Sei sulla pagina 1di 122

!

"

# $
1
%

% & ' &% (

) $ *
!
" #$% & ' # ()
* "
++ " '" , - ) .
"/ 0 " 1
. "2 3
1 "4 , 5
3 2 " " 6
7 $ 0 " + +
8
. 9 0 " 0 ,: +
. ! .
. ; + ,9 : 3
1 : " 7 9 5
& ' &% %+ +% &%
:" < $
= " 8 + $ 8 "
= " 8 + " >,? 0
. 0 ! ? " "
. ( " .
. & .
. ( 1
. = 0 5

2
. . ( $ @ 6
. 1 " $
. 3 " $ ( " .
. $ , .
. " " .
. ..
. ! 0 .1

) $ , % &% ,& ' &% - # .


& 0 .
*0 @: " 1
1
= 1
; A 1
:" 1
( + 1
, & > + 1
" + 13
& @ 15
. 1
1 + A 3
. : " 35
. B0 0 'B ) 35
. ( C + 5
. 5.
.. + 53
.1 ! 5
.1 + 6
.1 + 6

3
.1 6
.1. 6
.3 + A 6
.5 4 65
.6 " $ ! 66
1 "
1 +
1
1 "" @/ .

. & ' &% &%. &% & * // . 1


. :7 ( " 1
. :8 " + $ , 5
. 0 ""

&% &%
+ & 0> " .
+ & $0 7 0 0 !! 5
$ $ &+ .
%+ ' # % 1

4
% & ' &%

+ D + 0 @
: " "
"E " ! 0
" $ ? A ++
! " $ + " !! " "E
" " " +
" A " " @
? $F $ G +
! + ! " !
0 !! @ 0 H I
+ 00 0 $
" 8 " J" J " " $ " @
" G " 8 ! !
! + "
: " $
" $+ + ! @

= ! 0 " "
" K " D" " @
0+ " A + " 8 $ "
" ! " F" J C
! " ' " H I)

5
( 0 " 8 + "
0 " A !
0 9 + " 8 F 0 "
@ +

/ !

( 8 + !! " !!
" !! A " + +
0 A " + $ 0 $
" "

!! L ( 8 0,
" :! L +, " 8
" 5 . M ! + " C
'! G= = ") + " 8 L A
" + @ 0 ! " 0+
@ " + " " !
! G " ? @ "
" " 8

6
( A " $ + + ? G
@ + 0 0+
0 " "
:0 ++ "" " A
" @ " @

( @ G
o @ $ G 0
!! 0+ N
o G@ " 8
0 + $

( @ G
o " + G !
! N
o "" G "" 0 +
"
o + G+ " + +
" C @

!! + 0 !!
O 0 "" ? @ +
+ "" 0
! " " " $ 0 ""
$ 0 " 0
+
" A D " + "
" 8 $ : 0

7
+ 0 "" ?
$ C + ? 0 " + +?
"" 0 0 " @ $
0 $ C? " @ '
0 @ ) " "
A " < $
L >( , ( $ P # J 0
0 " " $$ 8 $
0 0 0 "
+ "

= + A . 0 " G
& " " 7 $ 0
+ 0 "" "" 0 0
L + "
" $$ 0 0 0 +
" $$ " ;
& " " " $ +
+ " "E "" 0

& " : A " !


0 "" " + G 7 $
, " "
' ! " ) !!
& " . 0 !!
" $ $

8
/ & & " ) $ *

+ " ! "
" " + " 0 "" "
0 $ + 0
0 0 " " " 9 "E "
0 @ 0 0 + $ ++
+ D 0 @ @
A " 0 "
! !! " " " " /@" A 0
+ 0 "" 0 + " " @ +
"" L " + D / "
"" : + '/ :) " E! A
D A ! " "
0 ! 0 ""
" " $ A !!
+ 0 "" 0 + 0
@ + G 7 $ 0 @$ 0 7 $ 0 DA
" 0 "" $ $ A ""
+ 0 " " !
" " ! " 0 + ++

12
1 . % ' &%

9 7 $ 0 0 8 $D " !8 0 +
0 9 A " 0 +

9
A 0+ ! " J 0 P " !
+ "
" + $ " B 0 ; : ';
:0 ) &#;4 '& #$% ; A 4 C "" )
" 7 $ 0 " K A
$ " F" G
$ /> $ C " + + '- )G >
+ " " 0
" ! N
, " G 0 8 $ D +
7 $ 0 N @ ! " J "
" " ! 0 N
?+ G + #$% ? B0 " +
" " 0 0 + 9 + " JD
"" " '! ?+ )" 0
" 0 + " 0
+ + ' ?+ ) :7 $ 0 0 " $
N
G ! @ "
" 0 " @ " :
A " J 0 0 +
! @ 0
N
"" ; ( & ';(& )G 7 $ 0
" 0 " ! ++
" $ > "
" + " " " 0 8 $ 0
"" N

10
"" $ G ++ 0 ++ @
- D + "" :7 $
0 "" $ "

( 0 8 $
+
" " " + G
" #$% ( ' # ()G" 0 !
" @ 0 - N
7 $ 0 " + + '7 )GD + -
0 @ ! 0 8 $G "
" " @ 0 0 "
N
9 0 " 0 , : + '9 :)G
" + " J " " $$
" + 0

" + A " 0 O + ?
+ 0 + $
!! "" !
+ " A 0

12
3 #/ &$4 / & & &

# (D " "" 0 +
"" $ $ ! :"
! $ " " , D
" + ++ - :"

11
" D" ! G " J A A +
" ! " 0 + ""
" $ " K 0 " D" $ !
" " # (
/ @ $$ 0 ;(& $
$ 0 !! "
"E " "E !! + "" &#;4 ; :
" " ! "" $
++ @!! $ ! @ 0 ! 8
P " # ( "
" $ ! 0 " !
: + 0 "
++ " !! " @ "
" " - ! " $ G
" 0 8 $

12321 *

& # (D " "E! $ G


! " " " A "
@ + " "" 0 " J
! 0 "" !! " "
" ,

12
(

# ( D " 0 " /
! ! -
"" GA " @ 0
! 0
:! 0 " , "
" ! "
0 " -
" " ,
@ 0 " 0 0 $$
"

# ( + 0 @ 0
P D "
" ! / ! D " "" 0 +
+ 0 @ $ "

&

P # ( "" ++ "" " ++


0 D " "" 0 H I +
" J A A
0 "" : " " C
@ 8 +

13
= $+ &

# ( + ++ "" 0
! " ! " " $ : " 0
++ " " D A "

D+ # (
P A " "
+ A +
" " D 0 (
00 A " $ " $$ 2LL( " "" " JD
++ 0 A + " # ( 0
! ++ "" J " ! 8
+ !+

12323 5 6 7# 8

9 ++ "' " J0 + )D
- " G 0 " ' $$ + )
' " ) $ ,' $$ + )
/ 0 @ " " +
$ ! " " " !
@"" " " " ++ L +

1
La maggior parte delle grammatiche XML utilizzate ha uno schema xml (il quale definisce gli elementi, gli
attributi degli elementi, i loro tipi e valori validi). Un namespace è un alias da utilizzare per riferirsi allo schema
xml.

