1. Technical Field
The present invention relates to a system and method for using a declarative approach to enforce instance based security in a distributed environment. More particularly, the present invention relates to a system and method for decoupling security logic from distributed object administration logic by including the security logic in declarative specifications that, in turn, is combined with object name property keys to determine whether to grant access to a caller for a particular distributed object.
2. Description of the Related Art
When managing a distributed system consisting of large number of manageable resources, the system grants a user access to only those resources that the user is responsible for managing. Granting a user access to a subset of the resources within a system is referred to as “instance based security” because the user only has access to specific instances of the resources. Typically, the system performs instance based security by partitioning the resources into resource groups and granting users access to a resource group. In addition, in order to allow easier user management, a user may also belong to user groups. When a user group is granted access to a resource group, all users within the user groups are granted access to the resource group.
Users typically interact with a system either through a graphics front end, a command line tool, or a programmatic API (Application Program Interface). Eventually, these interactions result in calls to a distributed object that performs the user's request, such as creating new resources, modifying a resource being managed, or monitoring resources. For example, a JMX (Java Management Extension) specification specifies a distributed object implementation and, in this implementation, a distributed object may represent or interact with one or more resource instances. Each distributed object invocation first requires verification that the user has access to the resources for which the distributed object interacts or represents.
Typically, distributed object implementations are generic enough that a single implementation may be instantiated multiple times (e.g., one instance for each resource “type” in a system). For example, a distributed object implementation that represents a resource of type server may be used to represent actual server instances “server1” and “server2”. In another example, the distributed object implementation may use parameters that represent resources in the system, and operate on those resources. For example, a distributed object implementation may use “server1” and “server2” as parameters, and perform operations on both servers.
In an instance based security environment, the distributed object implementation requires additional logic to ensure that the user performing the invocation has access to the actual instance of the resource for which it operates or represents. A challenge found with existing art is that it is limited to a “type” based declarative security specification. That is, the declarative security specification applies to every instance of a given type. In addition, a challenge found is there is less freedom to implement policy changes after the fact because the security logic is coupled with the distributed object administration logic.
What is needed, therefore, is a system and method that provides instance based declarative security specifications and decouples security logic from administration logic in a distributed object environment.