524 DISTRIBUTED OBJECT-BASED SYSTEMS CHAP. 9
an invocation. In addition, there is also a message-level secure invocation interceptor that takes care of implementing the message protection. In other words, this interceptor is able to encrypt requests and responses for integrity and confidentiality.
Client application Object implementation
Access control interceptor |
Access objects |
|
Access objects |
Access control interceptor |
Secure invocation interceptor |
Vault object
Security context
|
Vault object creates security context |
Vault object
Security context
|
Secure invocation interceptor |
Local OS Local OS
Invocation
Network
Figure 9-20. The role of security interceptors in CORBA.
The secure invocation interceptor plays a crucial role, as it is responsible for setting up a security context for the client that will allow secure invocations of the target object. This security context, represented by means of a security context object, contains all the necessary information and methods for securely invoking the target object. For example, it describes which mechanism to use, offers methods to encrypt and decrypt messages, stores references to credentials, and so on.
The object’ s server will also have to create its own security context object. The client interceptor will therefore generally first send a message to the object server containing the necessary information to authenticate the client and to let the server create a security context for subsequent invocations. Note that the secure invocation interceptor at the object’ s server will check the object-specific policy objects to see whether and how all security requirements can be met. The response returned to the client may include additional information that will allow the client to authenticate the server.
After this initial exchange of messages, the client will be bound to the target object, and the two will have established what is generally referred to as a security association. From there on, secure invocations can take place by which the secure invocation interceptors protect the request and response messages following the policy agreed upon between the client and object server.
A crucial role in setting up a security association is played by a separate object with a standardized interface, called the vault object. The vault object is called by the secure invocation interceptors to create a security context object.