Begin Position Paper
>---------------------
>
>Gradient Technologies has developed an security services model,
>NetCrusader, which integrates legacy systems, such as DCE, with
>Internet-based systems, including public key infrastructure, to all
>multiple authentication mechanism to be able to obtain centralized
>authorization privileges. 
>
>The current CORBA security specification specifies interfaces categorized
>by levels.  The current IIOP/SSL security implementation provides level 0
>security, which supplies packet level privacy, message integrity and
>authentication.  This does not address authorization or delegation; two
>critical requirements of a robust, internet-scalable distributed object
>infrastructure.
>
>CORBA ORB vendor IONA has chosen to implement CORBA level 1 security with
>OrbixSecurity using Gradient's PC-DCE for Windows NT product. This allows
>Orbix applications to call out to PC-DCE to provide authentication,
>authorization, message privacy, message integrity, and auditing.
>
>Many ORB vendors, including IONA, are planning to implement CORBA level 2
>security through standard replacability interfaces within the ORB.
>Gradient is developing technology which will provide the level 2 security
>implementation using the replacability interfaces for both Object Services
>and Security Features. Gradient will provide the necessary components to
>provide security services using the customers choice of authentication
>schemes and privacy models and Gradient's centralized, fine-grained
>authorization technology. This would allow ORBs to provide authenticated
>access using Public Key X.509 certificates (SSL, Entrust), Kerberos (MIT,
>DCE or Microsoft), etc. Access control to ORB resources and applications
>and encryption over the network for privacy and integrity are also provided
>to ensure complete security of mission critical information.
>
>By working with ORB vendors to implement CORBA level 2 security
>replacability interfaces, Gradient will provide modules which work with
>ORBs (both on the client and server) to deliver enhanced levels of
>security, integrating with security technologies that customers have
>selected for their enterprise. Gradient's enterprise solution is dependent
>on ORB vendors delivering the replacability components its is planning to
>develop. Gradient is working closely with ORB vendors to ensure the
>technologies work together. Gradient's NetCrusader product family has the
>capability of integrating CORBA security level 0 and 1 from IONA and
>general level 2 solutions into a single security framework allowing the
>customer to choose the levels they need in various areas.
>
>In addition, many ORB vendors are focusing their CORBA level 2 security
>implementation for the C/C++ environment initially. Many ORB vendors have
>the expectation that they will offer these solutions for the Java
>environment at a later date. Gradient is also developing a Java Kerberos
>API that will allow Java applets to call Gradient's security services via
>GSS-API. Gradient will work with ORB vendors to ensure its Java
>implementation is compatible providing an even stronger level of security
>for Java applications.
>
>The NetCrusader Product Family is a modular framework that integrates
>legacy, client/server, and Web-based applications in a common security
>environment for the enterprise.  The NetCrusader architecture and
>corresponding products provide a consistent security model across the
>enterprise for users, data, legacy-, client/server-, and Web-based
>applications. NetCrusader provides a comprehensive set of security services
>for the enterprise, including authentication, authorization, auditing, data
>integrity, and data privacy. The NetCrusader Product Family integrates a
>variety of authentication mechanisms including Kerberos, token cards, and
>public-key infrastructures.
>