This talk introduces a new middleware security model with access policies based on "resource descriptors". These are necessary because the available cryptographic identities only represent software entities at the middleware layer, but not individual application-layer clients or targets. As a result, additional descriptors are needed to express fine-grained policies. Useful descriptors need to fulfil properties such as uniqueness and persistency. We obtain such descriptors through a mapping process from instance information to resource descriptors.
As part of the EU funded research project Component Based Open Source Architecture for Distributed Telecom Applications (COACH), we plan to implement and evaluate component based distributed systems (CORBA components and Enterprise Java Beans) for the telecommunications domain. This includes the design and implementation of a security architecture for these new requirements and provides opportunities for interested students and researchers to join the project.