Security Policies
The group creator will want to have some control over the behavior of group security. For example, the group creator will want to control whether administrators can make other users administrators, etc. This level of control is provided by different configurable security policies. During any kind of verification, these security policies are consulted before doing any further complex cryptographic checks.
Secure Connections
Secure connections are established between a graph’s members using Security Service Providers (SSPs). The SSP used for groups is known as the P2P Group Connect Protocol SSP. The credential used for establishing connection is the GMC of the group member. A member’s GMC chain can be renewed and locally deposited as part of normal operation of establishing a connection.
Group Processes
This section describes the following group processes:
| • |
Creating a group |
| • |
Joining a group |
Creating a Group
An application on a peer node creates a group by:
| • |
Creating a Group Root Certificate (GRC), signed with a private key owned by the group owner The GRC is a different self-signed certificate than the identity certificate, also owned by the group owner. |
| • |
Registering the group ID of the group with PNRP |
| • |
Configuring a set of group security policies The group security policies define the behavior of group security. |
| • |
Issuing invitations An invitation is an XML blob containing invitation parameters and a GMC for the tentative group member. |
Joining and Connecting to a Group
To join a group, a peer node must first receive an invitation from the group owner. To receive an invitation from the group owner, the tentative group member must first pass identifying materials to the group owner, which are the peer name and its public key. This information is passed using an out-of-band process such as email, file sharing, XML, etc. The group owner then issues the invitation to the tentative group member.
Upon receipt of the invitation, the tentative group member uses the invitation information to connect to the graph for the group. To connect to the group, the tentative group member uses PNRP and the group ID to resolve the address of a group member. Typically each user will have an identity certificate (IDC). The IDC is used for the initial secure TLS channel that is established with a current group member.
Mutual authentication between the tentative group member and the current group member occurs. Both the tentative group member and the current group member trust GMC certificate chains that chain up to the group owner's GRC. This trust is in the context of the peer group, for peer group activities. The tentative group member passes the leaf GMC (with the same identity as that in the IDC) it received in the invitation to the current group member. The current group member verifies that the GMC of the tentative group member has a valid chain of certificates up to the GRC for the group. The current group member passes its leaf GMC to the tentative group member. The tentative group member verifies that the GMC of the current group member has a valid chain of certificates up to the GRC for the group.
After mutual authentication, the tentative group member is now a new group member that has a single neighbor, the graph node that accepted the connection and with which the authentication occurred. The new group member gets the current set of records for the group from the current group member.
Over time, the new group member uses graphing to establish multiple neighbor connections and optimize the shape of the underlying group graph for flooding.
Replicated Store
The replicated store is the set of records associated with a graph that are securely published and synchronized between all the members of the group. The replicated store represents the view of the group data, which should be the same for all group members. Graphing ensures that records are propagated to all nodes. Grouping prevents unauthorized records from being propagated throughout the graph. Record replication between group members uses SSL to provide encryption and data integrity for record data.
When a new group member joins the group, they automatically receive all the group records from the current group member to which they attach. After the initial synchronization, group members periodically resynchronize their replicated stores to ensure that all group members consistently have the same view.
After joining the group, applications can register new record types and begin publishing them using the security of the group. When an application publishes a new record, the security mechanisms for the group are applied to the record and it is published securely. New records published by applications are automatically flooded to all group members.
Applications can also register interest in receiving all the records of a specific record type. When the record is received, the application is notified and the record data is passed to the application. For example, a group chat application can register interest in receiving all chat records types so that it can monitor the chat activity within the group and notify the user appropriately.
Searching
Searching is the mechanism for locating data within the group. There are two different search models:
A local search searches the replicated store, the set of local records for the group. In a local search, a group member does not send search queries to other group members.
A distributed search sends queries to group members. Windows Peer-to-Peer Networking does not yet support distributed searches, however the architecture of Windows Peer-to-Peer Networking does allow you to develop distributed searching components and capabilities.
For Windows Peer-to-Peer Networking, the local search includes the use of the common logical operators AND and OR, and the use of "not equal". Because all group records have a common set of fields, you can perform keyword searches on these fields. Group records can also have a set of attributes, which are extensible metadata that describe the record. As long as the schema for the included attributes is followed, you can also search on the information in the record attributes.
Summary
Windows Peer-to-Peer Networking is a new platform supported by Windows XP SP2 that allows better utilization of PC computing resources and the creation of a new wave of peer applications for RTC, collaboration, content distribution, distributed processing, and improved Internet technologies. Windows Peer-to-Peer Networking uses IPv6, which restores the end-to-end computing model. With Teredo, IPv6 nodes can even communicate across one or more IPv4 NATs. For a serverless name resolution and peer discovery mechanism, Windows Peer-to-Peer Networking uses PNRP. To associate peer members together to securely share data, Windows Peer-to-Peer Networking uses graphing (for an efficient flooding topology) and grouping (for authentication and secure communication). Group members maintain a replicated store containing all the shared data of the group and can search the store using keywords, attributes, and common logical operators.