.png)
.png)
.png)
.png)
 |
Trusted Service Bus |
|
Client Framework |
Mashup Server
The BlueSpace Mashup Server is a server running the Solaris 10 with Trusted Extensions operating system and is connected to multiple networks. The Mashup Server is also running the BlueSpace Trusted Service Bus TSB) along with any MLS extensions for applications. The Mashup Server is responsible for directing authenticated, validated, and filtered cross-domain requests to each labeled network and aggregating the results.
The Mashup Server is responsible for all MLS application server initiated cross-domain flows. Note that the Solaris 10 TX client is also capable of supporting cross-domain flows. The MLS architecture leverages this feature for window orchestration on the Solaris 10 TX client. It could be possible to host all cross-domain flows on the SunRay session server, however, having a separate cross domain server (the Mashup Server) for the MLS application provides better isolation of the cross-domain functions. For example:
- No services running in the global zone need to be enabled.
- The network connectivity to the mashup server node can be highly constrained.
- The Mashup Server becomes client agnostic, allowing for other client technologies to be substituted in the future.
The goal of this architecture is to separate the connectivity and higher application logic functions from the cross-domain functions. The web services infrastructure (including their Java VMs) are effectively single level. These web services components all act as clients to the Trusted Service Bus (TSB), which is solely responsible for all cross-domain functions.
The mashup server provides a web service for cross-domain functions. Leveraging WS-* standards, the web service components are able to:
- Authenticate all requests as coming from the S2 server in their domain (via certificate exchange for this demonstration).
- Authenticate and authorize the DTW principal using delegated credentials (WS-Trust).
- Allow for encryption of the WS payload (WS-Security)
The Mashup Server web service effectively acts as a connector, or adapter, between the Trusted Service Bus (TSB) and the application server. Upon receiving an authenticated and authorized request, the mashup web service will invoke TSB functions to send a cross-domain message.