The Artima Developer Community
Sponsored Link

Jini Security
A Conversation with Bob Scheifler, Part I
by Bill Venners
July 8, 2002

<<  Page 2 of 5  >>

Advertisement

Authentication, Integrity, and Confidentiality

Let's start with authentication. When I make a call to a service that I think should be run by Bill Venners, I want to make sure the service is actually being run by Bill Venners. If I talk to my banking service, I want to make sure it is Citicorp or whatever my bank is, rather than Thieves Are Us or Fly By Night, Inc. Likewise, the bank wants me as a client to prove who I am. When I want to access my bank account, the bank wants to know it actually is me so it can let me access my bank account but not your bank account.

It is really mutual authentication. We both want to know each other's identity, though maybe for slightly different reasons. You as a service want to know my identity as a client to make authorization or access control decisions, to decide what I am and am not allowed to do. As a client, I want to know your identity as a service to make sure I am really talking to you.

Bill Venners: Let me make sure I understand the difference between authentication and authorization. Authentication verifies you are who you say you are. Once I know who you are, authorization is how I specify what I allow you to do. Is that right?

Bob Scheifler: Yes, exactly.

Another standard network security notion is integrity. Integrity means that while we have this conversation, we want to make sure no evil third party on the network corrupts our messages. So that when I say, "Transfer $100 to Bill," somebody else can't interject and say, "Transfer the $100 to Joe," or "Transfer $1,000 to Bill." Integrity is a mechanism that allows us to find out if any third party tries to corrupt our conversation.

Lastly, confidentiality simply means the two of us don't want third parties to spy on our conversation. Confidentiality allows us to have a private conversation. Other people might know about our conversation, but they don't know what the conversation is about.

At the highest level, we want Jini security to deal with those basic notions of network security. We want to support mutual authentication for authorization or access control decisions. We want to support confidentiality and integrity. Those are not novel ideas. This is standard network security as it applies to Jini. What is special about Jini relative to network security is dynamically downloaded code. That's where the complexity of understanding how to do network security in Jini comes up.

<<  Page 2 of 5  >>


Sponsored Links



Google
  Web Artima.com   
Copyright © 1996-2014 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use - Advertise with Us