- Shopping Bag ( 0 items )
Did you know that most corporate computer security breaches are inside jobs by trusted employees? This book addresses the need in the era of multi-tier systems to implement security solutions across all enterprise applications, not just firewalls that target intrusion from the outside. With nationally recognized CORBA security expert Bret Hartman at the helm, this book shows application developers how to ...
Ships from: Chatham, NJ
Usually ships in 1-2 business days
Did you know that most corporate computer security breaches are inside jobs by trusted employees? This book addresses the need in the era of multi-tier systems to implement security solutions across all enterprise applications, not just firewalls that target intrusion from the outside. With nationally recognized CORBA security expert Bret Hartman at the helm, this book shows application developers how to build secure, real-world applications that deliver tightly integrated security at all system levels using the latest component technologies and tools. Coverage also includes a sample e-commerce system built using Java with EJB and CORBA as well as case studies of implementations in finance, manufacturing, and telecom.
Components and Security
Application servers, which provide a convenient environment for building component-based distributed business applications, are now widely available. Most middleware vendors have application server products on the market today. Application servers provide environments for building and deploying components.
A component, is the fundamental building block of distributed software applications. Each component has one or more interfaces that provide the points of entry for calling programs. An interface, which is defined in terms of operations (also called methods), encapsulates a component and ensures that a component is modular. That is, a developer may replace one implementation of a component for another, and as long as the new component preserves the interface and expected behavior of the old one, there will be no impact on programs that use the component. Figure 1.1 illustrates the component architecture.
Component architectures include a rich runtime environment called a container. Containers provide an array of application services that allow the application developer to concentrate on building the application rather than the supporting infrastructure.
In the Java world, the Enterprise JavaBeans (EJB) specification, which is part of the Java 2 Enterprise Edition (J2EE) from Sun Microsystems, has gained broad acceptance as the standard for Java server component architectures. Products based on the EJB specification have compelling advantages: They shield application developers from many of the low-level component service details (such as transactions and security), they enable enterprise Beans to be moved to another environment with minimal effort, and they are interoperable with other EJB products.
Beyond Java, the Object Management Group (OMG) has defined the Common Object Request Broker Architecture (CORBA) Component Model. The CORBA Component Model, which has been designed to be consistent with EJB, extends the notion of EJB to allow components to be built in other languages, such as C++. Fully compliant EJB products also support the OMG Internet Inter-ORB Protocol (IIOP), allowing EJB components and CORBA components to interoperate. Because application servers are targeted at enterprise deployment, it's no surprise that security is generally addressed in these architectures. Without a good security solution protecting corporate data on an application server, most businesses would not be willing to make their data accessible to Internet Web clients.
Distributed component computing and information security are complex technologies that are naturally in conflict. A distributed environment makes data widely accessible and thus introduces potential security holes at multiple points in the enterprise. Security protection confines systems and reduces data accessibility. As a result, distributed systems require trade-offs between the degree of distributed computing and the degree of security. Technologies are resolving the conflict between distributed computing and security, particularly in EJB and CORBA. This book explores how deploying security services in support of EJB and CORBA address security integration. This book addresses an audience of enterprise technical managers, software architects, security architects, software developers, and security administrators-particularly those now moving to distributed environments and those new to the issues of information security. We explore new ways of thinking about information security in distributed environments-focusing on how to develop practical, comprehensive approaches using new and existing technologies.
Security as an Enabler for E-Business Applications
Corporations are discovering the power of online services to increase customer loyalty, support sales efforts, and manage internal information. The common thread in these diverse efforts is the need to present end users with a unified view of information stored in multiple systems, particularly as organizations move from static Web sites to the transactional capabilities of electronic commerce. To satisfy this need, legacy systems are being integrated with powerful new e-business- -based applications that provide broad connectivity across a multitude of back-end systems. These unified applications bring direct bottomline benefits. For example: On the Internet. A bank cements relationships with commercial customers by offering increased efficiency with online currency trading. This service requires real-time updates and links to back-office transactional and profitability analysis systems...
|Ch. 1||An Overview of Enterprise Security Integration||1|
|Ch. 2||Securing EJB Components||27|
|Ch. 3||Securing CORBA Components||69|
|Ch. 4||Enterprise Security Technologies||109|
|Ch. 5||Interoperability of Cross-Domain Components||127|
|Ch. 6||Interoperability EJB and CORBA Components||167|
|Ch. 7||Protecting Application Resources||209|
|Ch. 8||Scaleable Security Policies||243|
|Ch. 9||Planning a Secure Component System||285|
|Ch. 10||Building an Integrated Security System||303|