For the purposes of the discussion in this topic, the security services provided by DCE are assumed to consist of three elements: authentication, access control, and data protection. (The DCE Audit Service, which is also a part of DCE security, is described in the OSF DCE Application Development Guide - Core Components.)
The roles of these three elements can be broadly defined as follows (rigorous definitions can be found in the AES/DC Security volume, which is the definitive exposition of DCE security):
· Authentication establishes whether service requestors are who they say they are.
· Access control provides mechanisms that applications can use to establish whether a given requester is permitted to perform some operation.
· Data protection guarantees the secrecy and integrity of data exchanged between clients and servers.
As with other DCE services, use of the security services raise two kinds of policy questions. At one level, application programmers must decide which services and levels of service to employ. At a second level, once a service has been chosen, the application programmer must make many decisions about how to use it. This topic covers both levels of policy, although it focuses mainly on the lower-level policy issues specific to each service. This emphasis is due both to the fact that the higher-level issues are relatively few - mainly whether to use a given service or not - and to the belief that it is far easier to understand the general issues once the specifics are clear.
Security is an especially complex area from the policy point of view. Security systems must anticipate threats both from human ingenuity and random accident, and it can be difficult - perhaps impossible - to be confident that no serious threat is being overlooked. DCE security provides an extensive security model that applications can incorporate in a few well-integrated chunks. Thus applications can get the benefit of the DCE security design - and the extensive, specialized analysis that went into it - with relatively little effort. Applications should avoid creating security solutions ad hoc and should stick closely to the solutions provided by DCE security. Unless the programmer is a security specialist, it is extremely unlikely that an application-specific solution will provide better security than the DCE security services, and it is practically guaranteed that such solutions will contain unforeseen weaknesses.