Workshop program The workshop begins with a full day tutorial by Bret Hartman (Concept Five Technologies). This tutorial describes OMG's CORBA Security specification and the emerging secure ORBs that are based on the standard. CORBA Security is the largest and most complex OMG specification, addressing the functionality required for secure applications within the enterprise and across the Internet. CORBA Security defines the security architecture and interfaces for CORBA compliant secure systems, as well as standard mechanisms for interoperability. Common security mechanisms used in CORBA Security include Kerberos, SESAME, SPKM, DCE, and SSL. ORBs built to the CORBA security specification will enable object-based applications to interoperate securely across a wide variety of hardware and operating system platforms. Distributed Objects, CORBA, Distributed Object Security
CORBA Introduction
CORBA Security - What is it?
Distributed Object Security
CORBA Security Specification
CORBA Security Conformance
Security Policy Reference Model
| CORBAsecurity
CORBA Security Architecture
Authentication and Secure Invocation
Authorization
Accountability
Security Administration
Secure Interoperability Protocols
CORBA Security Reaching the Marketplace
| Welcome and introduction
Richard Soley (OMG) and David Chizmadia (NSA), co-chairs
| | Comparing Models For Distributed Object Security Mr. David Chizmadia (NSA) will chair this session, which will examine the process and results of attempting to compare the security models of the various Distributed Object Computing technologies available today. Strata Of CORBA Security
Deborah Bodeau, Joshua Guttman, and F. Javier Thayer,
MITRE Corporation GMD FOKUS Position on Security In Distributed Environments
Petra Hoepner, GMD FOKUS
| Policy Enclaves / DTE
John Sebes (TIS) will chair this session. Details TBA.
| | Interoperating Across Security Domains Dr. Patrick Mallett (MITRE) will chair this session, which examines the issues related to having the capability for objects to interoperate securely when their respective security policy domains do not support the same policies or mechanisms. Interoperating Between Security Domains
Charles M. Schmidt and Vipin Swarup, MITRE Bridging DOC Technologies With NetCrusader
Brian Breton, Gradient Technologies Multi-Protocol Authentication Gateway for CORBA over the Internet
Michelle Abram, John Sebes, Deborah Shands,
Trusted Information Systems
| CORBAsecurity revision 1.2 Introduction: What Changed?
Dr. Jishnu Mukerji (HP) will introduce the CORBAsecurity 1.2 revision in its final adoption stages by the OMG, outlining the major changes from previous revisions of the specifications.
| Implementers Roundtable
Dr. Jishnu Mukerji (HP) and Dr. Richard Soley (OMG) will chair a panel of Implementers of the CORBAsecurity specification, including: - Speaker TBA (IONA)
Polar Humenn (Syracuse University)
Andre Srinivasen (Borland)
Donald Flinn (Concept Five)
Matt Stillerman (ORA)
Troy Caldwell (DNS) | | JDK 1.2 and Microsoft DNA security CORBA is only one of a number of emerging Distributed Object computing technologies; most customer environments will have a mix of these technologies for the forseeable future, so it will be important for users and programmers to understand the security of each environment and how they relate and interoperate. Bob Blakley (IBM) will chair this session, which will provide detailed technical overviews of security in two major non-CORBA object environments. JDK 1.2 security
Larry Koved, IBM Yorktown Research Security in the Microsoft Object environmen
Speaker TBA, Microsoft
| Analysis and Assessment
Henry Rothkopf (MITRE) will chair this session. Details TBA.
| Case Studies - Experiences Implementing CORBA Security
Dr. Patrick Mallett (MITRE) will chair this session, which presents four sets of experiences and lessons learned by individuals involved in projects that are implementing CORBA Security Specifications. The talks represent case studies from three vertical domains: C4ISR, Healthcare, and Transportation. Secure Distributed Object Architecture Joint
Demonstration for DARPA, JPO, and ROME Labs
Don Faatz et al, MITRE Security Issues In a Computerized Patient Record Enterprise
Konstantin Beznosov, Baptist Health Systems of South Florida Rolling Security into the Enterprise
Angelique M. Krieger, Boeing Global Weapons Information System (GWIS) and TeleMed
Justin Doak and Dave Forslund, Los Alamos National Laboratory
| Future of Distributed Object Computing Security
Mr. David Chizmadia (NSA) will chair this session, which will provide three positions on where DOC security is, or should be, going. The chair will then invite everyone to participate in a general discussion on this issue. Making Distributed Objects "Secure Enough" For Electronic Commerce
Speaker TBA, OMG Electronic Commerce Domain Task Force Information Assurance In The Distributed Objects Universe
Speaker TBA, DARPA CORBAsec 2010: The Path Not Yet Traveled
David Chizmadia, NSA
| WORKSHOP COMMITTEE Co-Chairs: Dr. Richard Mark Soley
Chairman and CEO
Object Management Group
[email protected]
| Mr. David Chizmadia
Office of INFOSEC Computer Research
National Security Agency
[email protected]
| | |
