Dave (et al),

I'm including below an abstract for a proposed workshop section as part of
DOCsec'99.  Please let me know if it needs more (or less) detail to be
evaluated, or if you have any questions.

Abstract:

Lockheed Martin (LM) is a systems integrator that builds large application
systems for the Department of Defense (DoD) as well as some commercial
customers.  LM is the prime integrator for the Global Combat System Support
- Air Force (GCSS-AF) project, which involves the modernization of a number
of existing stovepipe systems, under a common Integration Framework.  This
includes a move to Web Based computing, N-tier architectures that support
thin clients, Distributed Objects, Public Key Infrastructures, Directory
Services, Java, CORBA, and other modern technologies.  The customer strongly
desires that the resulting systems employ current security technologies that
apply to such a structure.  During our first two releases of the GCSS-AF
Integration Framework, we have found that it is difficult to integrate
commercial security products with all the features desired by our customers.
For example, it has been difficult to integrate the PKI capababilities that
are built into web browsers with the authentication capabilities built into
various CORBA products, especially within the projected Department of
Defense PKI structure.  This has caused complex interoperability and
integration problems that might be better addressed by the product vendors
through industry standards, rather than by integrators such as ourselves.
This presentation will discuss the types of requirements that our customers
have, and the nature of the compromises and difficulties that we have had in
integrating CORBAsec with other products.  We will identify areas where
product vendors can improve their products, and identify interoperability
concerns that could be addressed by the OMG.



Cheers,
Paul
Paul Montague
Lockheed-Martin Federal Systems, Owego
(607)751-2942
paul.montague@lmco.com