bean provider A role in an EJB lifecycle that is responsible for producing enter- prise beans in the form of EJB JAR files containing one or more enterprise beans. The JAR files include Java classes that implement the enterprise bean’s business methods, definitions of the bean’s remote and home interfaces, and the deploy- ment descriptor. class A named description of a set of objects that share the same attributes, oper- ations, relationships, and semantics. client stub An element generated by the IDL compiler as part of the client code that acts as a proxy of the object for the client. The client code calls a locally residing stub, which makes calls on the rest of the ORB, using interfaces that are private to, and presumably optimized for, the particular ORB core. COM+ The next generation (after COM) in the evolution of Microsoft distributed computing architecture. It integrates Microsoft Transaction Server into COM and provides a messaging alternative, based on Microsoft Message Queue tech- nology, for COM calls. component The fundamental building block of distributed software applications. Each component has one or more interfaces that provide the points of entry for calling programs. An interface, which is defined in terms of operations (also called methods), encapsulates a component and ensures that a component is modular. composite delegation A form of delegation in which both the client privileges and the immediate invoker’s privileges are passed to the target, so that both the client privileges and the privileges from the immediate source of the invocation can be individually checked. confidentiality A security property ensuring that information is disclosed only to the authorized subjects. constrained delegation Synonymous with controlled delegation. container A rich runtime environment that provides an array of application ser- vices, allowing the application developer to concentrate on building the applica- tion rather than the supporting infrastructure. controlled delegation A form of delegation in which a client can impose con- straints on what privileges can be delegated to what intermediates. Also known as constrained delegation or restricted delegation. cookie A small piece of information sent by a Web server to be stored on a Web browser so it can later be read back from that browser. Glossary 397 CORBA Common Object Request Broker Architecture. CORBA is an open, ven- dor-independent specification for an architecture and infrastructure that com- puter applications use to work together over networks. CORBA Security (CORBASec) The CORBA Security service as defined in OMG 2000a. credentials A container for a subject’s security attributes. CSIv2 Common Secure Interoperability version 2 (CSI, 2000). A recent addition to the CORBA security specification that defines a protocol for transmitting authentication and authorization data over IIOP. DAC See Discretionary Access Control. Data Encryption Standard (DES) A popular encryption algorithm standardized by the U.S. National Bureau of Standards. It is a product cipher that operates on 64-bit blocks of data, using a 56-bit key. It is defined in the Federal Information Processing Standards (FIPS) 46-1 (1988), which supersedes FIPS 46 (1977). DES is identical to the ANSI standard Data Encryption Algorithm (DEA) defined in ANSI X3.92-1981 (FOLDOC 2002). data tier A tier in the enterprise computing architecture that usually consists of database servers and mainframe-based repositories providing access to data. DCE See Distributed Computing Environment. DCOM See Distributed Component Object Model. delegation A feature of distributed systems that allows intermediate servers to act on behalf of the originating subject. demilitarized zone (DMZ) A part of the network that is neither part of the internal network nor directly part of the private network. Typically, this is the area between the public network (such as the Internet) access router and the enterprise bastion host, although it can be located between any two policy-enforcing areas. denial of service Prevention of authorized access to a system resource or the delaying of system operations and functions (TIS 2000). deployer See bean deployer. deployment descriptor A file that provides both the structural and application assembly information about the enterprise beans in the EJB JAR file. 398 Glossary DES see Data Encryption Standard. digital certificate A certificate document in the form of a digital data object (a data object used by a computer) to which is appended a computed digital signa- ture value that depends on the data object (TIS 2000). digital signature A value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data’s origin and integrity (TIS 2000). directory service A distributed service that provides the ability to look up objects by their keys or attributes. Discretionary Access Control (DAC) An access control model based on “restrict- ing access to objects based on the identity of subjects or the groups to which they belong. The controls are discretionary in the sense that a subject with a cer- tain access permission is capable of passing that permission (perhaps indirectly) on to any