Paper17

Paper Title: Composable Mediation for Security-Aware Mobile Services

Three Critical Questions

Group 1:

Member Name:Vallurupalli Anusha

1)The author said that the key enabler of interoperability in non real systems is software inter operation. How this aspect
works? How this aspect helps in accomplishing interoperability?
2)Why the web services are not best utilized as a part of the core distribution ? This point is no where reasoned out in the
paper though it is just outlined.
3)How the upper and lower confidence values are determined in calculating the total tolerance?

Member Name:Fazlun

1)What does the value added services layer of the Spice platform contain.
2)How are SIP and web services combined in Spice.
3)What does monitoring, transcoding, routing and aggregation schemes mean.

Group 2:

Member Name:Reena

1. Will there be traffic congestion issues by using mediators?
2. Say there is congestion or the mediator is down then what is the alternative method that can be used to help the customers?
3. The author says “…. which can be plugged in a flexible way between the service and the service user”. What is the criterion used to pug in the mediator elements?

Group 3:

Member Name:

Group 4:

Member Name:

Group 5:

Member Name:SUNIL KUMAR GARREPALLY

1. The paper has projected the use of mediation to provide the services and compose them with the basic services. Does it apply to typical operations such as bank transactions or e-commerce applications that require end-end security, and avoids use of mediation that may pose the user reliability issues on services?
2. The technique explained provides multi level security and enable the user’s data to be safe by authenticating the user at each and every node. So, the author suggested storing the credentials in state (session) variables. Does the system use any time-out period for the automatic log-off that prevents others to use the system in case the user forgets to log-off.
3. This method has use of transferring SOAP messages between the components for authentication at each stage and may overload the system with the messages and affect performance. Does it follow any compression techniques, in such case what sort of compression techniques is used to reduce the length of the messages?
4. This method is using a common master key between the user and provider. But, in case if the intruder tries random keys and generates the key, makes the system unreliable. Is it possible to produce the key based on master key and a short term key that is used only for that session and would eliminate the chosen-plain text attack by the intruder?
5. Mobile services require more signaling power for authentication, and use most of the CPU usage. What methods are used to reduce the power consumption of antennas and make it pervasive?
6. SAML is used along with 3GPP. But, SAML is still in development stage and has limited industry acceptance. Does it really provide the best solution without any problems for the real-time applications that would not tolerate any assumptions, only rely on assured services?

Group 6:

++++
1)In this paper the author talks about mediation, but what if the service platform does not match with certain characteristics of service? Since all the mediation concept is explained assuming both of them have proper relation.
2)In the real world for most of the services security totally relies on the type service and generally cannot be separated but the author introduces the concept of modularity into the mediation to separate them? How feasible is this?
3)Mediation elements are plugged into the system to perform the security concerns to interact with several services. But what if some of the services in the system are not willing to cooperate in a peculiar scenario which is not in the agreement before? Then how the messages are passed among them?

Group 7:

Member Name:shaiv

1. Every web service has to provide some of the quality of service measures. But does the mediator system ensure providing this kind of service?
2. Which among the two frameworks namely 3-Gpp or liberty authentication mediator achieve greater scalability?
3. What are the different contexts in using the two described frameworks?

Member Name: R.Karunapriya

Critical Questions:
1.The article explains that the service mediation helps in restricting the access of data by unknown users but to how far extent this helps in controlling the access?
2.The article enlightens that the mediators help in incorporating the various security tools into a distinct strategy infrastructure. To how far will the mediators be successful in integrating these technologies?
3.The authors have explained in the article that SOAP acts as a medium in advancing the message, but does the essential protocols like this be practically implemented in configuring the services dynamically?

Group 8:

Member Name:Ramya Devabhakthuni

Critical Questions:
1.The paper stated that the mediators are used to provide security features like ‘authentication’, ‘authorization’ etc. But the ‘wireless LANs’ and ‘cellular technologies’ may have ‘different authentication’ mechanisms. How these features are achieved in both the cases?
2.The paper stated that the message digest generated by the ‘GBA’ is used with “HTTP” and the key is used over “IP protocols”. How the security and interoperability will be achieved by using different protocols is not being discussed?
3.The ‘SPICE” architecture has 4 different layers each providing different functionalities. The security is not provided by this architecture and the author suggests using underlying mediation services to achieve security. Why the mediation concepts cannot be integrated with the ‘SPICE’ architecture in order to increase flexibility?

Group 9:

Member Name: SRI HARSHA JASTI

1. The author mentioned about using the mediators for providing security to the mobile services but he mention when to use these mediators and what specific functionality is to be delegated to this mediator framework?
2. The mediators are server independent it means that they can be used on different servers. But if it is done so, the system will be overloaded and the overhead task of the server also increases. So is it appropriate to use the mediators on all platforms?
3. The main advantage of mediation architecture is flexibility which is provided by service specific mediators. But these service specific mediators are not completely desirable. “Mediators extract specific concern of a service , this concern should be generic and service independent “. But the author didn’t mention whether these mediating elements can be service independent??

Group 10:

Member Name:Jonnalagadda, Harideep Reddy

1) How an active intermediary does determine the destination based on content of messages in content based systems?? What is the technique used here??? Is active intermediary an integral part of the mediation or what is it exactly????

2) How far is it feasible enough to use the so called w3c xml encryptions and xacml in the security aspects???? The adaptation of pdp,pep etc are making it much more complex. Why not a unique procedure or language be developed that is acceptable in any environment and in all fields???

3) When the whole concept of mediation is concerned as single entity, it meant to introduce one more concept. This may decrease stress on service providers and all. But more members more is the complexity developed. Isn’t it true that the concept is blessing and disguise for the users???

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License