Identity Indirection
نویسنده
چکیده
A fundamental axiom of computer system design holds that "any software design problem can be solved by adding an extra level of indirection." This paper expresses a variant of this axiom in pattern form as the "Identity Indirection" pattern. This pattern has been used for decades in many different types of systems in the software industry. It is so common that many developers hardly notice it anymore.
منابع مشابه
Hi3: An efficient and secure networking architecture for mobile hosts
The Host Identity Indirection Infrastructure (Hi3) is a networking architecture for mobile hosts, derived from the Internet Indirection Infrastructure (i3) and the Host Identity Protocol (HIP). Hi3 has efficient support for secure mobility and multihoming, which both are crucial for future Internet applications. In this paper, we describe and analyze Hi3 in detail. Compared to existing solution...
متن کاملHost Identity Indirection Infrastructure (Hi)
The Secure Internet Indirection Infrastructure (Secure-i) is a proposal for a flexible and secure overlay network that, if universally deployed, would effectively block a number of denial-of-service problems in the Internet. The Host Identity Protocol (HIP), on the other hand, is a proposal for deploying opportunistic, IPsec based end-to-end security, allowing any hosts to communicate in a secu...
متن کاملOn Supporting Multicast an
Recently, much effort was applied to enable secure multihoming and mobility for Internet hosts. The Host Identity Indirection Infrastructure (Hi3) is a proposal that combines benefits of Secure-i3 and the Host Identity Protocol (HIP). In this paper, we extend the Hi3 architecture to enable multicast traffic and describe the delegation mechanism in detail. A prototype implementation and prelimin...
متن کاملChanging proxy-server identities as a proactive moving-target defense against reconnaissance for DDoS attacks
We consider a cloud based multiserver system consisting of a set of replica application servers behind a set of proxy (indirection) servers which interact directly with clients over the Internet. We study a proactive moving-target defense to thwart an attacker’s reconnaissance phase and consequently decreases the success rate of the planned attack. The moving-target defense is a dynamic identit...
متن کاملRFC 3829 Authorization Identity Bind
This document defines support for the Authorization Identity Request Control and the Authorization Identity Response Control for requesting and returning the authorization established in a bind operation. The Authorization Identity Request Control may be submitted by a client in a bind request if authenticating with version 3 of the Lightweight Directory Access Protocol (LDAP) protocol [LDAPv3]...
متن کامل