Authors: Konstantin Beznosov (Baptist Health Systems of South Florida), Carol
Burt (2AB), John Barkley (NIST)

Title: Overview of the Upcoming Specification of Resource Access Decision
Facility

Abstract:

CORBA Security Service, provides a general-purpose infrastructure for
developing distributed object systems in a broad range of specialized vertical
domains. The service defines the interfaces to a collection of objects that
provide a versatile set of services for enforcing a range of security policies
using diverse security mechanisms. Some of these mechanisms require application
systems to be aware of security. Such security models
currently require application system designers to implement complex
access control decisions based on content and context of interactions
between client and target objects.

Security requirements in some domains mandate domain-specific factors
to be used in access control policies. At the same time, commonality
of business domain tasks and security requirements across an enterprise
computing infrastructure requires exercising fine-grained access control
policies in a uniform and standard way.

We will describe Resource Access Decision Facility (RAD) -- a soon to be
adopted facility for authorization of access to application-specific resources.
The facility enables fine-grain application-level access control in such a way
that the functional design of application systems is separated from complexity
and idiosyncrasies of particular enterprise access control policies.
The facility allows decoupling the authorization logic from application
logic by encapsulating the authorization logic into the authorization
facility external to the application. In addition, it allows to have
a multi-policy authorization model, and it permits security administrators
and application developers to maintain a clear separation of responsibilities. 

RAD is by no means a replacement or substitution of standard CORBA Security
service. In fact, the facility requires existence and takes advantage of
CORBA-compliant security infrastructure. The approach taken by the designers of
the standard is of general value and it is applicable to any distributed
computing environment such as Sun RPC, DCOM, DCE or Java.

The design of the authorization service provides a way to have any
level of access control granularity, allows integration with existing
authorization models and systems, and supports dynamic security attributes.
To achieve these benefits, the design requires application-level enforcement
of authorization decisions and assumes agreement on semantics of resource
names between the application developer and the owner.

The presentation will discuss the main aspects of the facility, the major
issues that we encountered during developing the specification, and the lessons
we learned from it.