AT&T Vision 2000 Security Architecture

*	Problem Statement 
Identification of the Vision 2000 Architecture and why we are going to use
this
*	Desktops/Clients
*	Web Based - HTML Only
*	Web Based - Java applets
*	Desktop Applications
*	Web Servers
*	Pure Web Servers
*	CORBA Proxies
*	CORBA Clients
*	CORBA Business Servers
*	Business Objects
*	Wrapper Objects


*	Security Challenges
The security challenges in this architecture - This is basic security stuff
but there are challenges with this architecture
*	Authentication
*	Who are the clients and how do they authenticate 
*	How do you know you are talking to who you think you are talking to
*	Access Control
*	Can the client do what they want to do
*	In a 'chain' of calls, who is the client?
*	Logging/Auditing
*	Can I recreate an event?
*	Can I recognize a security breach or attempted security breach
*	Administration
*	How do I administer this mess


*	Security Architecture
Discuss how the security architecture secures the architecture and meets the
challenges 
*	Authentication
*	Web Users
*	Desktop application users
*	X.590 Certificates
*	Coordination of Web Identity with ORB identity (Single Sign-On)
*	Software Client authentication
*	Access Control
*	Web Access Control
*	Method Access Control
*	Use of Domains (We are still not sure exactly how to do this)
*	Access Control in a chain of calls
*	Logging
*	Security Service Logging
*	Application Logging
*	Administration
*	Centralized Administration
*	Should Access Control Information be part of X.509 Certificate