Manualshelf

OSF DCE Application Development Guide--Introduction and Style Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
Security
UUIDs to identify the objects must be created.
The ACLs themselves on the relevant objects must be created.
The ACLs must be stored, indexed by UUID, in the backing store database.
Setting up an ACL manager is a matter of making these eight things happen. The sample
application shows the easiest way of accomplishing this, namely by using the DCE ACL
library. See in particular the routine server_acl_mgr_setup() in sample_server.c.
Note, by the way, that discussing the details of setting up an ACL manager without first
considering the representation and management of the objects themselves is a very
artificial thing to do. The excuse for doing it here is that ACL managers are the subject
of this section. However, keep in mind that ACLs are only an adjunct to the objects they
guard access to. In a real application one would never put the cart before the horse by
working out the details of ACL management before settling on the way object
management itself was to be done.
3.4.3.3 What is an Object?
Network operations are like grammatical sentences: they must have a subject (the client
performing some operation), a predicate (the operation itself), and an object (the
‘‘thing’’ on which the operation is performed). Although meaningful sentences can
sometimes omit some of its grammatical elements, a network operation must always
have all three of its elements.
In any application, distributed or not, an object is any externally accessible resource
which is under the application’s control. Objects can be anything: printers, files, other
machines, data—it all depends on the application. What these things have in common is
that they must be accessed through the application itself. Entities in a distributed
application request the use of these resources, via clients, from the application server;
and the server normally decides whether or not to grant use of a resource to an entity by
examining the object’s ACLs.
The object can have an existence quite independent of the application that manages it.
On the other hand, the state information associated with the object, which the application
must have access to in order to manage the object in a reasonable way, is maintained by
the application and is useful only to it. This information is stored in a backing store
database, where each separate record normally contains the state information for a single
object. An object’s ACLs qualify as state information for the purposes of this
discussion.
124246 Tandem Computers Incorporated 3 25