The Internet Inter-Orb Protocol Security Bridge

Abstract

The development of the CORBA standard and the creation of the IIOP protocol allowed the creation of distributed object-oriented applications in heterogeneous systems. The IIOP protocol enabled communication between brokers' requests from various manufacturers. It also began to be used as a protocol for communication of Java applet objects run in a web browser environment with objects running on the server, replacing the less flexible and universal CGI (Common Gateway Interface) protocol. Therefore, it became deliberate to provide CORBA facilities on the Internet. However, sharing these facilities requires two solutions. The first problem concerns networks protected by a firewall. Some of these devices allow communication through one or more TCP and UDP ports, which makes it impossible to use the IIOP protocol directly. The solution to this problem is tunneling of the IIOP (HTTP tunneling) protocol through other protocols; however, this is an unusual and not recommended approach. Another way to make the object available is to start the object so that its object adapter is running on a specific TCP port open through the firewall. You can also run a proxy (proxy) of the shared object on the port open through the firewall. The second problem concerns the provision of object access control. In the case of the IIOP protocol, firewall protection is not sufficient when it is done at a level lower than the IIOP protocol layer. Control of access to CORBA objects should be implemented using the concepts of CORBA and IIOP standards. This requires the creation of a system operating at the level of these layers, cooperating with the fire wall.