Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
B hoạt động như một máy chủ khi nó được gọi bởi A, và là một khách hàng khi gọi C. Nếu B gọi C trong khi xử lý yêu cầu từ A, nó thể hiện một yêu cầu tuyên truyền một yêu cầu di chuyển từ A B và sau đó, có thể thay đổi, để C. Điều này cũng được gọi như là một chuỗi gọi, | Security of Infrastructures for Web Services 159 A request B response Figure 7.1 Basic client server paradigm and RPC model. Keep in mind that the relationship between a client and server is always associated with a particular invocation. For example in Figure 7.2 B acts as a server when it is invoked by A and as a client when it invokes C. If B invokes C while processing the request from A it demonstrates a request propagation a request travels from A to B and then possibly changed to C. This is also referred to as an invocation chain in which B acts as an intermediate as opposed to C a target. Invocation chains introduce new aspects to the security of distributed systems and make the security picture much more complex. If B invokes C while processing a request from A several questions arise. First should B use its own identity and the accompanying attributes when it calls C Or should it use A s so that C believes it received a request from A Credentials delegation takes different forms from a very simple impersonation in which C does not even know that the request is actually from B to very complex composite delegation in which C knows the credentials of all the intermediates through which the invocation was propagated. In the case of composite delegation C s access control and other security policies become significantly more complex to accommodate compound principals. Second should A trust B to use A s credentials to call others Some middleware security models give A this level of control over whom B can call on behalf of A which is known as constrained delegation. Some RPC models support fire-and-forget invocations for example in Figure 7.2 if B sends a request to C and no response is sent back. One example is CORBA s one-way functions whereby the client does not expect any response from the server and is not even guaranteed that its request will be processed at all. This is also the case for the world of SOAP-based Web Services where if a method does not .