Application Server Object-level Security for Distributed Computing Domains
First Claim
1. A computer readable medium encoded with software for use in a distributed computing domain, said software performing steps comprising:
- distributing administrative objects and user objects to one or more application servers;
allowing a user to declare in a list which objects residing on each application server are to be protected;
reading said list by an interceptor;
responsive to exportation of a Common Object Request Broker Architecture (“
CORBA”
) compliant Interoperable Object Reference (“
IOR”
) for a listed object, associating by said interceptor one or more application server security flags with interfaces to said listed objects by tagging components of the IOR with one or more security flags; and
performing one or more security operations by an application server according to said security flags tagged to said IOR when a client accesses an application server-stored object, said security operations including an operation besides establishing secure communications between said client process and said server-stored object.
0 Assignments
0 Petitions
Accused Products
Abstract
Objects on application servers may be defined into classes which receive different levels of security protection, such as definition of user objects and administrative objects. Domain-wide security may be enforced on administrative objects, which user object security may be configured separately for each application server in a domain. In a CORBA architecture, IOR'"'"'s for shared objects which are to be secured on a domain-wide basis, such as administrative objects, are provided with tagged components during IOR creation and exporting to a name server. Later, when the IOR is used by a client, the client invokes necessary security measures such as authentication, authorization and transport protection according to the tagged components.
-
Citations
18 Claims
-
1. A computer readable medium encoded with software for use in a distributed computing domain, said software performing steps comprising:
-
distributing administrative objects and user objects to one or more application servers; allowing a user to declare in a list which objects residing on each application server are to be protected; reading said list by an interceptor; responsive to exportation of a Common Object Request Broker Architecture (“
CORBA”
) compliant Interoperable Object Reference (“
IOR”
) for a listed object, associating by said interceptor one or more application server security flags with interfaces to said listed objects by tagging components of the IOR with one or more security flags; andperforming one or more security operations by an application server according to said security flags tagged to said IOR when a client accesses an application server-stored object, said security operations including an operation besides establishing secure communications between said client process and said server-stored object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An object-level security system in a distributed computing domain comprising:
-
one or more administrative objects and one or more user objects distributed among one or more application servers; a user-declared list of objects residing on each application server which are to be protected; an interceptor configured to read said list, and to, responsive to exportation of a Common Object Request Broker Architecture (“
CORBA”
) compliant Interoperable Object Reference (“
IOR”
) for a list object, to associate one or more application server security flags associated with interfaces to said listed objects by tagging components of the IOR with one or more security flags; andone or more security operations performed by an application server in cooperation with a client process responsive to access by said client process of an object having a tagged IOR, said security operations including an operation besides establishing secure communications between said client process and said server-stored object. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification