Book Home Java Enterprise in a Nutshell Search this book

11.2. Security Service

The CORBA Security Service provides the tools you need to secure a distributed application. It supports the authentication of remote users of object services, access controls for key objects and services in the system, auditing functions, the ability to establish secure communications channels between clients and object services, and nonrepudiated events. Note that encryption functions (i.e., algorithms for encrypting data and generating digital signatures) are not included in the Security Service specification. The Security Service is a higher-level security framework that needs to use cryptography in its implementation, but this use is not spelled out in the specification. Implementors are free to use whatever lower-level cryptographic APIs suit their needs, as long as their use supports the higher-level specifications of the Security Service.

The Security Service framework layers security measures on top of the basic ORB object-to-object model defined in the core CORBA architecture. Security measures are taken on either end of a secure communication. Access control is defined down to the level of individual methods on objects, and access rights can be delegated by one authenticated object to another.

The PrincipleAuthenticator interface authenticates identities. A Credentials object is assigned to each user; it describes the user's security profile, including access rights, authenticated identities, etc. The Current object provides details about the security features in effect in the current execution context. There are also extensions to the org.omg.CORBA.Object interface, to support such actions as querying the Credentials of an Object.



Library Navigation Links

Copyright © 2001 O'Reilly & Associates. All rights reserved.