Please consider the following abstract for a presentation/position paper in DOCSec Case Studes at DOCSec '99. I would be happy to talk to you about what I am proposing if any clarification or expansion is needed. Regards, Justin -- Justin Doak, M.S. Technical Staff Member Distributed Computing Infrastructure Team Distributed Computing Group, CIC-8 Computing, Information, and Communications Division Los Alamos National Laboratory e-mail: justin@lanl.gov phone: (505)665-7807 home page: http://www.lanl.gov/home/justin fax: (505)665-6333 mailing address: Justin Doak P.O. Box 1663, MS B272 Los Alamos National Laboratory Los Alamos, NM 87545 /* Worship your pets. */ DOCSec in Product Data Management Tools Los Alamos National Laboratory (LANL) requires a Product Data Management (PDM) tool to help weapons designers and engineers securely manage both data and the product development process associated with the nuclear weapons program. The PDM system will keep track of the masses of data and information required to design, manufacture or build, and then support and maintain nuclear weapons and weapons-related parts. The PDM system will integrate and manage processes, applications, and information that define nuclear weapons-related products across multiple systems and media. The tool should be capable of serving as an enterprise framework (i.e., operates across the Department of Energy (DOE) complex) for the nuclear weapons program. No PDM tool can be seriously considered unless it can meet the stringent security requirements necessary for the handling of classified data. The majority of PDM tools currently on the market are based on distributed object architectures in order to meet the needs of their customers who frequently operate in heterogeneous, distributed environments. Whatever security is implemented by PDM vendors must be compatible with, and perhaps even utilize, the security present in the underlying infrastructure. As an example of a vendor who utilizes DOC technology as part of their infrastructure, consider Parametric Technologies Corporation (PTC) and their Windchill tool. This web-centric tool uses Java RMI to establish communication between Windchill clients and servers. Windchill relies on the underlying web infrastructure for most of its security. For example, Windchill uses HTTP authentication with usernames and passwords or digital certificates to authenticate users. The specific authentication mechanism in the underlying web infrastructure is kept separate from Windchill. Thus, the mechanism can change according to the customer's requirements and Windchill will simply use the new underlying authentication scheme. Windchill has implemented an authorization capability by making use of classes for managing access control lists in the java.security package. Policies defined with this capability determine which functions a given principal (user or group) may or may not execute against a given set of objects. Confidentiality and integrity of messages, like other security provided by the Windchill product, is built on security provided by the underlying web infrastructure, in this case HTTPS (ssl-enabled HTTP). LANL is in the process of evaluating the PDM market to create a short-list (and eventually a final selection) of vendors whose products may be appropriate as an enterprise-wide information management solution for the weapons program. As part of this effort, we are benchmarking the Windchill tool from PTC and will evaluate it's security capabilites as part of the benchmark. At a minimum, any adopted tool needs to provide an authentication mechanism that operates with the current DOE approved mechanisms in the secure or red network, currently Kerberos. However, it should also support certificate-based (i.e., public-key) authentication since DOE will eventually approve it. Authorization, at the object and method level,axs is also a requirement. Additionally, integration with the authorization provided by legacy systems, such as databases, should be provided if access control is needed at a finer-grain than the method level. An example of this is a table in a database where a user may only be allowed access to certain records; it would be difficult to control access to individual records simply by setting access controls on methods. The PDM tool should provide an administrator with an easy-to-use interface that facilitates the maintenance of groups and access control lists that determine access to objects within the PDM system. In addition, client/server connections should be over encrypted channels. As an alternative to providing authorization within the PDM system, it is desirable that the PDM system be able to integrate with other 3rd-party authorization tools, in particular DASCOM's security/authorization server. LANL is currently using DASCOM's NetSeal to control access to web objects; the same authorization server could be used to control access to objects within the PDM system as well.