Ron Burback Technical Lead of the Distributed Computer Environment Sweet Hall 312 Stanford University Stanford, CA 94305-3090 voice (415)-723-9291 fax (415)-725-9121 burback@stanford.edu http://www.stanford.edu/~burback White paper submitted to computing research association workshop on research directions for the Next Generation Internet. May 13-14, 1997, Vienna, VA Title: A large-scale, distributed, secure, infrastructure based on the next generation internet for support of scientific research, national security, distance education, environmental monitoring, and health care and a series of support applications. The Architecture: The internet, for the most part, is based on three, well known network layers often called the link, network, and the transport. In the link layer, communication is from physical network address to physical network address and is broadcasted over a logical, single wire network hooked together with hubs and bridges with the aid of ARP. The network layer communication is from IP to IP using data grams connected together with routers with the aid of DNS. The transport layer communication is from application to application defined by an IP and port combination with sequencing, flow control, data integrity, and acknowledgment of receipt with the aid of inetd. What is being proposed is a new fourth layer: the Principal to Principal layer (PTP). This layer deals with communication that is between authenticated principal to authenticated principal. An authenticated principal is a person, computer, or software application that has been authenticated using a password or key mechanism. Data is protected with encryption. There is a rich, name space of principals and an authentication algorithm, either public or private key, with the aid of kerberos-like protocols. The principals may represent groups of services giving dependability and reliability. The principals are granted access and privileges with a role-based authorization algorithm based on dynamic groups and access control lists. The supporting applications layered on top of this new fourth layer might include secure email, digital signatures, event notification, time, calendar, file transfer, the web, error loggers, legal logs, and electronic commerce. Automated software security agents monitor the system to providing the protection of information, the detection of a breech of a security mechanism, the confinement of the breech to a small a footprint as possible, and the repair of breech brining the security system back to a secure known state. A name space of persistent objects will be available that will allow for the secure sharing of information across the network. If you know the name of an object and you have the correct privileges, you can access the object. This corrects the problem of the name space of the Web where the name is closely tied to the physical location. This name space would uncouple the name of an object from the location. User application would be written with a web-smart forms system. The client footprint would be small relying on the network services to provided significant functionality. The current TCP client footprint can be small because it relies on DNS. Open standards will be highly leveraged to accomplish these tasks including Kerberos, DCE, RSA, and SET. The design goal is to build a series of supporting protocols that are algorithm independent that provide authentication, authorization, and data protection. This is similar to the approach of SMTP for email. SMTP has remained quasi- static while the technology and algorithms to support email have changed significantly over the last several decades. New applications can call the PTP directly. Existing applications need not be modified. The socket library would be replaced with a default PTP layer and a new authentication client needs to be made available. The Plan: Year 1: Architecture of PTP and the supporting protocols Year 2: Implementation of PTP, servers and clients Year 3: Support application and porting of the code base. PTP servers and clients would be placed in public domain. Funding: One(1) million dollars for the first year. One and half(1.5) million dollars for the second year. Two million(2) dollars for the third year. The project total is 4.5 million dollars over three years.