| 摘要 |
A system, method and article of manufacture, for improving object security in distributed object systems, in an information handling system employing object oriented technology, includes one or more processors, a storage system, a system bus, a display sub-system controlling a display device, a cursor control device, an I/O controller for controlling I/O devices, all connected by system bus an operating system such as the OS/2* operating system program (OS/2 is a registered trademark of International Business Machines Corporation), one or more application programs for executing user tasks and an object oriented control program, such as, DSOM Objects program, which is a commercially available product of International Business Machines Corporation, the object oriented control program including a system authorization policy (SAP) object, a system authorization oracle (SAO) object, and a system registration object (SRO). The SAP object encapsulates management of a resource authorization policy. It may also be used to retrieve security attributes of objects in order to perform access checking. An object's security attribute includes the access control list (ACL) governing access to the object. The SAP object is also used to retrieve and manipulate user capabilities in an environment that is capability based for access authorization. A user capability enlists the object that the user has access to, along with the corresponding access types or permissions. A capability is the transpose of an access control list (ACL) in the global access matrix modeling user access to protected objects.
|
