Controlling Delegation Check out the new USENIX Web site.



next up previous
Next: Delegation Certificates Up: Delegation Previous: Modes and Chaining

Controlling Delegation

Objects can explicitly enable delegation at the application level. This is accomplished by using an AccessController object. The AccessController method enablePrivileged() permits delegation. Method enablePrivileged(RoleType) is similar, except that when a role type is passed, the available privileges for that session are extended or restricted to the privileges associated with that enabled role. This functionality is not restricted to delegation. It can also be used whenever access to local methods and resources need special control. For example, consider a system administrator who logged in as a normal user but would like to exercise super-user privileges for an account creation. In this case, the administrator could invoke enablePrivileged(superUser) to enable super user privileges.

Either implicit or explicit enabling can be used to specify control in cases of Cascaded Delegation where the intermediary objects are unaware of secure delegation. If the intermediate is unaware, then the underlying security layer must effectively carry out either Simple Delegation or a special delegation mode set by an administrator. In SDM, explicitly specified modes are settable at the application level may and override the default mode set by the administrator. Either way, delegation requirements become attached to an intermediate object's reference. This set of requirements is made available to any client holding a reference to this remote (intermediate object) reference.

In contrast, a delegation-aware intermediate might explicitly enable delegation for a method call. In SDM, this explicit delegation may be performed at the application level. If delegation is enabled, the client may generate a delegation certificate and pass it on to the intermediate object. Otherwise, no delegation certificate is generated and the intermediate provides service using only its privileges and none of the delegator's (in which case, NoDelegation is the delegation mode).

An intermediate may also explicitly enable delegation using the AccessController methods enableSimpleDelegation() and enableCascadedDelegation(). The specified delegation mode is taken into account when privileges of the intermediate need to be presented to consecutive objects in the method invocation chain. Whether the intermediate's privileges are combined with the delegator's is based on the mode of delegation. The system can obtain the security requirements attached to any remote reference. The delegation, if required by the specified requirements (and target object is thus willing to act as a delegate), is activated appropriately from the context. Using the context of invocation, delegator's AccessControler determines the CodeExecutor who is executing client's code. This CodeExecutor becomes the Signer of a delegation certificate, and thus effectively the initiator of a delegation.

 

 


: X.509 and Delegation Certificates

An example of application-level control is shown in the code segment gif. This code could be used to handle situations in which a client object invokes method makeReservation() on an object of type TravelAsst. The TravelAsst object might in turn invoke methods on a remoteAdmin object. In the sample code, the travelAsst explicitly enables delegation before further invocation on remoteAdmin.



next up previous
Next: Delegation Certificates Up: Delegation Previous: Modes and Chaining



Nataraj Nagaratnam
Mon Mar 16 18:02:57 EST 1998