My G+ Profile
« June 26, 2003 | Main | June 28, 2003 »
June 27, 2003
DNS Turns Twenty
Paul Mockapetris invented DNS while working at the University of Southern California 20 years ago in 1983. It took a number of years to catch on. I still remember editing /etc/hosts by hand on every machine I managed in 1988. Most machines didn't have complete host tables. There were a few complete host tables on various machines spread around the net. This led to a process where sending mail to someone meant that you had to pick the route using UUCP-style ! routes in the email address. The trick was to get the message to a machine that knew about the host you were sending mail to. It was a game and we enjoyed being good at it. DNS spoiled the fun, but made the net much more useful. This ComputerWorld article talks about the history of DNS and its invention. In the article Paul says:
I had expected people to think a little about enhancing the infrastructure, but it's still working hard and I don't think there are any obvious stress points where it's going to fall down in the next couple of years.
It is amazing that it continues to work, but that's a testament, I think to the decentralized, albeit hierarchical, architecture of the the DNS system and the overriding simplicity of what it does. It just maps domain names to IP numbers. Contrast that with UDDI which shares a potentially decentralized architecture, but has a much more complicated goal to return services based on more nebulous criteria than a simple, hierarchical domain name.
The article seems to make the invention of domain names and DNS synonymous and I don't think that's right. I believe the notion of hierarchical domain names existed before the DNS mapping system was invented, but I could be wrong. This predates my Internet experience by 3 or 4 years.
02:02 PM | Recommend This | Print This
XACML: Extensible Access Control Mark-up Language
Yesterday, I wrote about SPML and a little about SAML. SAML is an XML-based language for exchanging assertions about identity. SPML is an XML-based language for interacting with identity provisioning systems. There's another important piece in the puzzle: a common format for access requests, policies, and responses. XACML provides just that.
XACML is the language of the Policy Decision Point, of PDP. The PDP is the chunk of code that recieves access requests, checks to see whether they should be granted, and returns an appropriate response. The PDP is not necessarily the same as the place where credentials are stored. It merely needs access to that service, ideally via SPML. The PDP could be a module running in the local system or a remote system accessed over the Internet.
There are a number of good resources you should look at on XACML:
- Sun Developer has an excellent article on XACML. Be sure to look at the code samples in the sidebar (the ones in the mainbar are not indented and difficult to read).
- The piece on sitepoint is one page of a long article on XML Security.
- Sun has released an open source implementation of the XACML standard. This Source Forge site has a lot of great information.
- I have to mention the official OASIS site on XACML since its got all the foundational information including the XACML standard in PDF.