DisCo: middleware for securely deploying decomposable services in partly trusted environments

The DisCo middleware infrastructure facilitates the construction and deployment of decomposable applications for environments with dynamic network connectivity properties and unstable trust relationships spanning multiple administrative domains. Consumers of these services, who are mutually anonymous, must be able to discover, securely acquire the code for, and install service components over the network with only minimal a priori knowledge of their locations. Once installed, these components must be able to intemperate securely and reliably across the network. Solutions exist that address individual challenges posed by such an environment, but they rely upon mutually incompatible authorization models that are frequently insufficiently expressive. The primary contributions of DisCo are (1) a middleware toolkit for constructing such applications, (2) a unifying authorization abstraction, and (3) a realization of this authorization well suited for expressing partial trust relationships typical of such environments. We focus on the first two of these contributions, [E. Freudenthal et al., (2002)] presents the third.