Communication Security for DSSP

I was not able to find any communication or message security related documents for Microsoft’s DSSP (Decentralized Software Services Protocol). The current DSS defines a fine grain application security model / access control mechanism to restrict service consumtion and it has been improved from the last MSRS 1.5 version.

As per I know (From the available documents on the Web), the current implementation of DSSP always uses SOAP as a message tunneling mechanism. That means either it may be binary TCP or HTTP, it is always SOAP. The following two diagrams helps to visualize the scenario.



DSSP TCP Binding

DSSP TCP Binding

Well, it uses SOAP and also defines the transport on top of HTTP or TCP. So, the security mechanisms comes to mind are HTTPS, WS-Security or if you do not want to touch the DSSP communication stack then it is IPsec.

Since MS defines DSSP for Robots or Control systems, so HTTPS may be the last choice as device with low resource are not well suited with https. As one of advantage of DSSP is to provide a decentralized and distributed system so WS-Security would be a very good choice since it provides end-to-end security instead point-to-point security like https.The following diagram shows the new stack with WS-Security.

In WS-Security, Message integrity is provided by XML Signature and Message confidentiality leverages XML Encryption. Both these techniques has numbers of advantages other than TLS or SSL or even IPsec style of Security.  Also “Specifically, the WS-Security profile specifications describes how to encode Username Tokens, X.509 Tokens, SAML Tokens , REL Tokens and Kerberos Tokens as well as how to include opaque encrypted keys as a sample of different binary token types.

So, if the security for the SOAP messages exchanged during DSSP service request and response are provided by WS-Security, it will be very strong as well as end-to-end security mechanism.  The existing username/pasword security policy of DSS can be combined with WS-Security and also with WS-SecureConversation to have secure session. However attaching with Kerberos will be a better option as it guarantees better network security to overcome those entropy related attacks in username/password cases.


Writing your blog posts in Assamese

Ok, There is no direct support to write blog posts (atleast in wordpress or blogspot) in assamese but you can write with help of some unicode editors. One important thing to remember that your browser need to support unicode formats. Well, IE 6+ and Mozilla Firefox supports unicode character formats.


In assamese , “O mor apunar desh”…

অ’ মোর আপোনার দেশ,

অ’ মোর চিকুনি দেশ,

এনে খন সুব্ লা , এনে খন সুফলা, এনে খন মরমর দেশ।

এনে খন সুব্ লা , এনে খন সুফলা, এনে খন মরমর দেশ।