Access control in distributed object systems: problems with access control lists

Providing satisfactory access control mechanisms for distributed object systems is a challenge, as the characteristics of these mechanisms are not well understood. Distributed object technology has progressed in recent times but the lack of practically useful security mechanisms for access control hinders their deployment in application domains. CORBA from the Object Management Group is one of the most popular distributed object technologies. Despite its popularity, commercial product releases that fully confirm to its security service specification are just beginning to emerge. Access control in CORBA or any other distributed system becomes complicated because of the fact that a target object upon receiving an invocation from an authorized client may have to become the client of other objects in the system (in order to form a response to the original request). So the basic question boils down to one of delegation. In this paper we look at some drawbacks of access control lists (ACL's) that are in wide use.