other subject” (DoD 1985). Distributed Component Object Model (DCOM) Microsoft’s extension of their Component Object Model (COM) to support objects distributed across a network. DCOM has been submitted to the IETF as a draft standard (FOLDOC 2002). Distributed Computing Environment (DCE) A computing environment stan- dardized by the Open Group that provides the following integrated facilities: Remote Procedure Call, Directory Services, Security Service, Threads, Distrib- uted Time Service, and Distributed File Service. DMZ See demilitarized zone. document type definition (DTD) A description of the markup elements avail- able in any specific type of XML or SGML document. DTD See document type definition. EAI See Enterprise Application Integration EASI See Enterprise Application Security Integration e-business The use of the Internet technology to help businesses streamline processes, improve productivity, and increase efficiency. E-business enables companies to easily communicate with partners, vendors, and customers, con- nect back-end systems, and conduct commerce in a secure manner. Glossary 399 ebXML A joint activity by OASIS and the United Nations Center For Trade Facil- itation and Electronic Business (UN/CEFACT), whose goal is to define stan- dards for the formatting and transmission of electronic commerce data, describe business processes, and negotiate business terms and responsibilities. It is hoped that by assuming Internet standard protocols and using XML that the cost of implement ebXML will be less than the cost of EDI. e-commerce Commerce conducted electronically with the use of the Internet technology. It includes an online display of goods and services, ordering, billing, customer service, and the handling of payments and transactions. EDI See Electronic Data Interchange. EDIFACT See Electronic Data Interchange for Administration, Commerce and Transport. EJB See Enterprise JavaBeans. electronic data interchange (EDI) The exchange of standardized document forms between computer systems for business use (FOLDOC 2002). Electronic Data Interchange for Administration, Commerce and Transport (EDI- FACT) ISO’s 1988 standard (ISO 9735) for electronic data interchange for administration, commerce and transport. It defines application-layer syntax. It was amended and reprinted in 1990. The document is available from ISO’s Web site (FOLDOC 2002). encryption The cryptographic transformation of data (called “plaintext”) into a form (called “ciphertext”) that conceals the data’s original meaning to prevent it from being known or used. If the transformation is reversible, the corresponding reversal process is called “decryption,” which is a transformation that restores encrypted data to its original state (TIS 2000). Enterprise Application Integration (EAI) A methodological approach supported by a set of technologies that allows flexible integration of applications in order to support enterprise business processes. Enterprise Application Security Integration (EASI) A special case of Enterprise Application Integration that enables the use of many different security technolo- gies, and, as a result, provides the framework for secure EAI. Enterprise JavaBeans (EJB) Architecture for component-based distributed com- puting from Sun. Enterprise beans are components of distributed transaction- oriented enterprise applications. entitlement A business access rule that describes the decision criteria applied when a user attempts to access an application resource. 400 Glossary entitlement management Administration and maintenance of the various permis- sions, roles, privileges, and login rights for an organization’s information systems users, including suppliers, partners, customers, and employees. Resources include client/server applications, legacy applications, and Web pages. entitlement server A particular type of authorization server that can provide entitlement-based fine-grained access control for the mid-tier. eXtensible Access Control Markup Language (XACML) A specification for expressing access control policies over the Internet. Extensible Markup Language (XML) A markup language standardized by the W3C that defines a simple dialect of SGML suitable for use on the Web. extranet the extension of a company’s intranet out onto the Internet, for example, to allow selected customers, suppliers and mobile workers to access the com- pany’s private data and applications via the World Wide Web. This is in contrast to, and usually in addition to, the company’s public Web site, which is accessible to everyone (FOLDOC 2002). federation A system in which each party retains most of its authority and agrees to afford the other limited rights. firewall A hardware device or a software program running on a secure host com- puter that protects networked computers from intentional hostile intrusion, which could result in a security breach. forward trust evaluation A CSIv2 term that refers to the evaluation of trust based on rules provided by the caller. framework A set of services, designs, architectures, or systems that embodies an abstract solution to a number of related, concrete problems. hacker A person who enjoys the intellectual