14
$ " @ ! # (?/ * D
" "G > " + " 0 "
! " D " ""

SOAP Envelope (obbligatorio)


SOAP Header (opzionale)

SOAP Body (obbligatorio)

12329

@ 0 " D @ "? 0 ++ " ( J


" $ " " 0 " @ 0 " D
++ @ Q/ 0 " R
/ " G

<SOAP-ENV:Envelope>
<SOAP-ENV:Header>
….. (opzionale)
< /SOAP-ENV:Header>
< SOAP-ENV:Body>
…….(obbligatorio)
</ SOAP-ENV:Body>
</ SOAP-ENV:Envelope>

15
- @ 0 " D + G

<xs:element name=”Envelope” type=”tns:Envelope” />


<xs:complexType name=”Envelope”>
<xs:sequence>
<xs:element ref=”tns:Header” minOccurs=”0” />
<xs:element ref=”tns:Body” minOccurs=”1” />
<xs:any namespace=”##other” minOccurs=”0” maxOccurs=”unbounded”
processContents=”lax” />
</xs:sequence>

" ++ +
"
9 "" # ( 0 ++ "
0 0 $$ @ ++ : ++
" @ Q R 0 " !
! " J @ $ + ,
" J ! "
"G > " + " +

1232921 ,

@2 ++ " D + ! $ "
++ + +
0 " + ++ /@ " !
# (?/ *G2 D $$ + 0 +
@ 0 " ( J !+ 0 +

16
0 " = ?
" $ G 9 :" " J
" 0 $$ " $
@ + $ 0 + 9 ! ;
: ! N @ , 0 "
$$ + @"" " @
" !

1232923 $ 6

: " ++ " ! 0
0 : " D " ! @ Q4 ,R
;(& " ;(& ""
" + : " J " ++ " J A
" ! & " @ Q2 R !+ @
Q4 ,R $ , 0
" G " $ + ,
!! @0 @ + " ! @ Q/ 0 " R
( " D @ Q R " +
+ "" # ( ( J Q R
@ ++ / ! A ? GQ! R
Q! +R Q! R Q RG
• Q! RG D @ $$ + /@ " !
! + " ! # ( ! 0 +
0 A 0 ! " J
! " " "E " !
* Q! R+ G

2
Un uri è un costrutto puramente sintattico che specifica le diverse parti della stringa che indica una risorsa web

17
* G ! " + 0 "
0 " @ 0 " N
9 G !+ " 0 @
$ 9 " D " N
& G ++ !
"" 0 ! "" " N
. 0 G ++ " J " "
+ $ $ ++
" ! $ N
• Q RG" ! A "
D0 ! @ N
• Q +RG " J " ! " +
@ N
• Q RGD " ! "" " +

1232: ,

& D " !! " ! "


D " $ " 0 :
" "E " 0 $$ !! 0
" A G
! $ N
0 " L&( :(

+ ! $ ?$ K 0 " E !!
" 0 " A " +
"" " " " ! @""

18
? @!! " ! ! 8 A
"
" @
0 : ! + + 0 0
@ @ $ " $$ ! 8 !
" ++ " 0 G " +
" K ! $ " " K " L&( :( 0
A 0 "
@ " A 0 0 ++ G" !
! @ !! + + " K
$ A $ L&( :( " !
A L&( :( "
" 6 : + " D!
" , - D " : + A
" ++ $ " ! @ 0 0 !! " +
! 8 + " 0
" ++ !! P
++ "" " 0 ! 8 " $
: A " " J0 !+ D
" ++ "
: ++ ' " ;(&)
0 ( 9 " # (
0 $$ A '
0 )
9 " # ( D " " ++
# ( = " " !
0 ! " 0 " 0
" " H: 0 / I' "1 ) A 0
++ " Q R @

19
POST /rpcrouter http/1.1
Host: 10.50.5.20
Content-type: text/xml; charset=”utf-8”
Content_Length: 559
SOAPAction: http://www.auth.com/authServer#authClient

<SOAP-ENV:Envelope>
<SOAP-ENV:Header>
…..........
< /SOAP-ENV:Header>
< SOAP-ENV:Body>
…….....
</ SOAP-ENV:Body>
</ SOAP-ENV:Envelope>

12
9 ) $ * / &% %+ +

7 D " ! ! 0 0 8 $
> / " 0 ." G

! 0 ! '" $$ ) " $ N
! " " " N
! 0 + " " N
. ! 0

L J 0 ! 0 7 D D" A
D " + ++ " !
9 8 " J 0 8 $ 0
A ! " $

20
12921 )

( '!+ ) "
7 0 +
" $ G

<definitions>

<types>
[schema xml che definisce i tipi di dato
</types>

<message>
[descrizione del messaggio]
</message>

<portType>

<operation>
[riferimenti ai messaggi di input e output]
</operation>

</portType>

<binding>
[descrizione del protocollo per l’invocazione del
servizio]
</binding>

<service>
<port>
[definisce dove si trova il servizio]
</port>
</service>

21
Q ! RG 0 @ 7
! 8 $ 0 "
+ N
Q " RG " D A @ S G
" " + "
" " " "
! ! D $$ + N
Q ," RG 0 " 0
7 D + 0 " ! "
! 7 7 7 $& '7 &)
! ' @- ! - )
" "" " " 0 "
" @ ," D N
. Q + RG ! ? 0 "
! Q ," R ? $ 8 $ 0 &
" E Q" R ? ! +
! " ++ " N
1 Q" L," RG ++ "" "
+ 8 $ 0 " J + & D+ "
" 0 ? Q " R P
! @" ++
" A " L ++ ""
" " ! 7 ! + "
" " 0 G
A ? " G @" " J + " A ?
" A !! "
" N

3
È un linguaggio per definire le strutture e le restrizioni per nuovi elementi ed attributi.

22
? " G D 8 $ 0 "
N
?8 ,G 0 0 " N
! G 8 $ 0 !! ! N A
" N
3 Q$ +RG" ! "
++ " ? " ! "" "
8 $ 0 ' A " $ G # ( 2LL( : /)N
5 Q 0 RG "" ! 7
! 8 $ 0 D $$ +

12
: % * / &% &* - % + &%

9 :D @ 0 " +
0 ( 0 7 $ 0 0
0 A 7 $ + " 0 "" !8
9 :D + 9 : 0
$ @ :4 ! $ 9 ,
" A DA 0 "" H! 8 C
" " " ! " 0 0 0
+ 0 $ : I +
9 :D A " " A $
+ " ! 7 7 7 $& ' -
2LL() D + H" " " I
9 : " A "E
" $ ! +
" + 0 $ # ( 7

23
C + 0 A G

"# $ % &

@$ 0 ! 9 :D A + "
0 0 ! +
0 " E" $ 7 $

12:21 .

:! 9 : " J A " ++ G
!8 + " +
" + " " + !! "
0 ' A 7 $ 0 )N
+ 0 " " +
0 " " + ! ! " 0
" + N

24
+ + 0 0 " + " 0 "
+ + N
. "" + + "
" 0 + N
1 ! A ! " !
@ + 7 $

P " D !+ 1

' ( )**+

: " " ! 8 C9 : "


+ " G
G ! " ! 0
8 $ $ " J " 7
" + + 7 $ 0
+ 0 ' + T U
" ) ! 0 P
+ !
7 N
0 G ! 8 C 9 : "" " $$
@ 0 + 0 8 $N

25
+ G@ + 0 8 $ @ " "
"" 00 @ P
! 0 '" 0
" ) 0 !

! ! 0 9 :" +
+ "" G
(+ $ & + ! 0
! K
+ 0 7 $ P ! 0 + " $$
+ ! " " 0 N
(+ + 0 + 0
" 0 " 0 7 $" 0
0 N
(+ 0 ;" ! " " 7 $
0 ! " @ +
0 ! ! + 9 !
; ! + +
!

12:23 6

: + ,9 : + 9 : @ "
"" ( + : ! ' (:) ! P
" @" (: B 0 "
$ 8 ! B0 "
- ! " " !

