Mechanism for locating objects in a secure fashion

摘要

In a distributed object computing system, a client makes a call to a daemon process of a host computer in order to communicate with a target object in an object server process. This call uses a particular security mechanism to ensure a secure communication. The daemon process locates the object server and starts it if necessary. The object server provides the daemon process with a list or table of all the particular security mechanisms that it supports. Using a security class identifier provided by the client in the original call, the daemon process selects a particular security mechanism supported by the server, and then returns this new security mechanism along with the server's port to the client. The client constructs a new object reference to the target object and then calls the target object directly using the new security mechanism. The new security mechanism may be different from the original security mechanism used to communicate with the daemon process. A foreign client from a different distributed system may also attempt to locate or invoke upon a target object using a similar technique for secure communication. In this situation, because the object reference may be unintelligible to the foreign client, the daemon process constructs a new object reference before sending it back to the foreign client. The client and object server may be on the same or different computers. The object reference data structure includes: a host field; a server identifier; a port field; an object key; a security information field; and a security class identifier.