本文发表在 rolia.net/zh 相约加拿大网上社区枫下论坛
When enterprise computing was handled solely by a few powerful mainframes located in information systems (IS) sites, ensuring that only authorized users obtained access to computing services and information was a fairly straightforward task. In distributed computing systems, where users, application servers, and resource managers can be spread out across the world, securing computing system resources has become a much more complicated task.
Although there are many issues associated with providing security in a distributed computing system, the underlying issues have not really changed very much. A good security service provides two main functions: authentication and authorization.
Authentication takes place when a principal (a user or a computer process) initially attempts to gain access to a computing resource. At that point, the security service challenges the principal to prove that the principal is who it claims to be. Human users typically prove who they are by entering their user IDs and passwords; whereas a process normally presents an encrypted key. If the password or key is valid, the security service gives the user a token or ticket that identifies the principal and indicates that the principal has been authenticated.
After a principal is authenticated, it can then attempt to use any of the resources within the boundaries of the computing system protected by the security service; however, a principal can use a particular computing resource only if it has been authorized to do so. Authorization takes place when an authenticated principal requests the use of a resource and the security service determines if the user has been granted the privilege of using that resource. Typically, authorization is handled by associating access control lists (ACLs) with resources that define which users or processes (or groups of users or processes) are authorized to use the resource. If the principal is authorized, the principal gains access to the resource.
In a distributed computing environment, principals and resources must be mutually suspicious of each other's identity until both have proven that they are who they say they are. This is necessary because a principal can attempt to fake its identity to get access to a resource, and a resource can be a trojan horse, attempting to get valuable information from the principal. To solve this problem, the security service contains a security server that acts as a trusted third party, authenticating principals and resources so that these entities can prove their identities to each other.
更多精彩文章及讨论，请光临枫下论坛. 网址: rolia.net/zh