This talk discusses the difficulties of describing an appropriate notion of the security attributes 'caller' and 'target' in object-oriented middleware systems such as CORBA.
Our analysis identifies that, while there is no information available in the ORB layer to describe the caller and target, it is possible in practice to use descriptors from other layers. In CORBA security, the security mechanism identity on the caller side and the information from the object reference on the target side turn out to be appropriate and trustworthy for describing client and target application objects at the right granularity. As a proof of concept I will briefly present our MICOSec CORBA Security implementation which was designed according to the results of this paper and demonstrates the feasibility of our approach.
Our research shows that it is unrealistic to expect a security service layer to be able to abstract fully from the underlying security mechanisms without severe granularity implications and semantic mismatches.
A paper draft is available on http://www.objectsecurity.com/CORBAsec.pdf