challenge of creatively overcoming or circumventing limitations (FOLDOC 2002). Frequently, malicious intruders are also called hackers. HTML See Hypertext Markup Language. HTTP See Hypertext Transfer Protocol. HTTPS See Hypertext Transfer Protocol, Secure. Hypertext Markup Language (HTML) Built on top of SGML, a hypertext document format used on the WWW. Glossary 401 Hypertext Transfer Protocol (HTTP) A client/server TCP/IP protocol used on the WWW for the exchange of HTML documents. Hypertext Transfer Protocol, Secure (HTTPS) A variant of HTTP used for connecting to HTTP servers using SSL. IDL See Interface Definition Language. IETF See Internet Engineering Task Force. IIOP See Internet Inter-ORB Protocol. IIS See Internet Information Server. impersonation The act whereby one principal assumes the identity and privi- leges of another principal without restrictions and without any indication visi- ble to recipients of the impersonator’s calls that delegation has taken place (OMG 2000a). There is still debate over this definition. For consistency, we use the CORBASec definition. initiator A client who originated a chain of client/server calls. integrity A security property ensuring that information is modified only by the authorized subjects. interceptor An object that provides one or more specialized services at the ORB invocation boundary based upon the context of the object request (OMG 2000a). interface A boundary across which two systems communicate. In software systems, an interface is an agreed upon convention used for interprogram communications, including function calls. Interface Definition Language (IDL) A language used for defining interfaces to distributed objects accessible via middleware. It’s often used to refer specifically to the IDL defined by the OMG as part of CORBA. intermediate An object in a call chain that is neither the initiator nor the final target. Internet Engineering Task Force (IETF) A large, open international community of network designers, operators, vendors, and researchers whose purpose is to coordinate the operation, management, and evolution of the Internet and to resolve short- and mid-range protocol and architectural issues (FOLDOC 2002). Internet Information Server (IIS) Microsoft’s Web server and FTP server for Windows platforms. 402 Glossary Internet Inter-ORB Protocol (IIOP) A standard protocol used for communica- tions between CORBA-compliant ORBs over TCP/IP networks. IIOP is defined as part of CORBA. Internet Protocol (IP) A connectionless, best-effort packet switching protocol used at the network layer for the TCP/IP protocol suite. IP provides packet routing, fragmentation, and reassembly. Internet Protocol Security (IPSEC) A protocol that provides security for the transmission of sensitive information over unprotected networks such as the Internet. IPsec acts at the network layer, protecting and authenticating IP pack- ets sent between participating devices (FOLDOC 2002). IETF documents related to the IPsec can be found at http://www.ietf.org/ids.by.wg/ipsec.html. Internet Server Application Programming Interface (ISAPI) Microsoft’s program- ming interface between applications and their Internet Server. Active Servers cre- ated with ISAPI extensions can be complete in-process applications themselves, or can “connect” to other services. ISAPI is used for the same sort of functions as Common Gateway Interface (CGI) but uses Microsoft Windows dynamic link libraries (DLL) for greater efficiency. The server loads the DLL the first time a request is received and the DLL then stays in memory, ready to service other requests until the server decides it is no longer needed. This minimizes the over- head associated with executing such applications many times (FOLDOC, 2002). Internet service provider (ISP) A company that provides other companies or individuals with access to, or presence on, the Internet (FOLDOC 2002). Interoperable Object Reference (IOR) A CORBA object reference in a format specified by CORBA that enables interoperability of object references. intrusion detection A process of monitoring and analyzing system events for the purpose of finding and providing real-time or near real-time warning of attempts to access system resources in an unauthorized manner. IOR See Interoperable Object Reference. IP See Internet Protocol. IPSEC See Internet Protocol Security. ISAPI See Internet Server Application Programming Interface. ISP See Internet service provider. J2EE See Java 2 Platform, Enterprise Edition. Glossary 403 J2SE See Java 2 Platform, Standard Edition. Java 2 Platform, Enterprise Edition (J2EE) Sun’s Java platform for multitier server-oriented enterprise applications. The basis of J2EE is EJB (FOLDOC 2002). Java 2 Platform, Standard Edition (J2SE) Sun’s core Java platform for clients and servers. Java Web Services Developer Pack (JWSDP) An integrated toolset that, in con- junction with the Java platform, allows Java developers to build, test, and deploy XML applications, Web services, and Web applications. The Java WSDP provides Java standard implementations of existing key Web services standards, including WSDL, SOAP, ebXML, and UDDI, as well as