Security on the Internet

There are two basic challenges facing applications designed to work over the Internet.

• The number of users can be orders of magnitude higher than in even the largest company.
• End users want to use the same key or password for all of the applications they are using, even if they are run by different companies. The application or the security framework on the provider side cannot store the private key of the user.

How can DCOM's flexible security architecture help applications to deal with these problems? DCOM uses the security framework provided by Windows NT. (See [Security] for more details.) The Windows NT security architecture supports multiple security providers, including:

• Windows NT NTLM authentication protocol, which is used by Windows NT 4.0 and previous versions of Windows NT.
• The Kerberos Version 5 authentication protocol, which replaces NTLM as the primary security protocol for access to resources within or across Windows NT domains.
• Distributed password authentication (DPA), the shared secret authentication protocol used by some of the largest Internet membership organizations, such as MSN™ and CompuServe.
• Secure channel security services, which implement the SSL/PCT protocols in Windows NT 4.0. The next generation of Windows NT security has enhanced support for public-key protocols that support SSL 3.0 client authentication.
• A DCE-compliant security provider, available as a third-party add-on to Windows NT.

All of these providers work over standard Internet protocols and have different advantages and disadvantages. The NTLM security provider and the Kerberos-based provider replacing it in Windows NT 5.0 are private key based protocols. They are extremely efficient and secure in centrally administered environments or a collection of Windows NT Server-based domains with mutual or unilateral trust-relations. Commercial implementations of NTLM security providers are available for all major Unix platforms (such as AT&T's "Advanced Server for Unix Systems").

With the Windows NT 4.0 directory service, multimaster domains scale well up to approximately 100,000 users. With the extended directory service in Windows NT 5.0, a single Windows NT domain controller can scale to approximately a million users. By combining multiple domain controllers into the Windows NT 5.0 directory tree, the number of users it is possible to support in a single domain is practically unlimited.

The Windows NT 5.0 Kerberos-based security provider allows even more advanced security concepts, such as control over what components can do while impersonating clients. This security provider also requires fewer resources for performing authentication than the NTLM security provider. See [Security] for more details.

Windows NT 5.0 will also include a public-key based security provider. This provider makes it possible to decentralize management of security credential with any Windows NT application, including DCOM-based applications. Authentication with public keys is less efficient than it is with private keys, but it allows authentication without storing the client's private credentials.

A wide range of fundamentally different security providers (private key, public-key) can be used by DCOM-based distributed applications without requiring any change to even advanced, security sensitive applications. The Windows NT security framework makes writing scalable and secure applications easy, without sacrificing flexibility and performance.