tailieunhanh - Mastering Web Services Security phần 6

trong đó B hoạt động như một trung gian, như trái ngược với C, một mục tiêu. Gọi chuỗi giới thiệu các khía cạnh mới cho sự an toàn của hệ thống phân phối và làm cho bức tranh an ninh phức tạp hơn nhiều. Nếu B gọi C trong khi xử lý một yêu cầu từ A, một số câu hỏi phát sinh. | Security of Infrastructures for Web Services 205 uses the .NET Framework configuration GUI to create a security policy deployment package and then installs it across multiple machines. Synchronization of machine-level policies and changes to the enterprise policies are done the same way. Since the whole technology is so new it s hard to predict how this relatively low-tech way with questionable administration scalability will be accepted by enterprises. Code access security is devised to protect against Trojan horses and other malicious code but it is not as effective in protecting middleware servers as the other mechanism of the .NET security model access checks against the identity of the executing context. Its core abstractions are principals and identities. Identity represents the user on whose behalf the code is executing. This could be a logical user as defined by the .NET application or developer and not necessarily the user associated with the operating system process in which the application is running. A principal is an aggregation of a user and the user security attributes called roles in .NET. There is only one principal per thread and one identity per principal. Note that the same principal can be associated with several threads and the same identity can be related to several principals as shown in Figure . Since a thread s principal and the associated identity are not bound to the Windows identity of the process a piece of code provided it has enough privileges can replace both the principal and the identity on its thread with any other implementation of the interfaces. This makes the whole model of .NET principal and identity very flexible and provides opportunities for custom authentication schemes to be integrated with built-in access control a key enabler of electronic commerce applications. At the same time the flexibility demands very careful permission administration to avoid opening security holes in .NET. The UML class diagram in the .