ObjectBroker and DCE Security

By John H. Parodi
Consulting Technical Writer
Digital Equipment Corporation


When it comes to robust, scalable security for distributed heterogeneous systems, DCE Security is the only game in town. That makes ObjectBroker and DCE security a very attractive combination.

ObjectBroker is Digital Equipment Corporation's implementation of the Object Management Group's Common Object Request Broker Architecture (CORBA). An Object Request Broker, or ORB, is software that translates a client program's requests for a service into actions by a specific server, regardless of where client and server happen to reside on the network. In order to achieve this, ORB software must be distributed across all the participating computers on the network.


BECAUSE DCE SECURITY PROVIDES GLOBAL USER IDENTITIES, ITS INTEGRATION WITH OBJECTBROKER HAS TWO SIGNIFICANT ADVANTAGES. FIRST, THE SYSTEM DOES NOT NEED TO DEAL WITH THE DIFFERENT SECURITY MECHANISMS AND AUTHENTICATION FEATURES ON DIFFERENT CLIENT PLATFORMS, AND SECOND, GLOBAL USER IDENTITIES MEAN THAT THERE IS NO NEED TO USE PROXIES.

ObjectBroker is built for use by large enterprises in a production environment, which presents several tough requirements. The ORB must perform its many functions across platforms from many different vendors, and of course it must also provide the operational security expected by a large enterprise.

The important aspects of ORB security are:

  1. authentication, or verification of a user's identity,
  2. authorization information, or the system's database describing which users can perform which actions, and
  3. access control, which is the examination of authorization information and either allowing or preventing attempted actions.

Security in ObjectBroker is implemented as a replaceable subsystem which can be dynamically loaded by the ORB. In general, a user's authorization information is maintained in the form of an Access Control List (ACL), which is a roster of which users can perform actions such as accessing specific servers, accessing methods within a server, or starting a server on a host.

"Proxy" security

Figure 1 (at right) illustrates how ObjectBroker security controls access to functions requested by clients and delivered by servers. Note that both "proxy" security and GSS-API (Generic Security Services Application Programming Interface) security can be used simultaneously in an ObjectBroker configuration.

Because most existing security mechanisms do not provide the concept of global identity for a user (that is, an identity known to all computer nodes in a distributed system), ObjectBroker can use "proxy" security, in which the node/username associated with a request is trusted to be as claimed. "Proxy" security uses a mechanism in which a system administrator maps a user identity on a remote client system to a proxy account on the server's host system. In this approach, an access control decision is based on the authorization information for the proxy account.


click here to view full size

Because DCE security provides global user identities, its integration with ObjectBroker has two significant advantages. First, the system does not need to deal with the different security mechanisms and authentication features on different client platforms, and second, global user identities mean that there is no need to use proxies.

ObjectBroker V2.6 is integrated with DCE Security via DCE's support for GSS-API. ObjectBroker users now have the ability to use an open, industrial-strength security mechanism that is both robust and scalable across large, multi-vendor distributed systems. DCE Security provides ObjectBroker with authentication, mutual authentication, and protection against replay and sequencing attacks.

Security options for
system administrators

This support for DCE security makes it easy to integrate ObjectBroker with DCE-based software systems. And because this support is implemented by way of the standard DCE GSS-API, ObjectBroker gives customers additional options in choosing and integrating GSS-API-compliant third-party authentication packages, as they become available.With ObjectBroker's security features, system administrators have the option to:

The future

Today, DCE Security functions are made available through an ObjectBroker API; in a future release, these functions will be accessible via standard OMG Interface Definition Language constructs. Note that neither clients nor servers use the GSS-API directly. In practice, clients get credentials by simply logging into the DCE system, while servers acquire credentials by way of an encrypted password in a DCE-controlled file. Clients have the ability to explicitly turn mutual authentication on and off.

ObjectBroker V2.6 and DCE Security are available on the following platforms:

In the future, as DCE Services are implemented on other platforms, and as other GSS-API-compliant security products are built, the list of supported platforms will expand. Most of the security products "on the horizon" are based on Kerberos, but there is nothing that prevents other security technologies (e.g., smartcard, biometrics, etc.) from being used the authentication mechanism beneath GSS-API.


HP-UX is a trademark of Hewlett-Packard Company. IBM and AIX are registered trademarks of International Business Machines Corporation. SunOS and Solaris are trademarks of Sun Microsystems, Inc. ObjectBroker is a trademark of Digital Equipment Corporation. Windows NT and Windows are trademarks of Microsoft Corporation. UNIX is a trademark of UNIX Systems Laboratories.


RETURN TO TABLE OF CONTENTS