The Open Group'sSecurity Design Patterns book has an excellent set of abstractions, their use cases, and collaborations. Section 8.8 provides one of the best analysis pieces I have seen on Secure proxy in an integrated system. It lists trusted proxy, authenticated impersonation, identity-assert impersonation, delegation, authorization proxy, and login tunneling patterns summarized against a set of criteria including: whether and where the password, user id are revealed, and is a delegation protocol in use. Since this problem occurs in virtually every web facing applications, the catalog of choices and design tradeoffs to the patterns is a valuable resource to the community.
Comments