Object oriented programming, in which an object defines both data and the operations to be performed on the data, is a field that is well known to the skilled reader. In object oriented programming a class is defined providing a template of attributes defining data and methods defining operations and an object corresponding to the template is created by instantiating the class as shown in FIG. 1 to provide an object 100 having a description including one or more attributes 102 and one or more methods 104, the methods further being identified by associated arguments.
The methods can be defined within the object or, as shown in FIG. 2 may be invoked from another object. For example an Object 1, reference numeral 200 may call Method 1, reference numeral 202 from Object 2, reference numeral 204.
In a remote method invocation (RMI) system the Method 1 may then be invoked from another location. For example in programming languages such as Java a group of methods is described in an interface. An interface comprises a statically defined grouping of methods which can be declared in the object when it is instantiated or can be defined in the class. At compile time all of the methods associated with the object by the interfaces are then discovered by known techniques such as introspection whereby the methods associated with the interfaces are collated from inspection of the interfaces. Then, in run time, and referring once again to FIG. 2, therefore, Object 2 invokes Method 1 from Interface 1, reference numeral 206.
It is convenient to associate a common security policy 208 to all the methods contained in an interface 206. This is particularly useful when, in languages like Java, methods that are remotely accessible for example by using RMI and therefore particularly vulnerable are marked by declaring them as part of a “remote” interface. The policy may be implemented for example as an access control system in the form of an access control list (ACL) determining, for security purpose, who may invoke the method. The ACL associated with the interface is specified within the object itself in an interface/ACL pair, the ACL being associated when the object is created and selected according to any appropriate approach. For example it can be part of the description creating the object or can be retrieved from an ACL database as appropriate. Various languages are provided describing access control policies and associating policies to interfaces, such as DTEL++ which is described in “Scaleable access control for distributed object systems” of Sterne et al, proceedings of the Eighth Usenix Security Symposium Washington D.C. USA Aug. 23 to 26, 1999 which is incorporated herein by reference.