Distributed applications are now well-known. Examples include the distributed application formed by a combination of a web-browser and web-server. Another example is the global e-mail system supported on top of the Internet.
User configuration of such distributed applications is also well-known. For example, the user of a web-browser is able to control whether a web-site is able to store cookies on his computer. Similarly, the user of an e-mail client program is able to set rules which dictate how his computer handles incoming mail.
However, it is often the case that an administrator of a distributed computer or computer network wants to control the operation of such a distributed application without requiring action on behalf of a user. For example, an administrator of a corporate network might wish to prevent employees from accessing web-sites featuring adult content or offering gambling services. Similarly, an administrator might wish to prevent e-mail users from receiving spam e-mails.
An administrator can achieve such ends by appropriately configuring a computer which intercepts requests for web-pages from employee's browsers or intercepts e-mails destined for an employee. Such computers are sometimes known as application-level firewalls.
Security in a distributed computer running a distributed application may be applied on a per-message basis (distributed applications normally work by passing messages between computers running components of the distributed application). This is known as message-level enforcement. Message-level enforcement is typically implemented using so-called ‘interceptors’. The term interceptors is used herein in the broadest sense, to describe functionality that can be used to process a message.
For large networks, it is known to allow the administrator to configure a network using so-called ‘policies’. These are often a set of condition-action rules which network elements can interpret. By copying the sets of rules to many network elements the task of configuring the network is made easier for the network administrator. An object-oriented information model for this type of policy is seen in the IETF's RFC 3060. US Patent Application 2004/0193912 discloses the use of policies to control a computer network.
The idea of building distributed applications from components created by different parties has recently received much attention, Although the concept of remote procedure calls and remote method invocations has been known for decades, only more recently has the problem of interfacing components written by different people in different programming languages been tackled. One important enabling technology for distributed applications of this type are implementations of the CORBA specification produced by the Object Management Group. CORBA stands for Common Object Request Broker Architecture, and involves the use of an Object Request Broker in passing method invocations from a subject to a target. A more recent example is the ‘Web Services’ specification. Software which enables the inter-operation of components running on different platforms is known as ‘middleware’.
The CORBA standard applies a narrower meaning to the word ‘interceptor’ that the definition given above. In particular, in chapter 21 of the standard, it says ‘Portable Interceptors are hooks into the ORB through which ORB services can intercept the normal flow of execution of the ORB.’
Systems and methods of building sequences of interceptors (in accordance with the narrower definition given above) are discussed in international patent application WO 00/45256, published on 3 Aug. 2000. This application describes methods of dynamically building an interceptor chain specifically under a CORBA 3.0 middleware engine-based environment, using the so-called Adaptive Runtime Technology™ (ART) framework, which is a microkernel architecture that supports dynamic configurations of the architecture. This patent application is particularly concerned with how to invoke and then process interceptors. As described, the interceptor arrangement preferably has the property of being recursive, whereby the ORB passes control to a first interceptor in the chain, which passes control to the next interceptor in the chain, and so on, until the last interceptor has completed its processing. The last interceptor then passes control back to its caller, and so forth, until control is returned to the ORB. Additionally, each interceptor preferably applies intrinsic chaining, whereby each interceptor contains information enabling it to identify and pass control to the next interceptor automatically and without reference back to the ORB, where references back to the ORB are said to incur significant time and processing overheads. According to the description in WO 00/45256, the order in which interceptors are placed into a chain is provided by a configuration file, particular to each domain.