All: Random Walk Computing has been building applications for the financial enterprise using Java and CORBA since late 1995. The following absract describes a CORBA-based Permissioning (Entitlements) service built for a major Financial Asset Management firm. Please respond or send questions to : Lloyd Altman General Manager, Capital Markets Practice Random Walk Computing 11 Broadway, 7th Floor Phone : (212)480-5820 x248 New York, NY 10024 FAX (212)480-9541 Email: laltman@randomwalk.com ------------------------------------------- Financial Domain Application Layer Permissioning: Random Walk Computing’s Entitlements Service The following proposal describes how the CORBA-based Entitlements Service built by Random Walk Computing addresses the problem domain of application layer security. The application-specific domain is Financial Asset Management. The Entitlements Service is not currently built on a general DOCsec service, given the relative immaturity and heavy infrastructural requirements of DOCsec implementations available at the time. However, in presenting the specific requirements and design of a CORBA-based production financial entitlements model, we hope to provide insight to the DOCsec community into one kind of application to which DOCsec product-based infrastructures could be applied broadly in the financial domain. Service Description The Entitlements Service provides means of assigning and checking user profiles and permissions. A profile represents a particular role, for example, an administrator, a bond trader, or a user of a particular application. A permission represents a right to perform a particular action with respect to a particular object. Many permissions can be associated with a profile: for example, an application user may have the right to subscribe to real-time currency information, and also the right to access a particular database. Permissions may either grant or deny a particular right. The Entitlements service handles two types of permission systems: action permissions and category permissions. Action permissions are application-specific. Applications can check to see if a user has been granted or denied the ability to take a given action. Actions might include "trade bonds" or just "trade" or any other action for which a specific application requires permissions. Category permissions are general classes of items, such as "country" or "account". The method for dealing with action permissions is slightly different than that of category item permissions with regard to their default behaviors. If a profile exists without any action permissions for an application, then no actions are permitted in that application. However, if no category item permissions exist for a category, then the user implicitly has all privileges for all items in the category. To prevent accidental combinations of profiles from granting too many privileges, each profile should be set up explicitly restricting what cannot be done in conjunction with its permissions. Since restrictions always override permissions, this prevents any unintended side effects of assigning multiple profiles to a user. Architecture The architecture is n-tiered. Client applications are either new applications written in Java or legacy, two-tiered desktop applications written in Visual Basic or C and communicating to the relational database (Sybase) via stored procedures. In order to facilitate integration with the legacy applications, the Entitlements system provides a complete stored procedure API as well as a Java/CORBA API. A comprehensive Entitlements Administrative application allows data management personnel to create and maintain user Entitlements. Since this application exercises each Entitlements API call, Random Walk was able to use it for both System testing and User Acceptance Testing. The client for whom the Entitlements system was built commissioned an independent firm to review the architecture and perform failover and stress testing. Random Walk will share the results of these tests as part of the presentation.