26
" D + D @ ++ # (
" "
@ 9 : "" $
: A + D ++ +
! + 0 "
+ $
!! " $ 0 " 0 + 9 :
+ " ! V ! 0
0 " ' " @ " + 0
8 $ + 0 ) " " 0 "
0 + A 0 " ! 0

12( ;) ;

L " A + D 0
@ & " J0 < D $$ " G
"" ' ) 0 !! " $$
@ "" A " : !!
+ 9 : C ,8 + ""
@ ! 0 9 0 0
! 7 !
0 8 $ :! ++ # ( !!
@ " 0

27
Applicazione Servizio
SOAP
3. Invoca il servizio (SOAP) Applicazione
Client

2. Ricerca un servizio

1. Pubblica il servizio (WSDL)


UDDI
registry

28
/ & & 3= & ' &% %+ +% &%

" 0 A 0 " $ !
+ + " " + "
" 0 @ $ 0 0
" " $ 0 " " A +
G $$ " $ "
"" " $
" " @ " C
' " ! 0 ) 0 @ "
" @
" " P " $ A
" 0 00
! " ! " + G+ 0 "
" $ 8 D " @ +
'%0 " "" ) D" $ " +? D"
@ C L " 0
" $ G " ! $ 8 ""
! 0 0 "
"" " @ +

321 / & & & &> $ &

< $ D " " @


: ! L +, +?
"" 0 + ! 0 + < $ D
++ A ' !

29
+ 0 1 " ) ! D $
" 0 " ! " " $
A "" $ 0
+ +

" < $ ! G 0 < $


0 !! 0 0
: < $ " "
N
< $ + $ " 0 " 8
" D ! " " !
' L C = +L C L=L) 0
0 + /!! A "
$+ 0 + ++ "" " " .

! " 8 N
A 0 " " !
" 8 " L=L 0 + N
. 0 0 !! 0 G
!! C $ "
@ " ! 0 " L=L
0 " ! 0 N
1 < $ 0 ! @ L=L " " ! "
@ N
3 A ! < $ + L C = + 0 ' L=
! 0 0 ) 0 0
! 0 0 "
N

4
Un nonce è un numero intero utilizzato per rendere il biglietto utilizzabile una sola volta

30
5 0 0 ! 0
! 0 0 +
< $ N
6 A " 0 0 N
" J ! 0 " 0

:" ! A " G
" 8 0 N
: 0 0 0 " +
A " N
0 ! H I
! @ $$ " N
" $ " $$ K L=L K
L=

P " 0 "
0 " < $ G " DA 0
" 0 " $
K !! !

32
3 + &% / )& ? +
$ &) /

0 + " 8 " W
: $ 8
0 " " $ G 0 ! W 0 0
" 8 " A @
0 " $ + @ 0 0 " "

31
0 " " W !8 D+ "
W DA N " 0
D 0 + "
" 0

Internet

Server Web

Client Server Web

+ 5O + + 0 $ 8

32
9 + &% / )& ? + %
/ &7-" * %

:0 + " 8 $ 8
! " J + 0 : 9 " >,? 0 " J
0 0 GD A + " 8 "
" + 9 0 " 8 0
" >,? 0 :" $ ' !+ 6)D A
" >,? 0 $ 8 G
" $$ ! "" $ !

32
Client
Internet

Server Proxy
Finto proxy

Web Server
Web Server

32
: * ' % . ' &% &%" % &%
/ & & & /

W $ " A " D G
! 0 ?" 0 ! 0
! ( 0 0 ?" 0

33
W ! 0 ! ! 0
! P W ! 0 ?" 0
W W : A " "
" " G ! ( " " +
$ , @ ! ( " " 0
! 0 $ , " 0
! A ! " J "E
0 " 0 P " @!! " "
" ! 0 + !
@ 0 " A " + "

32:21 2% /

( " @ 0
" $ "
" ! @ " + $
L " + + ?
( " " D "E
" A 0 D" "
! " $ " $

32:2121

" ( " G 8 $
$ 8 ' D" 0 0 +

34
( " ) ' 8 $ 0 !! 0 ) ( "
+ 0

Client Merchant

Passport Login Server

+ O ( "

: + 0 ! " ! +
@ A ! A +
@ ( " 0 !
" ! ' " + ) " !+
' " ) : " D" + "
" ! A ! + 0

32:2123 /

@ ( " A A 0
: !! $ 8
+ 0 N " @ " + + "
C , @ !! +

35
! 0 !! 0 +
! A , + P
! D ! 0 L " 1 "
$ ( " P @ C !
$ 8 :" D !+

5. Redirect con info di


autenticazione
6.Info di autenticazione

4. Login e
password 1.Richiede pagina

7.Inserisce
3. Richiede cookie
credenziali
2. Redirect automatico

Merchant
Passport Server Server

+ O :" ( "

5
Un algoritmo di cifratura su cui si tornerà nel prossimo capitolo

36
@ D A A 0
C ! 0 ! @ + + 0
C ! G 0
0 !! @ 0 !
0

32:2129 + @

:" 0 ( " 0 0 "


L " + 0 " !
! ( " ++
P 0 0 +
+ H !$ I 0 "
+ 0N D
" ! A 0 + $ G 0 $$
! ! "E " ? " J "
" ? $$ A "
3

( " ! ! C
@ G @ D " " C
L "" 0 GD !! !
0 0 + " " +
( " 9 + $$ A C ,
" + 0 " + G ! @ @
" > " + 0 : @"
" 0 + $$

6
Si veda [21]

37
32:212: / ! ?

$$ + 0 " ! C
@ $$ + " @
0 " " L ! ! "
< $ " + + ? < $ ' + )
C ! " $ @
" 0
$$ + ( "
! G " ""
: < $ 0 " ! 0
" 0
0 : ( " " " C $ @
! 0 0 G @"" " C "
" " $$ @ " A "
! " $ : $ 8 @
0 A " $ " " C
G @ ( " " $$ '
!D) !! + ! + $
" $ +

32:212( @ !

* " " $$ "


@ ! " !+ 0
"

38
"" 0 "" 8 $ ' "
888 0 )" 0 $ " ( "
"" $$
8 $' " 888 " "" $$ !!
A A 0 $ ) + '
+ ! ) ( " 9 " + ( " 0
" $ + 888 0 GA !!
888 " "" @ + !! @9; :
A " " " !!
A G @ $ "
U: " $ ! D + !
8 $ 0 ( " A ! G "
" A ! $ A !
* @ " + '!+ )
A "" "
@ G A @ C 0 0
8 C $ 8 0 L
D" $ 0G + 0 " 0 !!
+ " 0 9
A " @ C + A 0
& " @ $ ! @
" $$ + !! @9; ! @$
@ C ! "
P @ " D $$ " G
$ 8 0 !! 888 " "
' 00 @ ) @ C
" 0 @9; $ 8
0 0 0 "" 0 "" " +
888 " " P 0 + " >, $ 8

39
888 " " " 0
( " : A @ 0 ++ @ C
" J " ! C " J
$ " !

1. Richiede una pagina


Merchant
Browser Server

2.b Redirect al 2.a Redirect al


finto server Riscrittura server passport
URL

3. Https Get 5. Risposta modificata

Passport Server

4. Il finto server
agisce da proxy

# & & $

40
32:212< ! 2% /

( " D " " !& "


" 0 "" " " ! D 0 GD
" ++ 0 " @
" $ $ 8 0 : />"
+ " !D ++
" 0 + " 0 ,5
0 " " $ +
++ $ C ' " $ )
" @ D ! P 0
9 A , + "
! 0 D A 0
' + A , + D ! ) " '
$ " J 00 @ !
0 )
( " D L
" + " !
G 0 ! " + $$
$$ + 0 = !! ! 0 + 0 $$
" " " F
9 " $ A " DA
" 0 J " $$
" 0 + 0 + 0
"

7
Si veda [12] per maggiori informazioni

41
32:23 ! 6

$ , D " + $ "
0 "" " " ! +
0 $ @ " + "E 1
$ ' 0 + +0 0 !
0 " 0 ):" + 0 "" " ! " "
0
= $$ 0 A " $ " 0 ,
" 0 @ " " " ! + "
+ "" + " + " "
$ + 0 "" " 0 "
" $$ " 0 + .
/ @ ! " + ! +
N @
A " " " " ! +
0 0 ( 0 " +
" " ! : " A + ! + "
" + 8 $ +
0 " " ' + + )

+ $ 0$ G
" ++ 6 N
" " + " "
? N
! + + # N
. " @ ! 0 " 0

42
" 0 $ , D
" + " A 0 " KD " " +
@ 7 $ 0 " !
0 8 $

32:2321

= " 0 " ! $ , G
@ ? + ' $ 8 )"
! 0 N
: 0 ( 0 " 0 N
:! ': , ( 0 ) 0
( 0 0 0 ( 0
!!

