Access Control Method And Application Research On Midware Technology

With the wide use of CORBA (Common Object Request Broker Architecture), CORBA security is confronted with a real challenge. Especially the access control of numerous objects in CORBA is the bottleneck to construct the high-powered environment of security. As an advanced means of access control, the strongpoint of RBAC(Role-Based Access Control) is making off the roles which separates the users from the permissions according to the security requirements for the relevant assignments. Therefore RBAC can be used to solve the complicated access control in CORBA security.Based on analyzing the feasibility of implementing RBAC into CORBA, the system architecture of RICS(RBAC In CORBA System) is proposed with the support offered by CORBA security services. And the detail designs for the key components are followed. The frame of PKIX (Public Key Infrastructure based on X.509) for identity authentication is authentication. The interceptors implementing in CORBA responsible for the principal guarantee the security to the access control after RBAC into CORBA. Policy Factory is designed to manage the policy objects and the configurations of RBAC, which achieves the central management of access control policies. The steps for access decision are optimized by policy factory and the tailored figure of invoking objects. In conclusion, the design of RICS is in view of being configurable and extensible.The process of access control actualized by the interceptors falls into three successive phases of creating the credential, binding and access decision based on RICS and the suitable points to intercept. Then the CORBA application example of TLIMS (Testing Laboratory Information Management System) is presented. The interceptor can ensure that access control will occur before any request gets to the server operation.The result of implementing TLIMS proves that RICS realizes the automatic role activation by the objects communication. That makes the access control policies more flexible and effective. The whole system is adaptable to the frequently changed configuration of RBAC.