A framework for heterogeneous middleware security

Summary form only given. With the advent of Web services, achieving seamless interoperability between heterogeneous middleware technologies has become increasingly important. While much work investigating functional interoperability between different middleware architectures has been reported, little practical work has been done on providing a unified and/or interoperable view of security between the different approaches. We describe how Secure WebCom - a distributed metacomputing system - provides interoperability support between the COM+/.NET, CORBA and Enterprise Java Beans middleware security architectures. Secure WebCom uses the KeyNote trust management system to help coordinate the trust relationships between the different middleware systems and their associated security policies. Middleware authorisation policies can be encoded in terms of KeyNote cryptographic certificates, and vice-versa. This provides a unified view of security across heterogeneous middleware systems and also provides the basis for decentralised support of middleware security policies.