' 0 ( 0 ) ! 7 $ 0 !
/ @ A " + !
" " ! 0
@ 29 / D !
+ "" 0 " 0 0
$ G@ " ,
" 0 ! " J ! +
" 0 ! 0 "

@ $ , " " $ G
7 $; G" 0 ( 0
: ,( 0 " " @ + N A

43
0 @ C " ++ !
A , +
7 $ 0 G !!
0 ( 0 : ,( 0 L 00 +
++ ! - ;(&
" # ( : ++ + " ! ,
C " + + ! # + ! 0 !
:! 6

D ! 8 C $ $ !
@ " 0 A
! $ ' ++ )9 $ -
! " A ? " 0 A
! H I ++
/ " G
++ D
" 0 A
G ++ 0 $$
+ @
$ G ++ D + $

" ! + ! 0 $$
@ 0
" "" !! " ++
@ 0 ! " $ "
$ !

8
OASIS è un consorzio no-profit che guida lo sviluppo, la convergenza e l’adozione di standard per l’e-business.

44
32:2323

" ! $ , " 0 0 G
! ( A +
" 0 G
0 " 0 0 6 N
@ 0 D "
( + 0 ( 0 : ,
( 0 $ 0 0 ! !!
@ 0 " ? 6 " ! +
"

( A + ++ G
+ ++
'A @ + !
" 0 " $ )

32:2329 .

& D + @ 0 + " : ,
( 0 ! 9 0 + " J
! " " 0 ( 0 ' ," 0 )
! '0 !+ )
0 !
" " 0 ( 0 " J 0 + : ,
( 0 0 ( 0 A ! " "
G A ! + " ! 0
"

45
@ 0 0
0 + ," 0 " KA 0
" 0 D + !! "

CIRCOLO DI
FIDUCIA

Registrazione e
confederazione
Identity
provider

Identity Services
provider Provider

Services
Provider
Identity
provider

& F 00 " ( " $ , 8 $


" " ! G 0

46
( " " J ! ' !
" ) " 0 + !
" 0 " '0 !+ )

Info nel query string


(artefatto)

1.Richiede risorsa
2.redirect

3.Informazioni 4.Rilascia risorsa


(artefatto)

4.Assertion

! (

47
+ ! 0 ' " J0 !+
.) " G $ , " 0 " K
" $$ " !
"

CIRCOLO DI
FIDUCIA

Identity
provider

Services
Services Provider
Provider

" / ( (

48
& + " @ " + $ , D
! " + 0 "
: A D !

49
/ & & 9= ) $ , % &% ,& ' &%
- #

& $$ " 0 " " ++


! A " + " 0
@ $ P ' $ ,
D " " D
!! 0N A " + "
" ! ! 0)
@ @ D 0 8 $
" " 0 A ! 0
" + 0 " $ +
: " + A
" 0 " + 0 !
" + " " !
"

921 &% & *& &

:" + D 0 " & /


*0 @: " :& / : ! 31 0 !!
++ " " ( -:: @/ : "
: (
0 0 0 " " 0 +
" ! 0
0

50
92121 * ?

X* 0 W " XD @ 0 / : "
! @ " + 0 ! ++
@ $ :&L 'L : * ! C ( :
& , ; : L ) " ?
0 + " + :
H0 0 I " A 0 + + " +
" " 0
" + W"" !!
" + 0 ! !! 0 "
" + *0 @ " 0 $ 0
" " A $ 0 0 !! "
!! " + ! ' " " "
+ &: &# & / T) +
" " @ :&L "
" H* 0 @ " I $ HB
& +I 0 + 0
" + 0

923 %

92321 +

( + @ D "" "
0 @ G

51
& GD 0 8 $ "" ++ + + "
" " N
0 GD 0 !! 0 + + N
7 ? 0 GD " 0 N
7 ? GD " " J & N
7 G @ #N
9 + G $ 8 " + @
!! ? + $ 8
4 C? G " " @
@

92323 A

;! " @ A 0
" " @$ 0 " + 0 ""
G
" + + N
" 0 0 + @ +
! N
" @ $ '" ! " 0 )N
. $ C? " @ 0 "
@ " " $
+ " A " + N
1 " 0 "" " "
N
3 D " 0 @ "
0 0

52
5 0 "" !
"" N
6 0 " 0 +
! + N
0 !! 0 " " $$ ;
" ! N
@ 0 " 0 " 0 + " "
" ! N
+ $ 8 " 0 N
$ 8 0 ! @ 0 0
!8 ++ 0N
D" $ @ " N
.D @ C N
1 0 0 ! " +
" $ ! N
3 7 ? 0 " "
0 " " +

92
329

: 0 D" ! 8
" $ ! 0
0
$D
. 0 0 0 $ H !
$ I

53
92
9 / &+ ' &%

92
921 6 B @

' " J0 !+ ) G

Browser ………………… Browser

Server Web
Server Server Web

. 1( =

- 4 8 7 $ 9 + G @ " !!
" 0 ; N
- 0 7 $ & G " $ + "
" 0 & " J
!8 '8 ? ) " 8 ? 0
A !!

54
" ! + @ !
0 " J A 0 "" !8 " "
" @ 0 " N
- 0 GD !! 0 D
!8 '8 ? 0 ) " 0 0
:8 ? 0
$ " ! " "
+ + N 0
" ( A " + " 0 " $
A 0 < $ @ L D
0 G D" $ ! + ! 0

& " " @ " J 0


!+ 3

55
Browser ………………… Browser

…………………………………………………………..

Server Web

Server Web

Firewall

WAAS
Server

…………..
…………..
Autenticazione NT
SQL Server Kerberos

. 1<= @

56
92
923

: D 0 " G 8 ? 0 8 ?
:8 ? 0 D " 0 0
8 ? D
"" + 0 8 $" J "
8 ? 0 : " 0
+ ++ + 0 $ C?
" +
" 00 D
A " 0 " $$ ' 8 ? 0 )
@9 " ! 7
" @ 0 : 0 0
@ @ " $ "
! " + @

L " 0 0 ++ G
$ ! 0 "
" " " ! 8 N
" " " $$ 8
" ! 0 " $
0 "" " 0 !8 " ! 0
$$ + @ " + 8 ? N
8 $ 0 D" $ ++ + 0
" $

@ ? + D" 0 G !
" $ D

57
" 0 " D @ " $ +
"
( 8 ? 0 8 ? D 0 ""
! 0 ! A @
"
( A + $ A D " +
" $ + $ "
0 " + "" $ '!+ )" J 0
A G" E ! + "" " J 0 "E
" " "E 9 " J
0 " ! " 0 + "

SERVIZIO

*
* RUOLO

*
UTENTE GRUPPO
*

92
929 ?

