第１章 概要 第２章 Ｊ２ＥＥプラットフォームのテクノロジ 第３章 クライアント層 第４章 Ｗｅｂ層 第５章 Ｅｎｔｅｒｐｒｉｓｅ ＪａｖａＢｅａｎｓ層 第６章 エンタープライズ情報システム層 第７章 パッケージ化と配備 第８章 トランザクション管理 第９章 セキュリティ 第１０章 サンプルアプリケーション

Java 2 platform, enterprise editionアプリケーション設計ガイド

Method for providing access to private digital content owned by an owner and installed on a content server, wherein a content manager server has a number of clients potentially interested in the private content, the method comprising the following steps performed at a content management server being informed that the owner has installed private content on a content server; obtaining a delegate token from the content server; receiving a query for the private digital content from a client of the number of clients of the content management server; providing said client with a token using the delegate token enabling the client to access the private content.

System and method for accessing private digital content

With the increase in society's dependence on IT communication systems, the need for dependable, trustable, robust and secure adaptive systems becomes ever more acute. Modern autonomic message-oriented middleware platforms have stringent requirements for self-healing, adapting, evolving, fault-tolerance, security and active vulnerability assessment, especially when the internal working model of a system and the environmental influences on the system are uncertain during run-time. In this paper we present an adaptive and evolving security (AES), and an adaptive trust management (ATM) approach to such autonomic messaging middleware systems, an approach that learns, anticipates, evolves and adapts to a changing environment at run-time in the face of changing threats. The methodology used in this research is partly analytical and partly experimental. This involves analysis of how the principles of AES and ATM can be applied to the environment resulting in the development of theoretical models which are then tested in practice by prototyping.

Adaptive security and trust management for autonomic message-oriented middleware

Enforcing complex policies that span organizational domains is an open challenge Current work on SOA policy enforcement splits security in logical components that can be distributed across domains, but does not offer any concrete solution to integrate this security functionality so that it works across security services for organization-wide policies In this paper, we propose xESB, an enhanced version of an Enterprise Message Bus (ESB), where we monitor and enforce preventive and reactive policies, both for access control and usage control policies, and both inside one domain and between domains In addition, we introduce indicators that help SOA administrators assess the effectiveness of their policies Our performance measurements show that policy enforcement at the ESB level comes with only moderate penalties

/pdf/xesb-an-enterprise-service-bus-for-access-and-usage-control-3qbv2ldws3.pdf

xESB: An Enterprise Service Bus for Access and Usage Control Policy Enforcement

At our behest or otherwise, while our software is being executed, a huge variety of design assumptions is continuously matched with the truth of the current condition. While standards and tools exist to express and verify some of these assumptions, in practice most of them end up being either sifted off or hidden between the lines of our codes. Across the system layers, a complex and at times obscure web of assumptions determines the quality of the match of our software with its deployment platforms and run-time environments. Our position is that it becomes increasingly important being able to design software systems with architectural and structuring techniques that allow software to be decomposed to reduce its complexity, but without hiding in the process vital hypotheses and assumptions. In this paper we discuss this problem, introduce three potentially dangerous consequences of its denial, and propose three strategies to facilitate their treatment. Finally we propose our vision towards a new holistic approach to software development to overcome the shortcomings offered by fragmented views to the problem of assumption failures.

/pdf/software-assumptions-failure-tolerance-role-strategies-and-45oph1kz8c.pdf

Software assumptions failure tolerance: role, strategies, and visions

Open and dynamic business environments require flexible middleware that can be customized, adapted and reconfigured dynamically to face the changing environment and requirements. In this respect, the mechanism for composing middleware services with application code has an important impact on the kinds of adaptations that can be supported. This paper studies this problem in the context of security middleware. A bus-based architecture for integrating security middleware services is proposed and a qualitative comparison of the flexibility of the approach with an alternative AO-middleware-based approach is presented.

/pdf/a-comparison-of-two-approaches-for-achieving-flexible-and-e8nfl2180q.pdf

A comparison of two approaches for achieving flexible and adaptive security middleware

Infrastructural Support for Enforcing and Managing Distributed Application-Level Policies

Service Oriented Architectures (SOA's) enable powerful application and end user service composition from independently defined services. The effective deployment of such composed services requires adaptation of and interoperability between services. This challenge can be approached by specifying service composition in policies, and by enforcing these policies in a sophisticated run-time architecture.

In this paper, we present an open architecture for enforcing and composing complex policies that can depend on the available services in the environment. Complex polices have typically been studied in the context of policy languages, yet they have never been fully supported in a SOA-based execution environment. We have created a flexible run-time architecture that maximizes interoperability, adaptability and evolution. We have prototyped our architecture on an Enterprise Service Bus and we illustrate how our solution supports realistic and complex policies.

/pdf/a-flexible-architecture-for-enforcing-and-composing-policies-2dqeqfqzvp.pdf

A flexible architecture for enforcing and composing policies in a service-oriented environment

The correct deployment and enforcement of expressive attribute-based access control (ABAC) policies in large distributed systems is a significant challenge. The enforcement of such policies requires policy-dependent collaborations between many distributed entities. In existing authorization systems, such collaborations are static and must be configured and verified manually by administrators. This approach does not scale to large and more dynamic application infrastructures in which frequent changes to policies and applications occur. As such, configuration mistakes or application changes might suddenly make policies unenforceable, which typically leads to severe service disruptions.We present a middleware for distributed authorization. The middleware provides a single administration point that enables the configuration and reconfiguration of application- and policy-dependent interactions between policy enforcement points (PEPs), policy decision points (PDPs) and policy information points (PIPs). Using lifecycle and dependency management, the architecture guarantees that configurations are consistent with respect to deployed policies and applications, and that they remain consistent as reconfigurations occur. Extensive performance evaluation shows that the runtime and configuration overhead of the middleware scale with the size and complexity of the infrastructure and that reconfigurations cause minimal disruption to the involved applications.

Scalable authorization middleware for service oriented architectures

Over the last decade the popularity of mobile devices has increased enormously. Initially, personal managers and mobile phones were designed as closed, dedicated devices. More and more, these devices have evolved into general purpose instruments that can be extended at user’s will (a.o. via proper software development kits). This has lead to the current generation of smartphones and full-blown personal information management systems. At the same time, the information managed by the devices has evolved from limited and personal to general purpose and business-centric and, consequently, they constitute a core component of daily life.

Tom Goovaerts

Papers

A comparison of two approaches for achieving flexible and adaptive security middleware

Infrastructural Support for Enforcing and Managing Distributed Application-Level Policies

A flexible architecture for enforcing and composing policies in a service-oriented environment

Scalable authorization middleware for service oriented architectures

Security Middleware for Mobile Applications