Browse Prior Art Database

A Process for Authorized Service Discovery in Distributed Computing Environments

IP.com Disclosure Number: IPCOM000014232D
Original Publication Date: 2000-Jan-01
Included in the Prior Art Database: 2003-Jun-19
Document File: 3 page(s) / 141K

Publishing Venue

IBM

Abstract

Disclosed is a process for authorized service discovery in distributed computing environments. Typical distributed computing environments, such as Sun's JINI [1], IBM's TSpaces [2], the Salutation consortium's Salutation [3], the International Engineering Task Force's Service Location Protocol [4] and Microsoft's Universal Plug and Play [5], use a centralized service-discovery server to connect clients with network "service" providers (Fig. 1). The security enhancements in this disclosure allow service providers to enforce client authorization during service discovery, thus enabling privacy for the service providers. Finally, these security enhancements are applicable to the new paradigm of decentralized distributed computing, such as BlueTooth, where there is no centralized service-discovery server. Figure 1: Traditional Service Discovery Traditional Service Discovery Lookup service server

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 54% of the total text.

Page 1 of 3

  A Process for Authorized Service Discovery in Distributed Computing Environments

    Disclosed is a process for authorized service discovery in distributed computing environments. Typical distributed computing environments, such as Sun's JINI [1], IBM's TSpaces [2], the Salutation consortium's Salutation [3], the International Engineering Task Force's Service Location Protocol [4] and Microsoft's Universal Plug and Play [5], use a centralized service-discovery server to connect clients with network "service" providers (Fig. 1). The security enhancements in this disclosure allow service providers to enforce client authorization during service discovery, thus enabling privacy for the service providers. Finally, these security enhancements are applicable to the new paradigm of decentralized distributed computing, such as BlueTooth, where there is no centralized service-discovery server.

Figure 1: Traditional Service Discovery

Traditional Service Discovery

Lookup service server

"service A"

naming service

naming service

1

1

Two forms of implementation for authorized service discovery have been identified for centralized service-discovery servers: provider-based and lookup server-based authorization (see Figs. 2 & 3). In both cases, the service provider holds a list of authorized clients. These implementations differ only in the location where the authorization check is performed. Authentication is assumed with digital certificates. For Bluetooth, where there is no centralized service provider, each service provider handles it's own brokering to clients. This case is covered by Fig. 2 with the lookup service server and the service provider on a single device.

In both implementations, the client initiates a secure connection with the lookup service server, from which the lookup service server can obtain the client's certificate. For provider-based authorization, the service provider has joined the lookup service with a flag for "secure" service. If the client requests a "secure" service, the lookup service server first passes the client's certificate to that service provider for authorization. If authorized, then the client is notified of the service provider. Otherwise, the client gets no response; the service provider retains privacy.

3

2

client

service provider

"service A"

4

1 - discovery: locate lookup service 2 - join: service provider joins lookup service 3 - look...