0 "" " J 0 " " @


? + 0+ ; !
0 " 0 8 $ L 0 8 $ 0 "
@ $$ " 0 + " ! 0
" A + 0 ! ' 8 )
& D + " J 0 !
@ 0 G

58
8 ? " @ @ N
!8 " " " 8 ? 0 N
@ " "
8

+ 0 + " D " !
!8 " " D! @
!! " " 0 8

Web Authentication Authorization System

Logout <<include>>

Inserisce Username

Login <<include>>

Utente
Inserisce password

Autenticazione

Server Web
<<include>>

Utilizza risorse

+ 5 ? & @ A 0 8 $ 8

59
Web Authentication Authorization System

Logout <<include>>

Inserisce Username

<<include>>

Login

Utente
Inserisce password

Autenticazione

Server Web
<<include>>

<<include>>

Utilizza risorse Autorizzazione

- 0 1& (( 1

92
92:

0
@ ? + !! + N
0 @ " 8 N
@ ? + 0 @ " 8 N
. N

60
1 @ ? + D 8 ! !
C N
3 0 C

0G
'" .)G 7 0 " +
N
D + ! '" 1) : 0 +
@

@ ? + + N
8 ? 0 0 ! @ N
@ ? + D N
. 8 ? 0 !! +

0G
" D ' + " )G 8 ? 0
!! + N
@ ? + D '" )G 8 ? 0 !!
+ N

C D )
@ 0 8 $N
0 ! @ N
@ D "" N

61
. !! 8 ? 0 N
1 8 ? 0 0 ! @ N
3 @ D N
5 8 ? 0 !! " A , +
! N
6 + 8 ? 0 N
8 ? 0 0 N

0G
@ D @ '" )G
! 8 ? 0 N
@ D '" )G 0 N
@ D '" 1)G
8 ? 0 ! N
0 " 3N
8 ? 0 0 '" )G 0
++ @

C D @ )
@ 0 8 $N
0 8 $0 ! @ @ N
@ D N
. 0 8 $ !! 8 ? 0 N
1 8 ? 0 0 ! @ N
3 @ D N
5 8 ? 0 !! 0 8 $ A ,
+ ! N

62
6 0 8 $0 ! @ + 8 ? 0 N
8 ? 0 0 ! N
0 0 ! @ @ G@ D N
0

0G
@ D '" )G 0 8 $ N
@ D '" )G0 " .N
@ D '" )G
8 ? 0 ! N
. 0 " N
@ D @ '" .)G 0
8 $ +

92
92( A

" A + " 0 @ (
A + H I 0 G
" 0 0 "E 0
0 0 + @ "
, & > + N 0 0 " "
+ " + ! + @ " 0
0 " "

63
2

64
3

65
) (( (( ( 1

66
) (( (( (

67
92
: #/ # % ' &%

( !! "
D "" !! !! /@ " !
+ ++ B 0 " K " " ! "
0 " 0 "" D . '% C )
D 0 " 00 ++ + " 0 " + !
'4 ,& ) ++ " A
( A + D "" ++
B0 , 'B )
0
" ( A
0 00 0 " "N " " $
! D > $ + 888 " + >
D " " GD !!
! " C + " " !
!+ ! D 0 "
, B0 7 $ 0 0 " ( C 'B7 () D
+ $ " K $ +
@ $
" " J " % +
" C + +
! A + ! $

92:21 4 @ @

@ ! B " J 0 "
" " G " @ @ " @

68
" " @
+ %0 "" "" $
0 " " @ !
,! 8 C %0 + C $ "
D
@ % D + P "
"" %0 " +
/@" $ ++ ++ + 0 +
! @""
"" " ++
" + & > ! ! !+ '
& !+ )" +
+ ' + ) " + @
& + @ @ "
0 + + %0
" " ++ @ $ 0 B0 0
D$ % D
$ +
! B " J ""
0 "" " + G" K @ $ 8 "
D" $ $ " 0 A
" "
* " B "E "

B ! + " C +G
• B0 > ,

69
• B0 > , $ C
• B0 > , +
• B0 > , "

: " C + " ! "


$ "E " G
%0 > , $%
%0 > , " +
%0 > , + + & >
%0 > , + & !+
%0 > , $ C& $ C
%0 > , $ C& $ C2

@ @ + & > B
A A + & > & !+ " +
++ & $ C2 & $ C 0
$ ! % ++ + ++
A ++ 0

!E

$% "" +
9 ++ " J 0 "E " 0
"" @ %0 ,( " : + ( " ')
" " 9 + +
++ GA " J" J 0 " " 0
0

70
: ++ + A " 8
! & " $$ " 0 ! $
$ ! 9 " 8 0 " 0
" " 0 0 " $$
" $$ & ++
" K " @ ! G J
+ ( $ < , & !

+ D @ ! 0 " " !
@ D " "
"" " + 0 "E
+ B + 0 B " J
!+ + + $ A
0 0 0
+ ! A G ') + ') ')
$ ') + ') L B " "
! " @
" ( 0 ') A
+ ') + ') 0 $ ! 0 ') + ')!
0 $ ') " ') B ++ +
++

: ' $% ++ & $ C2 + "


" " )GA " + !! K
" + : + 0 "

71
+ ++ " " "
+ ')
+ ')GA ++ "
" ! "
@ " ( J $ " J
! " 8 " J A
0 !
& ')G + $ ! B
') + + D $ !
A 0 $$ ++ + ++ " "
: + 0 $$

$ ')G + D $ ! D +
+ ++ 0
$ ') + 0 $$
+ ')GA !! + ++ 0 $$
0 ++ " " "" "

& !+ D ! $$
+ & > + @ " "
!+ A + 0
!
! @ " + / !+
A " $ " + G; A ; A !!
#"

72
; A G: + 0 $ ! !! K@
+ 0 $ ! L 0 ! 0 + +
+ +
; A G + 0 $ ! !! K@
0 $ ! ! " + 0
0 + +
!! G A 0 $ ! !
; A ;A @ + 0 $ !
#" G A "
" + !! ; A ; A
! + 0 $ ! "
"

! F

@ ! & $ C / " "


A ! " " ! !
+ 0 + / & $ C
" ! ( 8 & $ C & $ C
" " " ? " 8
+ D" $ " "

! F,

@ ! & $ C2 ! G '& $ CYZ


$ C) & $ C! ++ + !
( " @ ,& $ C & $ C

73
( 8 & $ C + & $ C" J @ !
+ " A "
& $ C

92
:23/ F

# 0 " 0 " C +
G
+ 8 D " C + " J N
+ 8 0 7 $ 0 ! 8 ?
0 N
+ 8 D " C + 0
8 ? 8 ? 0 N

74
! $

92
:29

" + 8 G
& ," ," GD 0 "
" + 0 !! ! !
!
< ,GD %0 $ " J "
0 "" " ! +
" 0 " ! C +

9
Un javabean è un componente software riutilizzabile che supporta il modello di serializzazione del jdk e
utilizza metodi get/set per esporre le sue proprietà.

75
7 0 GD 8 ? 0 &
W ' + & >)
C @ ? + 0 !
" W 0
W
9 ( 8 & $ C2 G "
%0 > , $ C& $ C2 +
& $ C ( 8 & $ C 0 "
@ ! & $ C
( " : "G " %0 ,( "
( 8 + G "
%0 > , " + /@ +
0 ! @ " 8
+ P 0
< , + G" + " 0 +
" ! C W + 0 0 0
8 $ 0 GA 0 D !! +
"
7 $ 0 D 8 $ 0 " 0 G
" ! + P
0 !! 0 ! :
7 0 0 " $ ""
7 & GD 8 ? & !
0 " 7 $ 0 !!
" = @
7 9 GD " !
" + " 0 + "

76
92
:2:

