Enterprise Security with EJB and CORBAby Bret Hartman, Donald J. Flinn, Konstantin Beznosov
Building secure applications using the most popular component technologies
Did you know that most corporate computer security breaches are inside jobs by trusted employees? This book addresses the need in the era of multi-tier systems to implement security solutions across all enterprise applications, not just firewalls that target intrusion from the outside.
Building secure applications using the most popular component technologies
Did you know that most corporate computer security breaches are inside jobs by trusted employees? This book addresses the need in the era of multi-tier systems to implement security solutions across all enterprise applications, not just firewalls that target intrusion from the outside. With nationally recognized CORBA security experts Bret Hartman, Donald J. Flinn, and Konstantin Beznosov, this book shows application developers how to build secure, real-world applications that deliver tightly integrated security at all system levels using the latest component technologies and tools. Coverage also includes a sample e-commerce system built using Java with EJB and CORBA as well as case studies of implementations in finance, manufacturing, and telecom.
Read an Excerpt
Chapter 1: An Overview of Enterprise Security IntegrationThis chapter explores groundbreaking technology that supports rapid deployment of secure e-business applications. This technology, based on the integration of distributed component computing and information security, represents new power to mount secure, scalable e-business services. We begin by discussing the basic relationship between security and components. We then describe how security enables new e-business applications that were not previously feasible and how e-business solutions create new security responsibilities. Next, we describe the many challenges of enforcing security in component-based applications. Finally, we introduce Enterprise Security Integration (ESI), which we use to tie together many different security technologies, and as a result, provide the framework for building secure component architectures.
Components and Security
Application servers, which provide a convenient environment for building component-based distributed business applications, are now widely available. Most middleware vendors have application server products on the market today. Application servers provide environments for building and deploying components.
A component, is the fundamental building block of distributed software applications. Each component has one or more interfaces that provide the points of entry for calling programs. An interface, which is defined in terms of operations (also called methods), encapsulates a component and ensures that a component is modular. That is, a developer may replace one implementation of a component for another, and as long as the new component preserves the interface and expected behavior of the old one, there will be no impact on programs that use the component. Figure 1.1 illustrates the component architecture.
Component architectures include a rich runtime environment called a container. Containers provide an array of application services that allow the application developer to concentrate on building the application rather than the supporting infrastructure.
In the Java world, the Enterprise JavaBeans (EJB) specification, which is part of the Java 2 Enterprise Edition (J2EE) from Sun Microsystems, has gained broad acceptance as the standard for Java server component architectures. Products based on the EJB specification have compelling advantages: They shield application developers from many of the low-level component service details (such as transactions and security), they enable enterprise Beans to be moved to another environment with minimal effort, and they are interoperable with other EJB products.
Beyond Java, the Object Management Group (OMG) has defined the Common Object Request Broker Architecture (CORBA) Component Model. The CORBA Component Model, which has been designed to be consistent with EJB, extends the notion of EJB to allow components to be built in other languages, such as C++. Fully compliant EJB products also support the OMG Internet Inter-ORB Protocol (IIOP), allowing EJB components and CORBA components to interoperate. Because application servers are targeted at enterprise deployment, it's no surprise that security is generally addressed in these architectures. Without a good security solution protecting corporate data on an application server, most businesses would not be willing to make their data accessible to Internet Web clients.
Distributed component computing and information security are complex technologies that are naturally in conflict. A distributed environment makes data widely accessible and thus introduces potential security holes at multiple points in the enterprise. Security protection confines systems and reduces data accessibility. As a result, distributed systems require trade-offs between the degree of distributed computing and the degree of security. Technologies are resolving the conflict between distributed computing and security, particularly in EJB and CORBA. This book explores how deploying security services in support of EJB and CORBA address security integration. This book addresses an audience of enterprise technical managers, software architects, security architects, software developers, and security administrators-particularly those now moving to distributed environments and those new to the issues of information security. We explore new ways of thinking about information security in distributed environments-focusing on how to develop practical, comprehensive approaches using new and existing technologies.
Security as an Enabler for E-Business Applications
Corporations are discovering the power of online services to increase customer loyalty, support sales efforts, and manage internal information. The common thread in these diverse efforts is the need to present end users with a unified view of information stored in multiple systems, particularly as organizations move from static Web sites to the transactional capabilities of electronic commerce. To satisfy this need, legacy systems are being integrated with powerful new e-business- -based applications that provide broad connectivity across a multitude of back-end systems. These unified applications bring direct bottomline benefits. For example: On the Internet. A bank cements relationships with commercial customers by offering increased efficiency with online currency trading. This service requires real-time updates and links to back-office transactional and profitability analysis systems...
Meet the Author
BRET HARTMAN, nationally recognized expert on CORBA security, is Chief Technology Officer of the Hitachi Security Software Unit. He is a regular speaker and expert panelist on secure distributed systems and CORBA security.
DONALD J. FLINN is a security architect at Iona Technologies with over 25 years' experience in distributed object systems, including CORBA and Java security. He is chair of the Security SIG at the Object Management Group.
KONSTANTIN BEZNOSOV, PhD, is a Security Architect at Concept Five Technologies. As a coauthor of security-related CORBA standards and a former cochair of OMG's Security SIG, he has written widely on architectural issues of engineering secure enterprises.
Most Helpful Customer Reviews
See all customer reviews