Third Symposium on Distributed Object Computing Security, 1999

Abstract for DOC Security Case Studies by
Padmaraju Nanduri, Credit Suisse, Zuerich, Switzerland

Distributed Object Computing using CORBA takes place at Credit Suisse (one of
the two largest banks in Switzerland) in a highly heterogeneous environment. 
This comprises of NT-Workstations and NT-Servers, Unix-Servers and the mainframe 
platform (Unix System Services, OS/390). The underlying computing model 
consists of both traditional client/server architectures as well as distributed 
systems supporting multiple tiers (mainly 3-tier architectures). The deployed ORBs 
are mainly from IONA and Promia and support the language bindings C++, Smalltalk, 
Java and PL/1. Currently the deployment of the DOC is restricted to the intranet.

The introduction of security to the environment just described is gradual. As
a first step the CORBASEC compliance level 1 is targeted by deploying the SSL-enabled 
ORBs of the aforementioned companies. This requires an integration with existing 
corporate security infrastructure as well as enhancements like delegation to suit 
specific architectural requirements. 

The presentation will detail how this was done for Credit Suisse: 
- Identification through existing Single Sign On and Authentication through Public 
  Key Credentials
- Integration complexities with Public Key Infrastructure ("token based" PKI product
  vs. "non-token based" SSL implementations)
- Simple unrestricted delegation of Principal identity
- Integration with Mainframe security
- Achieved transparency for the security unware applications
- Overview over deployed pilot projects using CORBASecurity
- Security issues involved for Credit Suisse by enlarging the deployment scope from
  the intra- to the extra- and internet

Duration: approx. 30 minutes
Slides:   approx. 10