Supporting heterogeneous middleware security policies in WebCom

With the growing interest in service-oriented architectures, achieving seamless interoperability between heterogeneous middleware technologies has become increasingly important. While much work investigating functional interoperability between different middleware architectures has been reported, little practical work has been done on providing a unified and/or interoperable view of security between the different approaches.In this paper we describe how the Secure WebCom distributed architecture provides access control policy interoperability support between a number of middleware security architectures. Secure WebCom uses the KeyNote trust management system to help coordinate the trust relationships between the different middleware systems and their associated access control policies. Middleware authorisation policies can be encoded in terms of cryptographic certificates, and vice-versa. This provides a unified view of access control across heterogeneous middleware systems and also provides the basis for decentralised support of middleware access control policies.

[1]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[2]  John P. Morrison,et al.  A Condensed Graphs Engine to Drive Metacomputing , 1999, PDPTA.

[3]  Simon N. Foley,et al.  Security in WebCom: addressing naming issues for a web services architecture , 2004, SWS '04.

[4]  Vipin Samar,et al.  Unified login with pluggable authentication modules (PAM) , 1996, CCS '96.

[5]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[6]  Simon N. Foley Supporting Imprecise Delegation in KeyNote , 2002, Security Protocols Workshop.

[7]  Angelos D. Keromytis,et al.  Trust Management and Network Layer Security Protocols , 1999, Security Protocols Workshop.

[8]  John P. Morrison,et al.  WebCom-G: Grid Enabled Metacomputing , 2004, Neural Parallel Sci. Comput..

[9]  Barry P. Mulcahy,et al.  Dynamic Administrative Coalitions with WebComDAC , 2004 .

[10]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[11]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[12]  Simon N. Foley,et al.  A framework for heterogeneous middleware security , 2004, 18th International Parallel and Distributed Processing Symposium, 2004. Proceedings..

[13]  Tuomo Lampinen Using SPKI Certificates for Authorization in CORBA based Distributed Object-Oriented Systems , 1999 .

[14]  Laurent Pautet,et al.  A case study of Middleware to Middleware: MOM and ORB interoperability , 2002 .

[15]  Angelos D. Keromytis,et al.  Trust management for IPsec , 2002, TSEC.

[16]  Laurent Pautet,et al.  From functional to architectural analysis of a middleware supporting interoperability across heterogeneous distribution models , 2001, Proceedings 3rd International Symposium on Distributed Objects and Applications.

[17]  Foteini Andria CSIS CORBA Security , 1998 .

[18]  John P. Morrison,et al.  Condensed graphs : unifying availability-driven, coercion-driven and control-driven computing , 1996 .

[19]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[20]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[21]  Simon N. Foley,et al.  GridAdmin: decentralising grid administration using trust management , 2004, Third International Symposium on Parallel and Distributed Computing/Third International Workshop on Algorithms, Models and Tools for Parallel Computing on Heterogeneous Networks.

[22]  Tom Moriarty,et al.  COM-CORBA Interoperability , 1998 .

[23]  J. Feigenbaum,et al.  The KeyNote trust management system version2, IETF RFC 2704 , 1999 .

[24]  Simon N. Foley,et al.  Secure Component Distribution Using WebCom , 2002, SEC.

[25]  B. Blakley CORBA Security: An Introduction to Safe Computing with Objects , 1999 .

[26]  Wpin Samur Unified Login with Pluggable Authentication Modules ( PAM ) , 1999 .

[27]  Simon N. Foley,et al.  Computational paradigms and protection , 2001, NSPW '01.