Middleware and Web Services Security
Challenges of designing secure distributed applications are due to distribution, scale and object orientation. We will discuss the functionalities and capabilities of the security mechanisms of today...
View ArticleMiddleware and Web Services Security Mechanisms
Learning objectives: Gain a working knowledge of the security mechanisms of current Middleware and Web Services technologies. Overview: Challenges of designing secure distributed applications are due...
View ArticleObject Security Attributes: Enabling Application-specific Access Control in...
This paper makes two primary contributions toward establishing support for application-specific factors in middleware security mechanisms. First, it develops a simple classification framework for...
View ArticleObject Security Attributes: Enabling Application-specific Access Control in...
This presentation makes two primary contributions toward establishing support for application-specific factors in middleware security mechanisms. First, it develops a simple classification framework...
View ArticleOfficial Requirements and Recommendations from Various Organizations on...
This report describes recommendations and official requirements from various organizations that guide architecture of CPR security at BHSSF.
View ArticleOn the Benefits of Decomposing Policy Engines into Components
In order for middleware systems to be adaptive, their properties and services need to support a wide variety of application-specific policies. However, application developers and administrators should...
View ArticleOverview of CORBA Security
Outline: • Introduction into computer security • Security in OO systems • CORBA security model overview • Application access control in CORBA • Resource Access Decision Facility • Further Information
View ArticlePerformance Considerations for a CORBA-based Application Authorization Service
Resource Access Decision (RAD) Service allows separation of authorization from application functionality in distributed application systems by providing a logically centralized authorization control...
View ArticlePreview: Mastering Web Services Security
This presentation gives an overview of the upcoming book on Mastering Web Services Security that I co-authored with my colleagues at Quadrasis.
View ArticleResource Access Decision Facility: Overview
Outline: • Why you need Resource Access Decision Facility • Main aspects of RAD specification design • Main design decisions made by RAD submission team
View ArticleResource Access Decision Server: Design and Performance Considerations
Presentation on the design and the conducted performance measurements of RAD server prototype built at CADSE. Outline: • Introduction • RAD Specification Overview • RAD Prototype Design • Performance...
View ArticleResource Names for Resource Access Decision (Facility)
Presentation given to the joint SecSIG/CORBAmed session on Resource Access Decision facility, as part of the presentation on the revised submission to the OMG Healthcare Resource Access Control RFP....
View ArticleSecurity Engineering for Large Scale Distributed Applications
The way security mechanisms for large-scale distributed applications are engineered today has a number of serious drawbacks. As a result, secure distributed applications are a) very expensive and...
View ArticleSecurity Engineering for Large Scale Distributed Applications
The way security mechanisms for large-scale distributed applications are engineered today has a number of serious drawbacks. As a result, secure distributed applications are a) very expensive and...
View ArticleUpcoming OMG HealthCare Resource Access Control Facility
Outline: • CORBA in 5 minutes • CORBA security model • Why HRAC • HRAC concepts • HRAC framework design • Work status
View ArticleUpdate on Security Domain Membership RFP Proposal
Presentation explains structural design proposed by the SDMM proposal, as it was standing on December 2000.
View ArticleResource Access Decision Service for CORBA-based Distributed Systems
Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent from a particular access control policy and from factors that are...
View ArticleIssues in the Security Architecture of the Computerized Patient Record...
We discuss issues in CPR enterprise security architecture. The main goal is to provide a security environment where a user will be viewed the same across all enterprise systems, and access control...
View ArticleCooperative Secondary Authorization Recycling
As distributed applications such as Grid and enterprise systems scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are...
View ArticleCooperative Secondary Authorization Recycling
As distributed applications such as Grid and enterprise systems scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are...
View ArticleAuthorization Recycling in RBAC Systems
As distributed applications increase in size and complexity, traditional authorization mechanisms based on a single policy decision point are increasingly fragile because this decision point represents...
View ArticleCooperative Secondary Authorization Recycling
As enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures---based predominantly on the request-response...
View ArticleCooperative Secondary Authorization Recycling
As enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are...
View ArticleAuthorization Using the Publish-Subscribe Model
Traditional authorization mechanisms based on the request-response model are generally supported by point-to-point communication between applications and authorization servers. As distributed...
View ArticleTowards Improving the Availability and Performance of Enterprise...
Authorization protects application resources by allowing only authorized entities to access them. Existing authorization solutions are widely based on the request-response model, where a policy...
View Article