important Java standard implementations for Web application development such as JavaServer PagesTM (JSPTM pages) and the JSP Standard Tag Library (Sun 2002a). JWSDP See Java Web Services Developer Pack. Kerberos A system developed by project Athena at the Massachusetts Institute of Technology and named for the three-headed dog guarding Hades. It imple- ments a ticket-based, peer entity authentication service and an access control service distributed in a client/server network environment, using passwords and symmetric cryptography. lattice A partially ordered set in which all finite subsets have a least upper bound and greatest lower bound. lattice-based MAC An access control model based on comparing security classifica- tions (which indicate how sensitive or critical system resources are) with security clearances (which indicate subjects that are eligible to access certain resources). It’s called “mandatory” because a subject that has clearance to access a resource may not, just by its own volition (that is, at its discretion), enable another subject to access that resource. Because a system of security labels (a general name for classi- fications and clearances) constitutes a lattice, the model is called lattice-based. LDAP See Lightweight Directory Access Protocol. least privilege principle A security principle that requires users to operate with the minimum set of privileges necessary to do their jobs. legacy security Security infrastructure and technologies that are developed and deployed by the enterprise to support an old enterprise architecture and that do not satisfy the requirements of the current enterprise architecture. 404 Glossary Lightweight Directory Access Protocol (LDAP) A protocol for accessing online directory services, which defines a relatively simple protocol for updating and searching directories running over TCP/IP. Mandatory Access Control (MAC) See lattice-based MAC. method An association between a name and a procedure, routine, or some other action execution, which is encapsulated in an object in an object-oriented pro- gramming language (for example, Java) or other computing environment (for example, EJB). method permission A permission to invoke a specified group of methods of the enterprise beans’ home and remote interfaces. Method permissions are defined in the corresponding sections of an EJB deployment descriptor. middle tier A tier in the enterprise computing architecture between the perime- ter and data tiers. The middle tier consists of business applications that imple- ment business logic. middle tier (mid-tier) security A security infrastructure that protects mid-tier systems. middleware Software that mediates between an application program and a net- work by managing the interactions between disparate applications across the heterogeneous computing platforms. mid-tier See middle tier. MIME See Multipurpose Internet Mail Extensions. Multipurpose Internet Mail Extensions (MIME) A standard for multipart, multimedia electronic mail messages and World Wide Web hypertext docu- ments on the Internet. MIME provides the ability to transfer nontextual data, such as graphics, audio, and faxes. It is defined in the following IETF RFCs: 2045, 2046, 2047, 2048, and 2049 (FOLDOC 2002). .NET Framework Microsoft’s environment for building, deploying, and running applications. nonrepudiation The provision of evidence that prevents a participant in an action from convincingly denying his responsibility for the action (OMG 2000a). OASIS See Organization for the Advancement of Structured Information Standards. Glossary 405 object “A unique instance of a data structure defined according to the template provided by its class. Each object has its own values for the variables belonging to its class and can respond to the messages (methods) defined by its class” (FOLDOC 2002). In the context of security, object is a synonym for resource. Object Management Group (OMG) A consortium founded in 1989 by 11 compa- nies to create a component-based software marketplace by hastening the intro- duction of standardized object software. In 2000, it had about 800 members. The organization’s charter includes the establishment of industry guidelines and detailed object management specifications to provide a common framework for application development. The major technologies developed by the OMG mem- bers are CORBA and UML. object reference A data structure used as a handle through which a client requests operations on the corresponding object. Object Request Broker (ORB) The core part of CORBA middleware that facili- tates communications among distributed objects. An ORB is responsible for finding remote objects, handling parameter passing, and returning results, among other things. OMG See Object Management Group. operation A CORBA equivalent to a method in object-oriented programming languages. ORB See Object Request Broker. Organization for the Advancement of Structured Information Standards (OASIS) A not-for-profit, global consortium that drives the development, con- vergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web services, XML conformance, business transactions, electronic publishing, topic maps, and interoperability within and between marketplaces. Its Web page is www.oasis-open.org. owner-based DAC A Discretionary Access Control model in which for each resource there is a subject who is said to be the resource’s owner and who man- ages the resource’s access rights. PAC See Privilege Attribute Certificate. perimeter tier A tier in the enterprise computing architecture that usually con- sists of Web servers implementing presentation logic. 