Towards General Access Control Management for Middleware Security

Middleware security is usually regarded as a wrapper of underlying security mechanisms rather than a infrastructure for enforcement and management of access control policies. We argue that there is a need for more generalized security mechanisms at middleware layer to enforce multiple access control policies. We introduce StarACM, a novel policy-oriented security architecture at middleware layer, which is distinguished from existing middleware security infrastructures mainly in three aspects: (1) StarACM can be used to enforce access control policies with finer granularity and different kinds of constraints. (2) StarACM provides a more general policy management infrastructure to keep the privacy, consistency and availability of access control policies. (3) StarACM provides means to clearly separate authorization logic from applications, which will be enforced at middleware layer. StarACM is built upon a CORBA middleware and supports multiple access control policies while preserving the middleware designing characteristics.