INTRODUCTION

In today's highly competitive and constantly shifting IT environment of inter-, intra-, and extra-nets, organizations are no longer concerned with the question of whether to use Distributed Object Computing (DOC) in their enterprise IT architecture - they quite simply have to be concerned if they are to remain competitive. In many cases, enterprise IT architects do not have the option of which DOC model - CORBA, DCOM/COM+/ActiveX, or Java RMI - to use because they already have operational or near-operational subsystems that are using all three. The question is: How do we achieve inter-operation among the three models to avoid new generations of stovepipe systems?

The available security technologies for any one DOC model  are critical to the success of the enterprise subsystems that use that model.  However, the available standards and technologies are not without their own difficulties. Aspects such as,  unfamiliarity with the model, complexity of the model, and in some cases, quality of the products, give rise to perplexing problems that designers, programmers, and administrators must work together to overcome.

Using several different DOC technologies together in an enterprise adds an order of magnitude to the problems. Some aspects of the security technologies of each model are incompatible with those of the others.

Building on the success of three previous DOCsec (Distributed Object Computing Security) Workshops, the OMG is sponsoring this Fourth Workshop on Distributed Object Computing Security to bring the developers of DOCsec Specifications and Standards, Products and Systems together to share knowledge, experiences, plans and requirements.  The Workshop is intended to bring together individuals with experience in Object Oriented Technology, Network and Operating System Security, and operational system planning, development, deployment, and management. With the recent emergence of commercially available security products for all three DOC technologies, the focus of this Workshop is expected to shift from developing standards-compliant products to developing operable and interoperable secure solutions.

The Workshop is open to all with an interest in and understanding of some combination of secure IT systems integration, operational IT security and CORBA, Microsoft, or Java security specifications and products. The program will consist of two days of tutorials in existing DOC (e.g., CORBA, Microsoft, and Java) Security standards and products, followed by two days of sessions describing case studies of fielded, or emerging, secure DOC systems. It is also hoped that research and advanced product development activities will be reported during the workshop.

The Workshop Program Committee is seeking proposals for presentations or panels addressing any of the following topics:

DOCsec Case Studies

In this year's workshop, we want a much stronger focus on the application of DOCsec products and concepts to actual systems. Towards this end we'd especially like proposals for short case study reviews of

• Creating secure enterprise systems using DOCsec products
• Integrating enterprise legacy systems using DOCsec products
• Integrating DOCsec security services with system and product legacy security services
• Specializing existing and emerging DOCsec products for specific application domains or operational requirements
• Providing application layer security policy support that can be established, implemented and administered for specific application domains or operational requirements

DOCsec Specifications and Standards

• Interoperability standards among CORBAsec, DCOM Security, and Java/EJB Security
• Capabilities provided by existing and emerging DOCsec specifications and standards
• Capabilities missing from existing and emerging DOCsec specifications and standards
• Emerging additions or refinements to CORBAsec, DCOM Security and Java/EJB Security specifications
• Concise representation of the security models for CORBAsec, DCOM Security and Java/EJB Security
• Concise representation of the object models for CORBAsec, DCOM Security and Java Security

DOCsec Product Issues

• Issues associated with realizing the security specification(s) for each DOC model
• Integrating DOCsec products with other DOC Services (e.g., transactions or naming) products
• Security assurance issues in DOCsec Products
• Security Architecture issues in DOCsec Products
• DOCsec Product dependencies on OS security
• DOCsec Product dependencies on network security

DOCsec Operational Issues

• Security administration in homogeneous or heterogeneous configurations of existing and emerging DOCsec products
• Validating the security posture of homogeneous or heterogeneous configurations of existing and emerging DOCsec products
• Balancing dynamic operational performance requirements with both static and dynamic security requirements
• Establishing extra-domain security relationships in response to evolving operational requirements

INSTRUCTIONS

[email protected]

Authors of selected presentations *will be notified within one week of submission and final* presentation materials are due in electronic publication format by 21 March 2000. The final Workshop agenda and registration details will be posted .

WORKSHOP COMMITTEE