Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent from a particular access control policy and from factors that are used in authorization decisions as well as access control models, no matter how dynamic those polices and factors are. It also enables elaborate and consistent access control policies across heterogeneous systems. We present design of a service for resource access authorization in distributed systems. The service enables to decouple authorization logic from application functionality. Although the described service is based on CORBA technology, the design approach can be successfully used in any distributed computing environment.
The traditional model of computer security was formulated in the 1970's, when computers were espensive, solitary, heavy, and rare. It rests on three fundamental foundations: management of security policy describing the set of actions each user is entit.led to perform, integrity of the physical system, its software, and especially its security-enforcing mechanisms, and secrecy of cryptographic keys and sensitive data.The modern computing environment, with its rapidly accelerating complexity, connectivity, and miniaturization, is undermining all three of these foundations. Nevertheless, the newest "secure" computer systems continue to be built on them. This paper argues that the traditional model of computer security is no longer viable, and that new definitions of the security problem are needed before the industry can begin to work toward effective security in the new environment.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.