JoWUA

Abstract

In distributed applications, multiple autonomous processes need to collaborate in an efficient way. Space-based middleware enables data-driven coordination for these processes via shared tuple spaces that allow a decoupled form of communication. Complex coordination logic may be provided to clients via reusable service components that access such tuple spaces to fulfill their task. To enable the secure collaboration of different participants, a suitable security concept for space-based services is required. In this paper, we present a fine-grained access control model that targets permissions both for invoking specific coordination services and for the data that is accessed by them. Our spacebased policy language adopts the middleware’s own coordination mechanisms for the specification of simple yet expressive access control policies, thus combining coordination logic and security mechanisms into a single, unified concept. We show how a lightweight service execution framework that enforces these policies can be bootstrapped with the middleware itself, which enables using the same mechanisms for the invocation of services, the access to data and the management of policies. The feasibility of the approach is demonstrated by a use case based on a management system for distributed firewalls.