As more business is done on computers, and particularly as more business is done and information is exchanged across and within computer networks using distributed applications, security management features, such as access control for determining which application users, based on their roles and security permissions, may obtain access to which data or other computerized resources across these computer networks becomes increasingly important. Access control involves logic for deciding whether an application user should be given access to a particular computing resource. For example, access control can provide differing levels of database access in terms of which rows and columns may be accessed by a user for reading or updating
In Component Object Model (COM) based systems users logging into a computing resource are authenticated by user name and password. COM is a software architecture that allows a distributed system to be realized using components that provide interoperability. Components are generally software including groupings of logical functions that comprise interfaces. Components can be, for example, a database read component or a database write component, which can be configured to provide access permissions to users based on their roles, such as administrators, analysts, end users, and operators. COM servers hereby referred to as servers are executable modules that has a process space of its own in the operating system. A dynamic link library is a set of source code functions with file extension .dll that requires a server to load it and execute the code. Microsoft Corporation has developed a Microsoft Transaction Server (MTS) infrastructure that aids in COM development on Windows platforms, such as Windows® 95, 98, 2000, XP, and NT. Distributed Component Object Model (DCOM) systems, may comprise more than one server or module that interact with each other to provide services. These servers can run on several computing machines including different computing resources.
In such COM based systems, when the user has been authenticated, the system lets the user gain access to data to which he has been granted permission. In addition, based on the user's roles, the user can be permitted or denied to perform subsequent operations on the system. For example, a configuration application may allow one user to download configuration data to a panel, and may not allow another user to perform the same operation. In COM based systems, comprised of many servers, it may also be necessary to prevent users from accessing these servers directly, bypassing the login mechanism. Currently in COM based systems, different systems address access control needs in different ways, generally dictated by the application being used. These would typically be application specific and the implementation of the access checks need to be done by all the servers. This results in overhead in terms of access check being done more than once, if an operation spans across many servers. Besides there is no generalized way to prevent external users from using the servers, directly bypassing the login mechanism.
In an MTS infrastructure, there is generally a tight coupling between the functionality of the components in the system and the security needs. Therefore security needs and the interface of COM components in the MTS infrastructure need to be considered during the design phase. For example, COM interfaces may include customer data read, panel data read and so on. Security needs may require administrators and analysts to have access to customer data, whereas operators or end users may only need access to panel data. Therefore, security needs have to be decided during the design phase. Reprogramming systems later to adapt to new conditions, such as new levels of access or new groups to whom access may be granted, can be very cumbersome and can require changing the code and the design itself and this generally may not be a feasible solution. It is generally not possible to dynamically reconfigure access permissions in MTS based security infrastructures. It is also not possible to change the access information dynamically while the system is running and have the changes take effect immediately.
Further, in an MTS infrastructure, security and access control is generally operating system dependent. For example, MTS security and access control based on the Windows® NT authentication scheme, may not work in other Windows® operating environments, such as Windows® 95 and 98.
Currently, there is no common infrastructure to handle security or access controls in COM based systems. Therefore, whenever new components/servers are added, security implementation will need to be repeated to include the additional components and servers. Generally, security solutions in MTS infrastructures are specific to each application and there is no standardized way of handling the security needs of applications needing various levels of security, such as record level, field level, or based on a user activity. Also, in MTS infrastructures, users are checked for access permission more than once when the operation involves using more than one component. This can be a significant performance overhead.