OSF DCE Application Development Guide--Core Components
Overview of Security
2. Principal A now makes a request to Principal B to perform some operation that
requires the c permission to object d, and presents its certified privilege attributes.
Principal B may grant or deny c access to d after examining the ACL that protects
object d. (An ACL associates the privilege attributes of principals with
permissions to an object.) If c is one of the permissions listed in the ACL granted
to Principal A, then Principal A is allowed to perform the operation; if the c
permission is not granted, A is denied access.
Figure 22-1. Shared-Secret Authentication and DCE Authorization in Brief
Authentication
Service
Privilege
Service
Principal B
Principal A
Requestfor authentication
encrypted in several keys, one
of which is principal A’s key
Request for privilege attributes
”How to contact Privilege Service”
Certified privilege attributes
”Do c to d”
Certified privilege attributes
Response to request
RPC
RPC
RPC
RPC
RPC
RPC
Had the authentication service been unable to decrypt the principal’s
authentication request, the principal would have been unauthenticated and, as a
consequence, unable to acquire certified privilege attributes from the privilege
service. In that case, Principal A might have simply asserted its privilege
attributes to B; that is, claimed them for itself, without the benefit of having the
privilege service certify this data as being genuine. Had Principal A then
presented asserted privilege attributes to Principal B, then B might have denied the
requested permission or granted it, depending on whether B grants permissions to
unauthenticated principals, and whether c is among the permissions that B grants
to such principals.
If Principals A and B are especially sensitive to security concerns, they may
request that transmitted data be checked for integrity to establish whether it has
been modified in transit, and possibly also encrypted to ensure that the data is
unintelligible to any party other than Principals A and B.
124245 Tandem Computers Incorporated 22−5