Manualshelf

OSF DCE Application Development Guide--Introduction and Style Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
Chapter 3. Security
For the purposes of the discussion in this chapter, the security services provided by DCE
are assumed to consist of three elements: authentication, access control, and data
protection. (The DCE Audit Service, which is also a part of DCE security, is described
in the .)
The roles of these three elements can be broadly defined as follows (rigorous definitions
can be found in the AES/DC Security volume, which is the definitive exposition of DCE
security):
Authentication establishes whether service requestors are who they say they are.
Access control provides mechanisms that applications can use to establish whether a
given requester is permitted to perform some operation.
Data protection guarantees the secrecy and integrity of data exchanged between
clients and servers.
As with other DCE services, use of the security services raise two kinds of policy
questions. At one level, application programmers must decide which services and levels
of service to employ. At a second level, once a service has been chosen, the application
programmer must make many decisions about how to use it. This chapter covers both
levels of policy, although it focuses mainly on the lower-level policy issues specific to
each service. This emphasis is due both to the fact that the higher-level issues are
relatively few—mainly whether to use a given service or not—and to the belief that it is
far easier to understand the general issues once the specifics are clear.
Security is an especially complex area from the policy point of view. Security systems
must anticipate threats both from human ingenuity and random accident, and it can be
difficult—perhaps impossible—to be confident that no serious threat is being overlooked.
DCE security provides an extensive security model that applications can incorporate in a
few well-integrated chunks. Thus applications can get the benefit of the DCE security
design—and the extensive, specialized analysis that went into it—with relatively little
effort. Applications should avoid creating security solutions ad hoc and should stick
closely to the solutions provided by DCE security. Unless the programmer is a security
specialist, it is extremely unlikely that an application-specific solution will provide better
security than the DCE security services, and it is practically guaranteed that such
solutions will contain unforeseen weaknesses.
124246 Tandem Computers Incorporated 31