由 george 发布于: 2001-03-05 06:02

Security: ensuring authorized use only

When enterprise computing was handled solely by a few powerful mainframes located in
information systems (IS) sites, ensuring that only authorized users obtained access to
computing services and information was a fairly straightforward task. In distributed computing
systems, where users, application servers, and resource managers can be spread out across
the world, securing computing system resources has become a much more complicated task.

Although there are many issues associated with providing security in a distributed computing
system, the underlying issues have not really changed very much. A good security service
provides two main functions: authentication and authorization.

Authentication takes place when a principal (a user or a computer process) initially attempts
to gain access to a computing resource. At that point, the security service challenges the
principal to prove that the principal is who it claims to be. Human users typically prove who
they are by entering their user IDs and passwords; whereas a process normally presents an
encrypted key. If the password or key is valid, the security service gives the user a token or
ticket that identifies the principal and indicates that the principal has been authenticated.

After a principal is authenticated, it can then attempt to use any of the resources within the
boundaries of the computing system protected by the security service; however, a principal
can use a particular computing resource only if it has been authorized to do so. Authorization
takes place when an authenticated principal requests the use of a resource and the security
service determines if the user has been granted the privilege of using that resource. Typically,
authorization is handled by associating access control lists (ACLs) with resources that define
which users or processes (or groups of users or processes) are authorized to use the resource.
If the principal is authorized, the principal gains access to the resource.

In a distributed computing environment, principals and resources must be mutually suspicious
of each other's identity until both have proven that they are who they say they are. This is
necessary because a principal can attempt to fake its identity to get access to a resource, and
a resource can be a trojan horse, attempting to get valuable information from the principal. To
solve this problem, the security service contains a security server that acts as a trusted third
party, authenticating principals and resources so that these entities can prove their identities to
each other.