" * ((

77
' ((

78
, * ((

79
92:2(

" " 8 ? 0 !! G +
" 0 L " " ! C
0 + " @ 0
0 0 '4 8! ) D 0 0
@: :< " 4 8!
' &" 4 C& +) + L "
" J0 $ $ ! $,
! . 0 + $

+ 4 C 6 4, 3. 4, 13 4, . 4, 6 4,

5 C 6C 6C .1 .C 1 C

1 . 5C ..5 C 61 C 1 3C .5 1 C

5313 C 5 C 1C 1 C .. 3C

" ? 6 33 1C 5311 C 1C 3 5 1C 63 5C

" ? 3 1 63 3C 365 C 5 5C 3 .6 C 3 .6 3C

. 53.3 C 536 C .66 C 6 1 C 5 1 C

? $ 1 5 3C 61 5C 63 5C 65 C 633 C

? ? $ 6 .C . 5C . C 3 5C 1 C

? $ 3. 5C C 1 C 5 6C 5. C

? $ . 1 C 53 C 6 1C 6 5 .C 6 5C

$ 8! ? $ 1 .C 3 .C .6 5C 3 C .C

10
Il TripleDes, chiamato anche DESede, è costituito semplicemente da tre passaggi DES applicati con chiavi
diverse. Il primo passaggio è di cifratura, il secondo di decifratura e il terzo è nuovamente di cifratura. Da qui il
nome DESede: encryption, decryption, encryption. Possono essere utilizzate due o tre chiavi, aumentando così il
numero totale di bit della chiave da 56, 112 o 168. Se si utilizzano due chiavi, la prima viene usata per il primo e
il terzo passaggio mentre la seconda per il secondo passaggio. Con tre chiavi, invece, ciascuna viene utilizzata
per un passaggio diverso. Le chiavi vengono poi combinate in una singola chiave per il trasporto, lunga 112 o
168 bit.
11
Blowfish è una cifratura a blocchi inventata da Bruce Shneier nel 1993 ed è un sostituto del des. Permette di
avere chiavi più lunghe di quelle del tripleDES, fino a 448 bit.

80
1 ? $ 1.5 1C 366. C 5 66 1C 5 53 3C 5 6 6C

0 L " @ "
' + 0 0 )9 " J + "E
" N
C 0 " 0 "
" P 0 ++ +
0 "" $ 8 ? 0 +
" 0

92:2(21

@ " + 0
: " " " "
" 8 8 ? 0 0 !
+ $ C? G 8 ? 0
+ ' + >) + " !
! '% !+) !! + " + :% !+
" ! + ! " + D
" + ! % A G; A
; A !! #" "
!! D !! @
$ C?
! 8 ? 0 C
! 0 " $ 8 @ '
/ & 4 C 0 + ! 0 )G

12
Lo stesso blocco di testo in chiaro viene cifrato sempre con lo stesso blocco di testo cifrato

81
A A @ " 0

92:2(23

P @ !! + 8 ? 0 0 !
" C ' " " )
!! + @ C
@ "

92
:2(29

? + ' 8 ?
"" @ " ) !! 0 0 !
@ '" C ) C D" +
@ A D
+ 0 ! 0 @
! " ! :8 ? 0 !!
A ! " A , + : 0 A
! !! " 8 ? 0 "
" ! 0 A , +
' + ) !
0 $ 8! 0 8 ? 0 " ""
:8 ? 0 ! ! 0 0 !
"E "
! "?

82
" ! ! @ + + "
@ +

92
:2(2:

:" D + " !
" ' 0 ) " "? A
8 ? 0 ! ! 0 0 !
"E "
! " 0 @
" A 0 # J " ! " !
0 $ 8! 0 + +
! L A 0 + " + "?
" '0 " + ! + ):8 ?
A " 0 ! ! +
+ ! !
@ A @ " " !
@ " 0 ! H$ ?! I 00
9; " ! " A @
/ " G
"" @ $$
"G + 8 8 ?
" A $$ : 0 ! @
" "G + 8 8 ? F0

* ! @ @ !
A @ ! A $ 8 : A
"" 8 ? 0

83
92:2< A

G@ " !!
" 8 ? 0 : + 00 +
0

4# (

84
-# ( %

" 0 !! @ 8 ? 0 0
" @ L 00
"" 7 $ 0 A
+ 0

85
2# (( (

86
!3# (( ( %

87
92:2G $

$ 0 " + $
0 + " + "" ! " +
( ++ + $ 0 3 $ G

= ""
& + "" 0 " + + ""

;
A 0 " 0 + +
0 " +

9
& ! " + @
" 8 : " $ ! 0 0
" +

9 = ""
P $ + + ""
" + "E + ""

9 ; ;
& + + +
"E " "E

88
$ 0 $ !+

! # ( &

.6 !

" 0 0
@ ' 0 ) :0 ' " J
!+ ) @ 0 "

89
@ 0 + "
0 + ""
" 0 + @ " A

Vector

Codice risposta

Autenticatore

Hash dei dati

Vector http://localhost:8080/waas- admin user


client/servlet/Media

Vector http://localhost:8080/waas- user


client/servlet/Headers

! # 1

: 7 "" 0 D"
""
9 0 8 ? 0
" A 0
0 '0 !+ ) ! ! K
$ 8 D 0

90
HashMap

http://localhost:8080/waas- Vector user admin


client/servlet/Media

http://localhost:8080/waas- Vector user


client/servlet/Headers

!!# (( ((

92
( % / ' &%

L ! " D" 00 !!
0 ! @!! !!
+ @$ 0 " + $ "E " !
" 0 A ! O " O
0 ! " " $$ " N
" 0 0 + "E

91
" + 0 0 " ' 0
H 8 $ 0 I)
( !! ! + D " "
GH7 $ "" L + I ! + && L
0 " + A "
" 0 0 ! 0 ! !
@!! 0 " 0 0
" $ + ! " +
" ( A 0 D
0 A 0 $ !
8 0 0 +
+ G
G + 0
! 3 !! " "
0 $ . #+ !!
" + 0
0 + G 0 0
0+
L" + G
o L + 0 G: 6< 13
C$"
o L 0 G: 6< $

A 0 $ 0 ( .
1 =2[ 1 . 4 ; ( ::: 1 2[
13 4 ; D" '
) 0 $ "
" /@ A " " "
+ ( "

92
! 0
!! D + +
!! $

92(21

/@ " " + " !! +


0 ! @ ! C
K " D"
+ + ! 0
N " !
! + 0 .
0 3 N $ $$ " + 0
" + .

92(23

:" @ $$ + !! + D
" !
' A " D $$ + !! "
8 0 ) A "
+ F @ " " + 0 " J
!! 0 ++ " 0 +
& ! 0
N + 0 .
0 N $ ' "

93
" + ) "

/ " "E "E


D 0 .! ! 0 A
A "E : D + +
" .
A $ !!
! 0 0 " J0 !+ .
G
& 8 $ 0 ' A " ")G .5

& 0 ! C G
& 0 ! G 3
& 0 ! " !
! + G 5

94
Verifica dati
utente Verifica
16% autenticatore

Redirect e Recupero
verifica informazioni
cookie
20% Cifratura

Digest
17%

Requeste e
response
soap
47%

!"# ( ( (( (

L ! " ! "E
" G"
D ! 8 $ "
$ 0 D "" L
!! " D A 0
A 0 A
A $ + 0 :
" ! " + ! +
! 8 D + " 0 @
0 0
0 A

95
92
(29 ?

= ! A
0 ! " + D 0 "" " @
$ 0 " : !
@ @/ " + 0 "
+ & ( A 0 "E "
" " + ! " A @!! $
!!
D ! N "
" " 0 ! ! ++
0 " $
0 "" @ ! " @ $ A
! A D ++ " $ !!
@ L ' + ) +
8 8 0 " " ' "
" 0 )" K $ 8 0 " @
( A A ! "
$ " $

96
/ & & :" & ' &% &%. &% & . * //

! A $$ "
0 ' ( " D $ ,
D ! )" ! "
!! 0
0 ++ " + " " O +
@ 0 + O !
" @ 0 ""
/!! A " ! 7 ( "
" 7 $ , " $ " + 0
" !! ! " " 0 +

:2
1 ) 2% / /&

( " " 0 0 " L


" $ 0 " " "
@ + " $ 0
0 "" " "
:7 0 + $ A 0
' ) ! G
" " "" 7 ?

