OMG Homepage MDA Homepage CORBA Homepage MOF Homepage UML Homepage CWM Homepage XMI Homepage DDS Homepage OMG MARTE BPMN Homepage SysML Homepage banner
 


 
 
 

Second Workshop on
Distributed Object Computing Security

May 5-7, 1998
The Sheraton Inner Harbor
Baltimore, Maryland, USA

Sponsored by the
Object Management Group
and the
United States National Security Agency

  

 

Introduction

In today's highly competitive and constantly shifting IT environment of inter-, intra-, and extra-nets, organizations are no longer concerned with the question of whether to use Distributed Object Computing (DOC) in their enterprise IT architecture - they quite simply have to if they are to remain competitive. In many cases, enterprise IT architects don't even have the option of which DOC model - CORBA, DCOM/ActiveX, or Java RMI - to use because they already have operational or near-operational subsystems that are using all three. The only real question is how to achieve inter-operation among the three models to avoid a new generation of stovepipe systems.

Adding the concerns associated with information technology security complicate the challenges of DOC interoperability even more. The available security technologies for any one DOC model are immature, unproven, poorly understood, and difficult to manage - but absolutely critical to the success of the enterprise subsystems that use that model. Compounding this problem with each individual DOC technology is the fact that some aspects of the security technologies of each model are incompatible with those of the others.

Building on a very successful first workshop devoted to these problems in the CORBA DOC model, the OMG and the NSA are now expanding the scope for this second workshop to include security issues in and among all three DOC models. As always, a full understanding of the strengths and weaknesses of the security aspects of each and all of the DOC models and standards requires experience with Object Oriented Technology, Information Technology Security and operational system planning, development and deployment. This workshop is intended to bring together individuals with various combinations of these experiences to examine, explain and critique the DOC Security technologies available today.

The workshop approach will again be to have individuals with the full range of OOT, IT Security, and Operational System experience examine and discuss, in turn, the content and meaning of any or all of the DOC Security standards, the design issues relevant to realizing published DOC Security standards in products, and the design issues relevant to using DOC Security products meeting published security standards as the foundation for operational systems.

 

Instructions

The workshop is open to all with an interest in and understanding of some combination of secure IT systems integration, operational IT security and CORBA, DCOM, or Java security standards and products. Participation will be limited to approximately 50 individuals who are able to clearly and concisely express their perspective in one or more of the following major categories (with notional examples of the elements of each category):

DOC Security Standards

 

  • Concise representation of the CORBA, DCOM, or Java Security standards' security model
  • Concise representation of the CORBA, DCOM, or Java Security standards' object model
  • Relationship of the CORBA, DCOM, or Java Security standards to traditional perspectives on IT Security
  • Relationship of the CORBA, DCOM, or Java Security standards to traditional perspectives on OOT design

Secure DOC Product Design Issues

  • Issues associated with realizing the security specification(s) for each DOC model
  • The affect of the security specification(s) on the rest of each DOC model
  • Security assurance issues in DOC Security Products
  • Security Architecture issues in DOC Security Products
  • DOC Security Product dependencies on OS security
  • DOC Security Product dependencies on network security

DOC Security Integration Issues

  • Capabilities provided by existing and emerging DOC Security products
  • Capabilities not provided by existing and emerging DOC Security products
  • Specializing existing and emerging DOC Security products for specific application domains or operational requirements
  • Providing application layer security policy support that can be established, implemented and administered for specific application domains or operational requirements

DOC Security Operational Issues

  • Security administration in homogeneous or heterogeneous configurations of existing and emerging DOC Security products
  • Validating the security posture of homogeneous or heterogeneous configurations of existing and emerging DOC Security products
  • Balancing dynamic operational performance requirements with both static and dynamic security requirements
  • Establishing extra-domain security relationships in response to evolving operational requirements

 

WORKSHOP COMMITTEE

Co-Chairs:

 

Dr. Richard Mark Soley
Chairman and CEO
Object Management Group
[email protected]
 Mr. David Chizmadia
Office of INFOSEC Computer Research
National Security Agency
[email protected]

 
Copyright © 1997-2017 Object Management Group, Inc. All Rights Reserved. For questions about the WEBSITE , please contact [email protected].
For TECHNICAL questions, please contact [email protected]. Contact BD for info on joining OMG at [email protected]
Explorer versions 6.0 or later or any browser capable of viewing JavaScript and CSS 2.0. The site is using DHTML JavaScript Menu By Milonic.com.