Qonduit - secure web socket proxy for Accumulo

[Dave Marion <dl...@comcast.net>]

I extracted the Netty web socket pipeline from Timely into it's own server process, and modified it to support custom and pluggable server side logic, and request / response objects. The readme has a little more information, to include how it's different than the current proxy, it's located at https://github.com/NationalSecurityAgency/timely/tree/qonduit.


For now the code is located in an orphan branch in the Timely GitHub project. Someone suggested it might make sense as an Accumulo sub-project - let me know if there is interest in that.


- Dave

Re: Qonduit - secure web socket proxy for Accumulo

[Dave Marion <dm...@gmail.com>]

Qonduit is now located at https://github.com/NationalSecurityAgency/qonduit.

On Wed, Feb 22, 2017 at 2:16 PM, Josh Elser <jo...@gmail.com> wrote:

> Thanks, Dave!
>
>
> Dave Marion wrote:
>
>> There is a WebSocketClientIT test in the test module to test access using
>> the Java client. I have implemented operations that get the Qonduit server
>> version and an operation to run an Accumulo Scanner. Both of these
>> implementation are in the operations modules. An example of creating/using
>> a web socket from a web page exists in the Timely codebase[1]. For doing
>> this with Qonduit, the request and response objects need to be
>> encoded/decoded with a CBOR library (for which there are several).
>>
>> Regarding security, authentication is performed on the server side using
>> whatever pluggable modules are configured (basic auth, x509, etc). The
>> transport is encrypted from the browser to the Qonduit server using SSL
>> (HTTPS / WSS).
>>
>> [1] https://github.com/NationalSecurityAgency/timely/blob/
>> master/server/src/main/resources/webapp/index.html
>>
>> On February 22, 2017 at 1:55 PM Josh Elser<jo...@gmail.com>  wrote:
>>>
>>>
>>> Neat. Thanks for sharing!
>>>
>>> Any examples to show how a client would use it?
>>>
>>> Regarding the security, does it encompass authentication and privacy
>>> (encryption)? Any experience with certain implementations for the Spring
>>> security modules (e.g. which ones you've tested to work)?
>>>
>>> Dave Marion wrote:
>>>
>>>> I extracted the Netty web socket pipeline from Timely into it's own
>>>> server process, and modified it to support custom and pluggable server side
>>>> logic, and request / response objects. The readme has a little more
>>>> information, to include how it's different than the current proxy, it's
>>>> located at https://github.com/NationalSecurityAgency/timely/tree/
>>>> qonduit.
>>>>
>>>>
>>>> For now the code is located in an orphan branch in the Timely GitHub
>>>> project. Someone suggested it might make sense as an Accumulo sub-project -
>>>> let me know if there is interest in that.
>>>>
>>>>
>>>> - Dave
>>>>
>>>>

Re: Qonduit - secure web socket proxy for Accumulo

[Josh Elser <jo...@gmail.com>]

Thanks, Dave!

Dave Marion wrote:
> There is a WebSocketClientIT test in the test module to test access using the Java client. I have implemented operations that get the Qonduit server version and an operation to run an Accumulo Scanner. Both of these implementation are in the operations modules. An example of creating/using a web socket from a web page exists in the Timely codebase[1]. For doing this with Qonduit, the request and response objects need to be encoded/decoded with a CBOR library (for which there are several).
>
> Regarding security, authentication is performed on the server side using whatever pluggable modules are configured (basic auth, x509, etc). The transport is encrypted from the browser to the Qonduit server using SSL (HTTPS / WSS).
>
> [1] https://github.com/NationalSecurityAgency/timely/blob/master/server/src/main/resources/webapp/index.html
>
>> On February 22, 2017 at 1:55 PM Josh Elser<jo...@gmail.com>  wrote:
>>
>>
>> Neat. Thanks for sharing!
>>
>> Any examples to show how a client would use it?
>>
>> Regarding the security, does it encompass authentication and privacy
>> (encryption)? Any experience with certain implementations for the Spring
>> security modules (e.g. which ones you've tested to work)?
>>
>> Dave Marion wrote:
>>> I extracted the Netty web socket pipeline from Timely into it's own server process, and modified it to support custom and pluggable server side logic, and request / response objects. The readme has a little more information, to include how it's different than the current proxy, it's located at https://github.com/NationalSecurityAgency/timely/tree/qonduit.
>>>
>>>
>>> For now the code is located in an orphan branch in the Timely GitHub project. Someone suggested it might make sense as an Accumulo sub-project - let me know if there is interest in that.
>>>
>>>
>>> - Dave
>>>

Re: Qonduit - secure web socket proxy for Accumulo

[Josh Elser <jo...@gmail.com>]

Thanks, Dave!

Dave Marion wrote:
> There is a WebSocketClientIT test in the test module to test access using the Java client. I have implemented operations that get the Qonduit server version and an operation to run an Accumulo Scanner. Both of these implementation are in the operations modules. An example of creating/using a web socket from a web page exists in the Timely codebase[1]. For doing this with Qonduit, the request and response objects need to be encoded/decoded with a CBOR library (for which there are several).
>
> Regarding security, authentication is performed on the server side using whatever pluggable modules are configured (basic auth, x509, etc). The transport is encrypted from the browser to the Qonduit server using SSL (HTTPS / WSS).
>
> [1] https://github.com/NationalSecurityAgency/timely/blob/master/server/src/main/resources/webapp/index.html
>
>> On February 22, 2017 at 1:55 PM Josh Elser<jo...@gmail.com>  wrote:
>>
>>
>> Neat. Thanks for sharing!
>>
>> Any examples to show how a client would use it?
>>
>> Regarding the security, does it encompass authentication and privacy
>> (encryption)? Any experience with certain implementations for the Spring
>> security modules (e.g. which ones you've tested to work)?
>>
>> Dave Marion wrote:
>>> I extracted the Netty web socket pipeline from Timely into it's own server process, and modified it to support custom and pluggable server side logic, and request / response objects. The readme has a little more information, to include how it's different than the current proxy, it's located at https://github.com/NationalSecurityAgency/timely/tree/qonduit.
>>>
>>>
>>> For now the code is located in an orphan branch in the Timely GitHub project. Someone suggested it might make sense as an Accumulo sub-project - let me know if there is interest in that.
>>>
>>>
>>> - Dave
>>>

