An open architecture for secure interworking services

Abstract

There is a developing need for applications and distributed services to cooperate or interoperate. The article describes an architectural approach to security. The key idea is that a process is the universal client entity; a process may act on behalf of an identified individual as in traditional security schemes. More generally, a process may adopt an application specific name or role, and this is used as the basis for authentication in Oasis. A service may then be written in terms of service specific categories of clients, decoupled from the mechanisms used to specify and enforce access control policy. This approach allows great flexibility when integrating a number of services, and reduces the mismatch of policies that is common in heterogeneous systems. In addition, Oasis services may be integrated with alternative authentication and access control schemes, providing a truly open architecture. A flexible security definition is meaningless if not backed by a robust and efficient implementation. Oasis has been fully implemented, and is inherently distributed and scalable. We describe the general approach, then concentrate on revocation, where security designs are most often criticised. Oasis is unique in supporting the rapid and selective revocation of privileges which can cascade between services and organisations.