Sponsored Link •
Bob Scheifler: Now that we have collected these security constraints, the next layer
of aggregation is you might say that I want different security for
different methods. If I do write operations for a database, I may want
to authenticate myself because it is probably going to need access
control in order to do the update. But maybe I would like to remain
anonymous for reads. Assuming everybody can read, I really just
want it to know what queries I'm making, not who I am. So you might
want to have different strengths of security for different methods. We
have an interface called
MethodConstraints, which is a
map from method to constraints. You can express for each method
that a proxy implements what constraints should be used for remote
calls of that method.
The server and the client can express what constraints there should be for each method made through a proxy. On a server the constraints are specified essentially at the time the remote object is exported. The server puts a lower bound on the network security. The server defines the minimum constraints that should be on any given method of any proxy to the server. The client also sets constraints on the proxy. The client defines what constraints it wants for individual calls.