mod_auth_ticket - Bringing Single-Sign-On to lighttpdTaisuke Yamada
Explains mod_auth_ticket, a newly developed module for lighttpd to make any website SSO-enabled. Also discusses development experience for lighttpd and some strength evaluation of crypto used by this module.
This document discusses using HyperLogLog (HLL) to estimate cardinality for count(distinct) queries in PostgreSQL.
HLL is an algorithm that uses constant memory to estimate the number of unique elements in a large set. It works by mapping elements to registers in a bitmap and tracking the number of leading zeros in each hash value. The harmonic mean of these counts is used to estimate cardinality.
PG-Strom implements HLL in PostgreSQL to enable fast count(distinct) queries on GPUs. On a table with 60 million rows and 87GB in size, HLL estimated the distinct count within 0.3% accuracy in just 9 seconds, over 40x faster than the regular count(distinct).
PG-Strom is an extension of PostgreSQL that utilizes GPUs and NVMe SSDs to enable terabyte-scale data processing and in-database analytics. It features SSD-to-GPU Direct SQL, which loads data directly from NVMe SSDs to GPUs using RDMA, bypassing CPU and RAM. This improves query performance by reducing I/O traffic over the PCIe bus. PG-Strom also uses Apache Arrow columnar storage format to further boost performance by transferring only referenced columns and enabling vector processing on GPUs. Benchmark results show PG-Strom can process over a billion rows per second on a simple 1U server configuration with an NVIDIA GPU and multiple NVMe SSDs.
This document provides an introduction to HeteroDB, Inc. and its chief architect, KaiGai Kohei. It discusses PG-Strom, an open source PostgreSQL extension developed by HeteroDB for high performance data processing using heterogeneous architectures like GPUs. PG-Strom uses techniques like SSD-to-GPU direct data transfer and a columnar data store to accelerate analytics and reporting workloads on terabyte-scale log data using GPUs and NVMe SSDs. Benchmark results show PG-Strom can process terabyte workloads at throughput nearing the hardware limit of the storage and network infrastructure.
3. RP→OPアソシエーション要求
OP Endpoint URLに対して、以下の要求を行う
OP Endpoint URL は、ユーザからの入力、もしくはディスカバリの実行により
取得する事ができる。
要求パラメータ(必須)
openid.ns = "http://specs.openid.net/auth/2.0"
openid.mode = "associate"
openid.assoc_type = ("HMAC-SHA1"|"HMAC-SHA256")
openid.session_type=("DH-SHA1"|"DH-SHA256"|"no-encryption")
Diffie-Hellman要求パラメータ
openid.dh_modules=base64(btwoc(p)) 公開鍵
openid.dh_gen=base64(btwoc(g))
openid.dh_consumer_public=base64(btwoc(g^xa mod p))
DH鍵共有方式については、RFC2631参照
http://www.ipa.go.jp/security/rfc/RFC2631JA.html
4. Diffie-Hellman 鍵共有法(DH 法)
Diffie と Hellman は、「共有された秘密(shared secret)」が盗聴者によって入手で
きない方法で、2者が秘密を共有するための方法を記述している。この秘密は、他の
(共通鍵)アルゴリズムのための暗号技術的な鍵とする材料に変換することができる。
Shared secret (ZZ) の生成
ZZ = g ^ (xb * xa) mod p
ZZ = (yb ^ xa) mod p = (ya ^ xb) mod p
ya は、主体 a の公開鍵; ya = g ^ xa mod p
yb は、主体 b の公開鍵; yb = g ^ xb mod p
xa は、主体 a の私有鍵
xb は、主体 b の私有鍵
pとqは、大きな素数
g = h^{(p-1)/q} mod p
hは、h{(p-1)/q} mod p > 1を満たす、1 < h < p-1内の任意の整数。
(gは、位数 q mod pをもつ。すなわち、g^q mod p = 1 if g != 1)
ZZを元に、MAC鍵(共有の秘密鍵)を生成する事ができる。