97
( " " $ ! + 0
0 8 $ L
A ! " $ '
A , +) !! " 0 0
: 7 0 0 7 $ 0
A A !
" 0 "" 0 0 ! ! $

+ @

( " @ 0 " ! C +

:7 0 " + L !! D
" + ! 0 " A
!

$ F"

( " " + A 0 "

:7 $ % @ "E
$ C? " +

98
( " D " " " ! D
0 "" " ! ' " 0 ) #" 0
! : " D " " !
0 A D ' 0 ) 0 " "
#" 0
:7 ' 0 )D 0 "" %0 ( J A
! " 0 0

:2
3 ) / &+ & $ - %

/ $ + 0
0 8 $ 0 $ , ! " 0
" $ 0 " 0 A
+ : ,( 0 00 + $
!! G " D
A " " + $ , N
G 7 !
$ , "" ++

$ F"

& ! " + ! " 7 " J A A


" $ C? " ! $ , D A $ C?

99
: $ "

@ $ ' 7 )" ! 0
' )D $ 8 P D ++
0 $$ @ 8 $ 0 !
" 0 0 $ , 0 " 0
0 "E " : A @
D $ @ "
+ " @

$ 0 !

! $ ,
& 7
( "
&

&!
(

0 $ 8!
&! C L " 0 L "

100
+ " + " ! 0 0
" +
( $
0 $ C? "
" !

"
7 $
" @
4 8 P 4 8

9 8 $
0

:2
9 . * //

$ " " " + ! " J 0


0 + " G@ 8 $ L
D " " " "" D
" $ + !!
@ $$ + $ 8 ' @ @:4 !
" " ): "E " "
" $ " DA +
A ++ 0 " 0+ A " $
! C ' 00 " " "
8 @ ) D A "" !
" $ @ " >,

101
$ 8 0 0 ' "" " )
" +
& " J 0 !+ +
" " " " >, ! 8

Server
Waas Client

Firewall

Rete protetta

Proxy

Browser

!'# /

:" G

: " >, 0 7 ? 0 0

102
A " $ 8 " >, D "
! 8
D
#+ 0 0 !! " >, ++ + " "
! " " 0

: D + G@ !! + 7 ?
0 N" " " >, A !
0 0 7 ? 0 : 7 ? 0 0 !
@ " @ @ " >,
; C ! " " " >, : " >,
0 ! @ C $ 8
@ ! 0 !! 7 ?
0 " C 0 !
@ 0 " >, @ ? + !!
/!! A 0 8 $ 0
0 ! " " @ A " >, : A
C ! $ " $$
! " J " " $

103
&% &%

:" + 0 ""
" $ !! 0 +
: D$ A
+ " K ! 0
" ! " +
"" '/ :) "
:8 ? " 8 $ + (:
+ ! " G
" 0 ' 8 ? 0 ) +
! + C D " @
8 $ + P @ + 0
" ! + " + 8 ? 0 0
8 $ 0 &J" J " "
+ + " + 0 0 "" '
! + ) " ! " 0 8 $ 0 '
! ) ( ! "
" @ 8 ? D 0G +
! " J + 0 "" " " "
A " ! + " ! 0
" 8 ? 0 " 7 " $$
;
:8 ? 0 D 0 ""
" L " @ "
+ $ C? !
" K @ " $ C? 0

104
@ " + 7 $ 0 " ! 0 0 "
" 0
@ %0 + ++ 0 ""
" " ! " @ !
+ ! @ +
" " $ , "
"E "
" 0 "E+ " +
0 " + + ' @ )
0 G " J
" " " J !! D +
! $ "E "
++ ! $ " ( "
$ , " + + + "" ?$ !
: " A
! $ $ 8 " $$ " A "
A D " " 0 0 "" "E
" G 7 $ 0 ! $
" J ! ! "
$ " +
! 0 "

105
+ &

7# @ ; ?
"G > " + " 0 "

Q\> 0 ]X X +]X9L ?6X \R


" QU??
! # ( 0 "

L $ " +7 &W # ( *
! G

"G 888 8 + 3 "? 0 "

& ", + = + 0 "

& + ! 8 +G
? 0 " "G > " + " 0 "
? 0 9 , 8 > 0
? + , + $ $ 6 1

+ G

? 0 ! 0 ! 9 $ ?
.

# + ", + G

106
& ", + 7 &' : !L +,
: ; :! A A
< 9 0 ,) ;+ ; 0
"G 888 8 + & +

L +0 $, 7 & !8 YZ
$ P YZ

YZ "G 888 8 + & + ", + ? !8 ?


6 5
YZ "G 888 8 + & + :(;? P?
3 S L
??R
" Q> G > G> ]X@ 0HH 2 92 H3II1H7# @ X
> G ]X@ 0HH @ 2B 2 H H HX
+ " ]X@ 0HH @ 2B 2 H H HXR
? QU??
/ 0 " $ ,
??R
Q> G ]X X ," ]X 0 X R
" Q> G " >L," ]X XR
" Q> G A R
Q> G !]X 0, X # ]XIX R
Q> G !]X 0$ 6X # ]X1X R
Q> G , " ]XJJ @ X # ]XIX ># ]X ! X
" & ]X BX R
Q > G A R
Q> G , $ " ]XJJ @ X " & ]X BX R

107
Q > G " >L," R
Q> G ]X, X ," ]X 0, X R
" Q> G " >L," ]X, XR
" Q> G A R
Q> G , " ]XJJ @ X # ]XIX ># ]X ! X
" & ]X BX R
Q > G A R
Q> G , $ " ]XJJ @ X " & ]X BX R
Q > G " >L," R
Q> G ]X$ 6X ," ]X 0$ 6X R
" Q> G " >L," ]X$ 6XR
" Q> G A R
Q> G , " ]XJJ 6X # ]XIX ># ]X ! X
" & ]X BX R
Q > G A R
" Q> G , $ " ]XJJ 6X " & ]X BXR
" Q> G R
Q> G R/ @ 6 @ !
@ $ 6 Q > G R
Q > G R
Q > G , $ R
Q > G " >L," R
? QU??
= $ $ L ! 8 + $ $ $ 0
A ! $ , " > ," ! +
??R
" Q> G $ ]X XR
" Q> G " L," R
" Q> G $ ]XB 0! XR

108
Q> G" 0 ]XIK1X R
Q > G R
Q > G " L," R
Q > G $ R
Q> G $ ]X X ," ]XB 0 6 X R
" Q> G " L," ]X 6 XR
" Q> G R
Q> G RL 6 L 6
@ @ 2. B ;@
L
@ 0HH @ 2B 2 H H HL @ !
& / Q > G R
Q > G R
Q> G L," ]XB 0 6 X R
Q > G " L," R
Q> G $ ]X 6 X ," ]X 0 6 X R
" Q> G $ = " ]X 6 XR
Q> G $ !]X 0 6 X R
Q > G $ = "R
Q> G ]X. X ," ]X 0. X R
" Q> G " >L," ]X. X! ]X B XR
" Q> G R
Q> G R. Q > G R
Q > G R
" Q> G A R
Q> G ]X X ," ]XB 0M% X R
Q> G ]X X ," ]XB 0 X R
Q> G ]X X ," ]XB 0 6 X # ]XIX R
Q> G ]X X ," ]X 0 X # ]XIX R
Q > G A R

109
Q > G " >L," R
" Q> G " >L," ]X XR
" Q> G A R
Q> G , " ]XJJ 6X # ]XIX ># ]X ! X
" & ]X BX R
Q > G A R
Q> G , $ " ]XJJ 6X " & ]X BX R
Q > G " >L," R
Q > G R

110
+ &$

) @ )