406 Glossary [...]... “Java Technology & Web Services Frequently Asked Questions.” Sun Microsystems, http://java.sun.com/webservices/faq.html, 2002 Sun, Java Web Services Developer Pack Home Page, http://java.sun.com/webservices /webservicespack.html, 2002a Tapadyia, Pradeep, COM+ Programming: A Practical Guide Using Visual C++ and ATL Upper Saddle River, NJ: Prentice Hall PTR, 2001 Tapang, Carlos C Web Services Description... Glossary W3C See World Wide Web Consortium See Web Application and Services Platform WASP Web Application and Services Platform (WASP) A platform-independent, standards-compliant set of infrastructure products offered by Systinet (www.systinet.com) for building Web Services solutions Web Service An application that exposes a programmatic interface using standard Internet protocols Web services are designed... application that does not use any of the security services provided by a security framework A security self-reliant application may not use the security services because it has no security relevant functionality and thus does not need to be secured or because it uses separate independent security functions that are not part of the defined ESI security framework security trustworthiness The ability of... authentication, 308– 310 framework authorization, 310 311 framework problem solving, 317 initiator security claims, 303 Internet vs intranet/extranet, 322 Java/.NET platforms, 296–297 JWSDP example, 311–317 layered security, 290–291 Liberty Alliance, 320–322 mid-tier security, 294–297 perimeter security, 291–294 security architecture, 356–357 security context maintenance, 301–302 security framework, 305–307 security. .. and Roadmap”, http://msdn.microsoft.com/library/default.asp?url=/library/en-us /dnwssecur/html/securitywhitepaper.asp, 2002 IBM, Microsoft, and Verisign Web Services Security (WS -Security) , Version 1.0, April 5, 2002.” http://www -106 .ibm.com/developerworks/webservices/library /ws-secure/, 2002b IETF “RFC 1 510, The Kerberos Network Authentication Service, V5.” 1993 IETF “RFC 2195, IMAP/POP AUTHorize... governing that subject security audit The independent examination of records and activities to ensure compliance with established security policies security authority An entity that establishes security policies security- aware application An application that uses security APIs to access and validate the security policies that apply to it Security- aware applications may directly access security functions... 365 requirements, 372–375 scalability, 366 secure exchange with eBusiness, 361–362 security APIs, 370–371 security architecture overview, 366–369 security requirements, 360–362 system characteristics, 141–143, 147–149 tokens, 141 WASP example, 271–280 Web Services example, 133–134 Web Services security example, 19–22 WS -Security, 372 e-supply chain management, 1 EventLog class, 253–254 Extensible Markup... humans Web Services Description Language (WSDL) An XML format for describing Web services WSDL specification defines a language for describing the abstract functionality of a service, as well as a framework for describing the concrete details of a service description Web Services Toolkit (WSTK) A software toolkit from IBM that supports the development of Web Services applications World Wide Web Consortium... monitoring, 54 firewalls, 381 information security goal, 5 mid-tier security, 56 nonrepudiation, 9 policies, 356 security audits, 9 security requirement, 9 VPNs, 381 Accredited Standards Committee (ASC) X12, 26 administration COM+, 195–196 CORBA, 186 distributed security, 173–174 EJB, 213–215 Security Policy servers, 387–388 security requirement, 9 See also security administration administrative interfaces,... 221 authorization ASP.NET ePortal example, 67, 70 back-office security, 385 coarse-grained policies, 64 core security service, 17 fine-grained policies, 64 firewalls, 383 interoperability, 300–301 interoperability framework, 310 311 Java Web Services, 267 mid-tier security, 56 policies, 357–358 resource access control, 54 SAML, 108 , 114–115 security requirement, 9 user permission, 63–64 VPNs, 383 authorization . See Web Services Description Language. WS -Security A specification describing how to attach signature and encryption information, as well as security tokens, to SOAP messages. WSTK See Web Services. directly access security functions that enable the applications to perform additional security checks and fully exploit the capabilities of the security infrastructure. security context The security. 2000a). security self-reliant application An application that does not use any of the secu- rity services provided by a security framework. A security self-reliant application may not use the security