Proposal Abstract:

With the arrival of a commercially available implementation of 
Security Level 2 of the CORBA Security Service (i.e., Adiron's
ORBASec SL2), it is now possible to begin exploring some of the
issues associated with actually using the CORBAsec interfaces 
in the design and implementation of a security-aware CORBA 
application.  As part of its DOCSec Experience Laboratory task,
NSA will develop a security-aware interactive application on the 
ORBASec SL2 product.

The application will essentially be a bulletin board system with
an integrated notion of user/administrator identity and role and
a security policy for controlling access to parts of the bulletin
board based on these attributes.  If time permits, a sensitivity 
attribute (e.g., clearance) may also be added.

This presentation will describe the development team's experiences
in designing, implementing and operating the application.  It is 
hoped that these experiences will be helpful to other organizations
attempting to use CORBAsec as a component of their software 
architecture.  We also hope to have the application available as one 
of the demonstration displays.


Primary POC: Dave Chizmadia; dmc@tycho.ncsc.mil

Backup POCs:
  Darrel Sell; dgs@tycho.ncsc.mil
  Capt. William (Chris) Shutters, USAF; wcs@tycho.ncsc.mil