Customer Relationship Management (CRM)
Data Farm
Inc.®
|
The Technical "Know-How"
|
Security and Communication Tiers - KISS "Keep it simple, stupid"
This page covers two main sections:
• Basic concepts of Tiers, Inter-process communication (IPC) and communication channels
• Our DAO Security Model - KISS
Thinking in Term of Folders:
In any operating systems, a folder is a named collection of related files that can be
retrieved, moved and manipulated as one entity. We need to view tiers or servers (software and hardware) as
folders. In other words, tiers or servers are independent entities which are self
contained and they are also part of the whole system.
Browsers and/or cloud services
would be outsiders folders. Web services and Legacy system could also be considered folders.
Each folder has private, protected and public data they need to work with. Each needs
services or data from others. These folders can be on one server or on a number
of servers and possibly remotes or outside servers. The same thing can be applied to
tiers, servers or virtual servers. They can located on several servers or all on the same server.
Inter-Process Communication (IPC):
Inter-process communication (IPC) is how processes or programs share data using communication
protocols. IPC are categorized as clients and servers, where the client requests data and the
server responds to client requests. Each process or a program can act as both a client and a server.
Shared Data and DAO:
The core of any system is how to use data. Our view of data or Data Access Object (DAO) is
that of human cardiovascular system, where the blood circulate and transport nutrients, oxygen
to nourish the body. There are different types of blood cells. Red blood cells which deliver
oxygen (O2). White blood cells which are essential for good health and protection against illness
and disease. Therefore, data is the blood of any system which is used to supply the system with the
data needed to run and as well has the security information to protect the system.
Communication Channels:
How these tiers or servers exchange data and in what format is very critical to system performance
and security. The following are some of communication channels:
File:
A computer file is a resource for storing information, and it can be accessed by multiple processes.
The drawback of using files is the fact it is I/O process which is slow.
Signal:
In electronics, a signal is an electric current or electromagnetic field used to convey data from one place to another.
Socket:
A socket is one endpoint of a two-way communication link between two programs running
on the network. Sockets can be considered an open buffer for dumping and reading
data. A socket is bound to a port number which is its address to communicate with.
Message queue:
Message queues provide an asynchronous communications protocol, meaning that the sender
and receiver of the message do not need to interact with the message queue at the same
time. A message queue allows multiple processes to read and write to the message queue
without being directly connected to each other. Messages placed onto the queue are stored
until the recipient retrieves them. Message queues have implicit or explicit limits on
the size of data that may be transmitted in a single message and the number of messages
that may remain outstanding on the queue.
Pipe:
In computer programming, especially in UNIX operating systems, a pipe is a technique
for passing information from one program process to another. Unlike other forms of inter
process communication (IPC), a pipe is one-way communication only. Basically, a pipe
passes a parameter such as the output of one process to another process which accepts it
as input. The system temporarily holds the piped information until it is read by the receiving process.
Named Pipe:
Named pipes provide inter-process communication between a pipe server and one or more
pipe clients. They offer more functionality than anonymous pipes, which provide
inter-process communication on a local computer. Named pipes support full duplex communication
over a network and multiple server instances, message-based communication, and client
impersonation, which enables connecting processes to use their own set of permissions on remote servers.
Semaphore:
A simple structure that synchronizes multiple processes acting on shared
resources. Semaphores are one of the techniques for inter-process communication
(IPC). Semaphores are commonly use for two purposes: to share a common memory space
and to share access to files.
Shared Memory:
Shared memory is memory that is accessible to a number of processes.
It is the quickest way of sharing information among a set of
processes. Shared memory is available on all operating systems.
Message Passing:
Message passing refers to a means of communication between different threads within
a process, different processes running on the same node, or different processes running
on different nodes.
Memory-Mapped File:
A file mapped to RAM and can be modified by changing memory values directly instead of
outputting to a stream. Memory mapped files can be considered an array of characters
located at a specific address in memory.
Java Objects, Methods, Buffered Queues and DAO:
Java API and libraries and open source give development the needed tools to make
calls to remote objects, methods plus the ability to pass Java objects to these
calls. For example, one Java object can do the buffering for other programs by create
a Queue of DAO which would persist in memory and work a buffer. Java Class java.nio.MappedByteBuffer
is another example of buffering data.
Web Services:
In a nutshell, web server is nothing more than communicating using XML. XML
is also nothing but structured text files which we have tools that build them
and other that read/parse them. XML primitive data types are not too far from Java
data types. Java Reflection can be used to retrieve values stored DAO fields and
converted them to XML tags using DOM. The reverse from XML tags to DOA fields
can also be done using JAXP or JAXB and Java Reflection.
Our XML Key Ingredient:
We believe in KISS "Keep it simple, stupid". When it comes to web services, there
is a barrage of confusing tools and schemas and not to mention that companies had
been building their own private-tasks-specific web services. Our key ingredient
is simplicity and no nested nor complex schemes that are hard to understand,
modify, revise or even follow. KISS = "DAO to XML tags and XML tags to DAO."
The Existing Communication Standards:
• HTTP - Servlets, REST,
• XML Web Services (SOAP, ...)
• RMI
• Our - XML-DAO (XML - using Java Reflection).
Our DAO Security Model - KISS:
Back to DAO:
As we mentioned earlier, Data Access Object (DAO) is that of human cardiovascular system, where
DAO objects are the blood cells of the system. Different types of blood cells have different
functionality. System tiers, servers, methods, and java object calling or any communication
must be restricted to only pass DAO or arrays of DAO. DAO or arrays of DAO will be the only
objects moving from one tier to another or one object or method to another. We are proposing
the following DAO types:
• Personal
• Business
• Transactional
• Misc
Each categories may have subcategories based on the business processes. Transactional can
be subcategorized into Security Information DAO.
Learning for Cloneable interface {}:
A class implements the Cloneable interface to indicate to the Object.clone() method that it is
legal for that method to make a field-for-field copy of instances of that class. Invoking
Object's clone method on an instance that does not implement the Cloneable interface results
in the exception CloneNotSupportedException being thrown.
SecurityDAO Interface {}:
Our Intelligent DAO can be architected-designed to add another security functions or methods
by implementing SecurityDAO Interface. The method(s) used will have the dynamic security code
for the system security checkpoints to authenticate the security of the passing DAO. This would
help secure communication among all the tiers. Tiers checkpoints will be looking for the DAO dynamic security
code returned. The security code is the returned value from the call the SecurityDAO Interface methods, otherwise it will throw a security
exception. Such a code is the ID to identify the tier, the callers and receivers of the DAO.
In our View our Security Model can be easily implemented and dynamic changed with time stamps
which add an addition security layer with minimum coding done to our Intelligent DAO.
|
|