insecure against practical at- tackers. Many approaches have been proposed and attempted to improve and strengthen user authentication and authorization. Among them are authentication schemes that use hardware tokens, graphical passwords, one-time-passcode generators, and many more. Sim- ilarly, a number of approaches have been proposed to change how user authorization is performed. Unfortunately, none of the new approaches have been able to displace the tradi- tional authentication and authorization strategies on the web. Meanwhile, attacks against user authentication and authorization continue to be rampant and are often (due to the lack of progress in practical defenses) successful. This dissertation examines the existing challenges to providing secure, private, and us- able user authentication and authorization on the web. We begin by analyzing previous approaches with the goal of fundamentally understanding why and how previous solutions have not been adopted.
    [Show full text]
  • Principled Design of the Modernweb Architecture
    Principled Design of the ModernWeb Architecture Roy T. Fielding and Richard N. Taylor Information and Computer Science University of California, Irvine Irvine, CA 92697–3425 USA +1.949.824.4121 {fielding,taylor}@ics.uci.edu ABSTRACT A software architecture determines how system elements are The World Wide Web has succeeded in large part because its identified and allocated, how the elements interact to form a software architecture has been designed to meet the needs of system, the amount and granularity of communication an Internet-scale distributed hypermedia system. The needed for interaction, and the interface protocols used for modern Web architecture emphasizes scalability of communication. An architectural style is an abstraction of component interactions, generality of interfaces, the key aspects within a set of potential architectures independent deployment of components, and intermediary (instantiations of the style), encapsulating important components to reduce interaction latency, enforce security, decisions about the architectural elements and emphasizing and encapsulate legacy systems. In this paper, we introduce constraints on the elements and their relationships [17]. In the Representational State Transfer (REST) architectural other words, a style is a coordinated set of architectural style, developed as an abstract model of the Web architecture constraints that restricts the roles/features of architectural to guide our redesign and definition of the Hypertext elements and the allowed relationships among those Transfer Protocol and Uniform Resource Identifiers. We elements within any architecture that conforms to the style. describe the software engineering principles guiding REST REST is a coordinated set of architectural constraints that and the interaction constraints chosen to retain those attempts to minimize latency and network communication principles, contrasting them to the constraints of other while at the same time maximizing the independence and architectural styles.
    [Show full text]
  • Harvesting Commonsense and Hidden Knowledge from Web Services Julien Romero
    Harvesting commonsense and hidden knowledge from web services Julien Romero To cite this version: Julien Romero. Harvesting commonsense and hidden knowledge from web services. Artificial Intelli- gence [cs.AI]. Institut Polytechnique de Paris, 2020. English. NNT : 2020IPPAT032. tel-02979523 HAL Id: tel-02979523 https://tel.archives-ouvertes.fr/tel-02979523 Submitted on 27 Oct 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Harvesting Commonsense and Hidden Knowledge From Web Services Thèse de doctorat de l’Institut Polytechnique de Paris préparée à Télécom Paris École doctorale n◦626 École doctorale de l’Institut Polytechnique de Paris (ED IP Paris) NNT : 2020IPPAT032 Spécialité de doctorat: Computing, Data and Artificial Intelligence Thèse présentée et soutenue à Palaiseau, le 5 Octobre 2020, par Julien Romero Composition du Jury : Pierre Senellart Professor, École Normale Supérieure Président Tova Milo Professor, Tel Aviv University Rapporteur Katja Hose Professor, Aalborg University Rapporteur Michael Benedikt Professor, University of Oxford
    [Show full text]
  • Kapanfangrechts
    KapAnfangRechts Literaturverzeichnis 1. Marc Abrams, Charles R. Standridge, Ghaleb Abdulla, Stephen Williams und Edward A. Fox. Caching Proxies: Limitations and Potentials. In Proceedings of the Fourth International World Wide Web Conference, S. 119–133, Boston, Massachu- setts, Dezember 1995. 2. Adobe Systems Inc. Postscript Language Reference Manual. Addison-Wesley, Reading, Massachusetts, 2. Auflage, Dezember 1990. 3. Adobe Systems Inc. Postscript Language Reference Manual. Addison-Wesley, Reading, Massachusetts, 3. Auflage, Januar 1999. 4. Nabeel AI-Shamma, Robert Ayers, Richard Cohn, Jon Ferraiolo, Martin Newell, Roger K. de Bry, Kevin McCluskey und Jerry Evans. Precision Graphics Markup Language (PGML). World Wide Web Consortium, Note NOTE-PGML-19980410, April 1998. 5. Paul Albitz und Cricket Liu. DNS and BIND. O'Reilly & Associates, Inc., Sebastopol, California, Januar 1992. 6. Aldus Corporation. TIFF – Revision 6.0. Seattle, Washington, Juni 1992. 7. Harald Tveit Alvestrand. Tags for the Identification of Languages. Internet proposed standard RFC 1766, März 1995. 8. American National Standards Institute. Coded Character Set – 7-Bit American National Standard Code for Information Interchange. ANSI X3.4, 1992. 9. American National Standards Institute. Information Retrieval (Z39.50): Applica- tion Service Definition and Protocol Specification. ANSI/NISO Z39.501995, Juli 1995. 10. Mark Andrews. Negative Caching of DNS Queries (DNS NCACHE). Internet proposed standard RFC 2308, März 1998. 11. Farhad Anklesaria, Mark McCahill, Paul Lindner, David Johnson, Daniel Torrey und Bob Alberti. The Internet Gopher Protocol. Internet informational RFC 1436, März 1993. 12. Apple Computer, Inc., Cupertino, California. The TrueType Reference Manual, Oktober 1996. 13. Helen Ashman und Paul Thistlewaite, Herausgeber. Proceedings of the Seventh International World Wide Web Conference, Brisbane, Australia, April 1998.
    [Show full text]
  • Using Bundles for Web Content Delivery
    Using Bundles for Web Content Delivery Craig E. Wills Gregory Trott Mikhail Mikhailov Computer Science Department Worcester Polytechnic Institute Worcester, MA 01609 Abstract The protocols used by the majority of Web transactions are HTTP/1.0 and HTTP/1.1. HTTP/1.0 is typically used with multiple concurrent connections between client and server during the process of Web page retrieval. This approach is inefficient because of the overhead of setting up and tearing down many TCP connections and because of the load imposed on servers and routers. HTTP/1.1 attempts to solve these problems through the use of persistent connections and pipelined requests, but there is inconsistent support for persistent connections, particularly with pipelining, from Web servers, user agents, and intermediaries. In addition, the use of persistent connections in HTTP/1.1 creates the problem of non-deterministic con- nection duration. Web browsers continue to open multiple concurrent TCP connections to the same server. This paper examines the idea of packaging the set of objects embedded on a Web page into a single bundle object for retrieval by clients. Based on measurements from popular Web sites and an implementation of the bundle mechanism, we show that if embedded objects on a Web page are delivered to clients as a single bundle, the response time experienced by clients is better than that provided by currently deployed mechanisms. Our results indicate that the use of bundles provides shorter overall download times and reduced average object delays as compared to HTTP/1.0 and HTTP/1.1. This approach also reduces the load on the network and servers.
    [Show full text]