Q\> 0 ]X X +]X9L ?6X \R


" Q8 G !
+ " ]X@ 0HH @ 0NINIH H H
X> ]X@ 0HH @ 2B 2 H HX
> G" "]X@ 0HHB 2 @ 2 HB " X
> G " ]X@ 0HH @ 0NINIH H H X
> G !]X@ 0HH @ 0NINIH H H X
> G " ]X@ 0HH @ 2B 2 H H HX
> G8 ]X@ 0HH @ 2B 2 H HX
> G8 "]X@ 0HH @ 2B 2 H H HX
> G> ]X@ 0HH 2 92 H3II1H7# @ XR
" Q8 G," R
"Q + " ]X@ 0HHB 2 @ 2 HB " X
> ]X@ 0HH 2 92 H3II1H7# @ XR
Q "
" ]X@ 0HH @ 2B 2 H H
HX R
"Q " >L," ]X* XR
"Q A R
Q ># ]X ! X
# ]XIX ]X X
," ]XB 0 6 6 X R
Q A R

111
Q " >L," R
Q R
Q 8 G," R
" Q8 G + ]X @ XR
Q8 G" ]X @ X ," ]XB 0 X R
Q 8 G +R
" Q8 G + ]X @ A XR
Q8 G" ]X X ," ]XB 0 X R
Q8 G" ]X X ," ]XB 0 X R
Q8 G" ]X X ," ]XB 0 X R
Q 8 G +R
" Q8 G + ]X XR
Q8 G" ]X X ," ]XB 0 X R
Q 8 G +R
" Q8 G + ]X A XR
Q8 G" ]X X ," ]XB 0 X R
Q8 G" ]X @ X ," ]XB 0 X R
Q8 G" ]X X ," ]XB 0 X R
Q8 G" ]X X ," ]XB 0 X R
Q 8 G +R
" Q8 G + ]X @ A XR
Q8 G" ]X X ," ]XB 0 X R
Q8 G" ]X X ," ]XB 0 X R
Q8 G" ]X X ," ]XB 0 X R
Q8 G" ]X B X ," ]XB 0 X R
Q8 G" ]X X ," ]XB 0 X R
Q8 G" ]X X ," ]XB 0 X R
Q8 G" ]X X ," ]XB 0 X R
Q 8 G +R

112
" Q8 G + ]X @ XR
Q8 G" ]X @ X
," ]X @ 0* X R
Q 8 G +R
" Q8 G" L," ]X) ! XR
" Q8 G" ]X X
" # ]X @ XR
Q8 G" + ]X 0 A X
]X A X R
Q8 G " + ]X 0 X
]X X R
Q 8 G" R
" Q8 G" ]X @ X
" # ]X B
XR
Q8 G" + ]X 0 @ A X
]X @ A X R
Q8 G " + ]X 0 @ X
]X @ X R
Q 8 G" R
" Q8 G" ]X @ X
" # ]X XR
Q8 G" + ]X 0 @ A X
]X @ A X R
Q8 G " + ]X 0 @ X
]X @ X R
Q 8 G" R
Q 8 G" L," R

113
" Q8 G$ + ]X $ X
," ]X 0) ! XR
Q8 "G$ + , ]X X
" ]X@ 0HH @ 2B 2 H H@ X R
" Q8 G" ]X XR
Q8 "G " " ]XX R
" Q8 G" ]X A XR
Q8 "G$ ,
+ , ]X@ 0HH @ 2B 2 H H
HX
" ]X@ 0HH @ 0NINIH H H
X ]X X R
Q 8 G" R
" Q8 G " ]X XR
Q8 "G$ ,
+ , ]X@ 0HH @ 2B 2 H H
HX
" ]X@ 0HH @ 0NINIH H H
X ]X X R
Q 8 G " R
Q 8 G" R
" Q8 G" ]X @ XR
Q8 "G " " ]XX R
" Q8 G" ]X @ A XR
Q8 "G$ ,
+ , ]X@ 0HH @ 2B 2 H H
HX
" ]X@ 0HH @ 0NINIH H H
X ]X X R

114
Q 8 G" R
" Q8 G " ]X @ XR
Q8 "G$ ,
+ , ]X@ 0HH @ 2B 2 H H
HX
" ]X@ 0HH @ 0NINIH H H
X ]X X R
Q 8 G " R
Q 8 G" R
" Q8 G" ]X @ XR
Q8 "G " " ]XX R
" Q8 G" ]X @ A XR
Q8 "G$ ,
+ , ]X@ 0HH @ 2B 2 H H
HX
" ]X@ 0HH @ 0NINIH H H
X ]X X R
Q 8 G" R
" Q8 G " ]X @ XR
Q8 "G$ ,
+ , ]X@ 0HH @ 2B 2 H H
HX
" ]X@ 0HH @ 0NINIH H H
X ]X X R
Q 8 G " R
Q 8 G" R
Q 8 G$ +R
" Q8 G 0 ]X) ! XR

115
" Q8 G" $ +]X 0 $ X
]X XR
Q8 "G
]X@ 0HH @ 0NINIH H H
X R
Q 8 G" R
Q 8 G 0 R
Q 8 G ! R

116
$ $ &+ .

YZ = 2, ,
+5 1
$ "G ? 1? 53666
YZ * 4%
1
+ (
YZ B4 & $ 4= $ 2 C ; : B $ ,L
L L
/ 6 % &
7 >(
Y.Z 0 & "" L, B8

4 ) !

#@; ,
Y1Z L &

&

=
"G 0 " %0 0 " > 8 $
0
Y3Z 2 7
78 95 /
= 8?2
Y5Z 7 7 7 $&
"G 888 8
Y6Z & 9 :
"G 888 +

117
YZ 0 (< 0 ; $
F @ / /
/ 0 ( 0 " + 1 ?16
"G 0 $ " "
Y Z ; !#"" +
! /L ( " G , , & " +(
:/// & " , +
Y Z !& "
8 / :; 1<
"G 8 ! 8 !. !. $ ? 63 ?. ?
6.$? !3 3$ ! 6 " " ^ 0 8+
Y Z / ( 0 ,: ! &
!( " :0 + C < 33!
"G 888 " + " 0 , ! " "
Y Z 7 , ;
T ( " , & 33
"G " " . 5 6 .66

Y .Z ( + $ ,
"G 888 " % $ , +
Y 1Z $ , ( %
& = 1 0 =
Y 3Z $ , ( %
& = > / 0 =
Y 5Z !! # :
888 ? " +
Y 6Z : !L +,
* = 9 * 5

118
"G 8 $ C $ 888 +
Y Z : !L +,
? & 9 ; 1 $
"G 8 $ C $ 888 S8 ^
Y Z 4
( (( ( $
!"G !" " $ & " +&
" !
Y Z B & * , C 09
= / !:3 6
"G " !
Y Z B = !
(( 6
= 82
Y Z ,
6 ( :3 * < .
"G %0 , % "
Y .Z & = + ,< 0 , ;
) ( @ A /
"G %0 , %
Y 1Z & , 2 = ,&
6 +/
= 82
Y 3Z & , 2 = ,&
6 5 (
= 82
Y 5Z B 2 7 & 8!
6
#@; ,

119
Y 6Z 0 +
6 ;
#@; ,
Y Z " + >
"G 888 " +
Y Z 4 ,&
"G 888 $ , +
Y Z C<
9 +7 $ 0 ! ?& + +? =
"G 888? 3 $ 0 " 8 C 8 $ 0 $ , 8 ?
+

120
%+ ' # %

: ! " " "


( " " + " @ " 0
" N ! / " @!!
" " K " " !
:" ! " ! & " " +
A " " $
" +
L " ! " 0 0
A "E "
@/ " 0 @ "" 0 + " + $

= " $ *
= A 0 A 9 0 G
; $ ( ; $ $
; $
= @/ G= + / = L$
! [ !

: &

121