Authorization in CORBA security
Abstract
Integration of security and object-oriented techniques is critical for the successful deployment of distributed object systems. The CORBA Security services, first published in December of 1995 by the Object Management Group, is a detailed specification of how to handle security in object systems that conform to the Object Management Architecture. This article provides a rigorous definition of the authorization part of CORBA Security. Its semantics is given in terms of an access control matrix. The dependencies among the authorization elements are analyzed and possible interpretations for access control decision functions are given. The expressivity of the authorization model to define a wide range of policies, in particular mandatory access control, is discussed.