Gervas Douglas wrote: > <<Security is a very large topic for Service Layer implementers, and > the scope is too broad for a short article like this one. So I'll > just discuss the most obvious aspect of it – user authentication. > > If the Service Layer is to have great value, it needs to provide a > homogeneous authentication approach. A typical goal would be to have > authorization decisions somehow externalized so that the Service > Layer could handle that automatically in the context of the > universal authentication scheme.
With the Jini Extensible Remote Invocation, which is available in Jini2.0 and later, a plugable authentication and authorization implementation is available. The Invocation Layer Factory can be specified at deployment time to utilize kerberos, X.5xx, or something else that you implement, including username and password, which I have done with a PAM module on linux systems to do the authentication. Authorization can also be plugged in through the use of customer InvocationHandlers on the server side. Each method call, comming into the system can be controlled based on simple or complex mechanisms. Out of the box, JERI supports Kerberos and X.5xx authentication, and then the specification of a single permission that must be granted to the principal(s) in the authentication chain. Many people who use web services to create legacy interfaces are burdened with creating a secure interface back into the legacy application. With JERI features, one can create secure interfaces into these legacy applications using the appropriate authentication, at deployment time, and then provide WS access to select sets of their infrastructure without exposing the whole thing to the issues discussed in the above article. Gregg Wonderly ------------------------ Yahoo! Groups Sponsor --------------------~--> Fair play? Video games influencing politics. Click and talk back! http://us.click.yahoo.com/T8sf5C/tzNLAA/TtwFAA/NhFolB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/service-orientated-architecture/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
