INTRODUCTION In today's highly competitive and constantly shifting IT environment of inter-, intra-, and extra-nets, organizations are no longer concerned with the question of whether to use Distributed Object Computing (DOC) in their enterprise IT architecture - they quite simply have to if they are to remain competitive. In many cases, enterprise IT architects don't even have the option of which DOC model - CORBA, DCOM/ActiveX, or Java RMI - to use because they already have operational or near-operational subsystems that are using all three. The only real question is how to achieve inter-operation among the three models to avoid a new generation of stovepipe systems. Adding the concerns associated with information technology security complicate the challenges of DOC interoperability even more. The available security technologies for any one DOC model are varying combinations of: immature, unproven, poorly understood, poorly integrated, poorly implemented and difficult to manage - but absolutely critical to the success of the enterprise subsystems that use that model. Compounding this problem with each individual DOC technology is the fact that some aspects of the security technologies of each model are incompatible with those of the others. Building on the success of two previous DOCsec (Distributed Object Computing Security) Workshops, the OMG and the NSA are sponsoring this Third Workshop on Distributed Object Computing Security to bring the developers of DOCsec Specifications and Standards, Products and Systems together to share knowledge, experiences, plans and requirements. The Workshop is intended to bring together individuals with experience in Object Oriented Technology, Network and Operating System Security, and operational system planning, development and deployment. With the recent emergence of commercially available security products for all three DOC technologies, the focus of this Workshop is expected to shift from developing standards-compliant products to developing operable and interoperable secure solutions. The Workshop is open to all with an interest in and understanding of some combination of secure IT systems integration, operational IT security and CORBA, DCOM, or Java security specifications and products. The program will consist of two days of tutorials in DOC, CORBA Security, DCOM Security, and Java Security, followed by two days of sessions describing case studies of fielded, or emerging, secure DOC systems. It is also hoped that research and advanced product development activities will be reported during the workshop. The Workshop Program Committee is seeking proposals for presentations or panels addressing any of the following topics: DOCsec Case Studies In this year's workshop, we want a much stronger focus on the application of DOCsec products and concepts to actual systems. Towards this end we'd especially like proposals for short case study reviews of - Creating secure enterprise systems using DOCsec products
- Integrating enterprise legacy systems using DOCsec products
- Integrating DOCsec security services with system and product legacy security services
- Specializing existing and emerging DOCsec products for specific application domains or operational requirements
- Providing application layer security policy support that can be established, implemented and administered for specific application domains or operational requirements
DOCsec Specifications and Standards - Interoperability standards among CORBAsec, DCOM Security, and Java/EJB Security
- Capabilities provided by existing and emerging DOCsec specifications and standards
- Capabilities missing from existing and emerging DOCsec specifications and standards
- Emerging additions or refinements to CORBAsec, DCOM Security and Java/EJB Security specifications
- Concise representation of the security models for CORBAsec, DCOM Security and Java/EJB Security
- Concise representation of the object models for CORBAsec, DCOM Security and Java Security
DOCsec Product Issues - Issues associated with realizing the security specification(s) for each DOC model
- Integrating DOCsec products with other DOC Services (e.g., transactions or naming) products
- Security assurance issues in DOCsec Products
- Security Architecture issues in DOCsec Products
- DOCsec Product dependencies on OS security
- DOCsec Product dependencies on network security
DOCsec Operational Issues - Security administration in homogeneous or heterogeneous configurations of existing and emerging DOCsec products
- Validating the security posture of homogeneous or heterogeneous configurations of existing and emerging DOCsec products
- Balancing dynamic operational performance requirements with both static and dynamic security requirements
- Establishing extra-domain security relationships in response to evolving operational requirements
INSTRUCTIONS Interested individuals or organizations are invited to submit a brief (one printed page or 60 80-character email lines of text) abstract of the presentation/position they are proposing for the Workshop. This abstract should be submitted via email by 3 May 1999 to: [email protected] Authors of selected presentations will be notified by 11 June 1999. The final Workshop agenda and registration can be found here: WORKSHOP COMMITTEE | Chairs: | Richard Soley, Object Management Group | | David Chizmadia, National Security Agency | | Members: | Carol Burt, 2AB | | Konstantin Beznosov, Baptist Health Systems | | Bob Blakley, DASCOM | | Martin Chapman, IONA Technologies | | Ed Feustel, IDA | | Bret Hartman, Concept Five | | Polar Humenn, Adiron | | Gene Jarboe, Promia | | Jishnu Mukerji, Hewlett-Packard | | Jon Siegel, Object Management Group | | Andrew Watson, Object Management Group | | | | |