Re: Qonduit - secure web socket proxy for Accumulo

[Dave Marion <dl...@comcast.net>]

There is a WebSocketClientIT test in the test module to test access using the Java client. I have implemented operations that get the Qonduit server version and an operation to run an Accumulo Scanner. Both of these implementation are in the operations modules. An example of creating/using a web socket from a web page exists in the Timely codebase[1]. For doing this with Qonduit, the request and response objects need to be encoded/decoded with a CBOR library (for which there are several).

Regarding security, authentication is performed on the server side using whatever pluggable modules are configured (basic auth, x509, etc). The transport is encrypted from the browser to the Qonduit server using SSL (HTTPS / WSS).

[1] https://github.com/NationalSecurityAgency/timely/blob/master/server/src/main/resources/webapp/index.html

> On February 22, 2017 at 1:55 PM Josh Elser <jo...@gmail.com> wrote:
> 
> 
> Neat. Thanks for sharing!
> 
> Any examples to show how a client would use it?
> 
> Regarding the security, does it encompass authentication and privacy 
> (encryption)? Any experience with certain implementations for the Spring 
> security modules (e.g. which ones you've tested to work)?
> 
> Dave Marion wrote:
> > I extracted the Netty web socket pipeline from Timely into it's own server process, and modified it to support custom and pluggable server side logic, and request / response objects. The readme has a little more information, to include how it's different than the current proxy, it's located at https://github.com/NationalSecurityAgency/timely/tree/qonduit.
> >
> >
> > For now the code is located in an orphan branch in the Timely GitHub project. Someone suggested it might make sense as an Accumulo sub-project - let me know if there is interest in that.
> >
> >
> > - Dave
> >

Re: Qonduit - secure web socket proxy for Accumulo

[Dave Marion <dl...@comcast.net>]

There is a WebSocketClientIT test in the test module to test access using the Java client. I have implemented operations that get the Qonduit server version and an operation to run an Accumulo Scanner. Both of these implementation are in the operations modules. An example of creating/using a web socket from a web page exists in the Timely codebase[1]. For doing this with Qonduit, the request and response objects need to be encoded/decoded with a CBOR library (for which there are several).

Regarding security, authentication is performed on the server side using whatever pluggable modules are configured (basic auth, x509, etc). The transport is encrypted from the browser to the Qonduit server using SSL (HTTPS / WSS).

[1] https://github.com/NationalSecurityAgency/timely/blob/master/server/src/main/resources/webapp/index.html

> On February 22, 2017 at 1:55 PM Josh Elser <jo...@gmail.com> wrote:
> 
> 
> Neat. Thanks for sharing!
> 
> Any examples to show how a client would use it?
> 
> Regarding the security, does it encompass authentication and privacy 
> (encryption)? Any experience with certain implementations for the Spring 
> security modules (e.g. which ones you've tested to work)?
> 
> Dave Marion wrote:
> > I extracted the Netty web socket pipeline from Timely into it's own server process, and modified it to support custom and pluggable server side logic, and request / response objects. The readme has a little more information, to include how it's different than the current proxy, it's located at https://github.com/NationalSecurityAgency/timely/tree/qonduit.
> >
> >
> > For now the code is located in an orphan branch in the Timely GitHub project. Someone suggested it might make sense as an Accumulo sub-project - let me know if there is interest in that.
> >
> >
> > - Dave
> >

Re: Qonduit - secure web socket proxy for Accumulo

[Josh Elser <jo...@gmail.com>]

Neat. Thanks for sharing!

Any examples to show how a client would use it?

Regarding the security, does it encompass authentication and privacy 
(encryption)? Any experience with certain implementations for the Spring 
security modules (e.g. which ones you've tested to work)?

Dave Marion wrote:
> I extracted the Netty web socket pipeline from Timely into it's own server process, and modified it to support custom and pluggable server side logic, and request / response objects. The readme has a little more information, to include how it's different than the current proxy, it's located at https://github.com/NationalSecurityAgency/timely/tree/qonduit.
>
>
> For now the code is located in an orphan branch in the Timely GitHub project. Someone suggested it might make sense as an Accumulo sub-project - let me know if there is interest in that.
>
>
> - Dave
>

Re: Qonduit - secure web socket proxy for Accumulo

[Josh Elser <jo...@gmail.com>]

Neat. Thanks for sharing!

Any examples to show how a client would use it?

Regarding the security, does it encompass authentication and privacy 
(encryption)? Any experience with certain implementations for the Spring 
security modules (e.g. which ones you've tested to work)?

Dave Marion wrote:
> I extracted the Netty web socket pipeline from Timely into it's own server process, and modified it to support custom and pluggable server side logic, and request / response objects. The readme has a little more information, to include how it's different than the current proxy, it's located at https://github.com/NationalSecurityAgency/timely/tree/qonduit.
>
>
> For now the code is located in an orphan branch in the Timely GitHub project. Someone suggested it might make sense as an Accumulo sub-project - let me know if there is interest in that.
>
>
> - Dave
>