Security Middleware

Linda Volonino and Richard P. Volonino, Canisius College

Introduction

Security Middleware Architecture

The CIA Triad and Access Control

Security Middleware Processes and Services

Authentication

Authorization and Directories

Application Programming Interfaces

Common Object Request Broker Architecture

Application-Based Authentication

Single Sign-On and Kerberos

Secure Socket Layer

Public Key Infrastructure and Message-Oriented Middleware

Network-Based Authentication

Lightweight Directory Access Protocol

Wired Equivalent Privacy

Virtual Private Networking

Internet Protocol Security

Web Services Security

Glossary

Cross References

References

Further Reading

INTRODUCTION

Security Middleware Architecture

Middleware refers to a broad range of software that enables communication or data exchange between network-based applications across networks. This type of software is often described as “glue” because it connects or integrates business-critical software applications to other applications. With today's networked-based applications— especially enterprise resource planning (ERP), supply chain management (SCM), customer relationship management (CRM), and business-to-business (B2B) and business-to-consumer (B2C) electronic commerce (e-commerce)—business operations depend on secured data transfers between these applications. Figure 1 shows a generic security middleware infrastructure. This diagram shows security middleware acting as an integrator of applications and data ...