Chapter 7 -- COM Security Overview

This chapter introduces COM+ 1.0 security and focuses on the features most important in building secure Web applications. COM+ 1.0 is included in Microsoft Windows 2000 and represents a synthesis of COM and Microsoft Transaction Server (MTS). The COM+ 1.0 architecture is based on the model of providing services to application components that implement a number of interfaces. The COM+ 1.0 services include the following:

• Automatic transactions
• Resource pooling
• Thread management (for example, synchronization)
• Security

Interfaces are collections of method declarations and associated data types that represent units of functionality offered by a component. Note that the COM+ 1.0 notions of component and interface correspond to the notions of class and interface in modern object-oriented languages. It's also important to understand that COM+ 1.0 components are accessible using the standard COM protocols, both for in-memory and out-of-process—with Distributed COM (DCOM)—components.

COM+ 1.0 further groups components into COM+ 1.0 applications, which are the COM+ 1.0 units of deployment and administration. For the reader familiar with MTS, the COM+ 1.0 application corresponds to the MTS package. Furthermore, note that COM+ 1.0 applications delineate the security boundaries where the COM+ 1.0 security service policies are applied. Figure 7-1 shows the configuration of a COM+ application.

Figure 7-1. COM+ 1.0 services, components, and interfaces.