A
SSET
A
SSIGNMENT
M
ODEL
As revised 2006.06.05
Bionic Buffalo Tech Note #56
Security:
Unrestricted
7. Pricing and Payment
AAM does not include explicit provisions for pricing
Asset
use, or for making payments. However, an
application can inherit AAM, adding additional features to allow for pricing and payment.
For example, the
AssetRequest
and
AssetDescription
can include pricing variables.
There is no specific provision in the semantics of scoring to allow, say, for a broker to select the
cheapest
Asset
meeting some other requirements. Indeed, such problems can become computationally
extremely expensive if not entirely intractable. There is nothing in the model, however, to prohibit a
specialization of an
AssetBroker
from applying additional policies to selection from among
alternatives.
8. Security Policies
Some security mechanisms are already built into the CORBA used as the foundation for AAM. Such
security mechanisms can require that the user of an object must provide some credentials before
invoking methods on that object, thus establishing that the user is authorized to invoke those methods.
An AAM implementation can employ these mechanisms to restrict access to
Asset
s.
There are some drawbacks to reliance on the CORBA mechanisms for a complete security solution.
•
Some
Asset
s might not be implemented in compliant object form, making the CORBA
mechanisms unusable.
•
Use of the CORBA mechanisms requires support in the infrastructure for features which are not
always available. (Minimum CORBA does not support those features.)
•
It may be inefficient to defer authentication and authorization until the customer attempts to
access the
Asset
.
•
Failure to pre-authorize access to an
Asset
might create problems in case of authorization
failure.
•
The information about an
Asset
found in the
AssetDescription
, including the very
knowledge of its existence, might be considered confidential information.
•
The outcome of CORBA security decisions is generally binary: “yes” or “no”. There sometimes
is a need for a more fine-grained approach, such as granting some customers access to more
memory than is available to others.
In order to circumvent these shortcomings, AAM adds some additional mechanisms to be used in
conjunction with the standard mechanisms.
Copyright 2006 Bionic Buffalo. All rights reserved.
File tn0056; Modified 2006-06-15 12:24:32
http://www.tatanka.com/doc/technote/index.html
E-mail: query@tatanka.com
Page 6 of 8