Security Policy Management Session


     CONTROL, A new CORBA Security Level2 Access Control Model
                          Polar Humenn
             Adiron, LLC. and Syracuse University

This talk presents CONTROL. This product is an access control component
built on top of the current CORBA Security Level 2 Credentials model. I
present a domain specific language in which CORBA security access policy
can be written. This language is accepted at AccessManager interfaces for
distributed components. The AccessManager makes its access computations
and decisions locally according to the accepted policy. No remote calls
are necessary.

The architecture implied by CONTROL can present itself as a scalable and
efficient way to provide and manage access control policy to a
distributed system by using a push model of event notification. I believe
the model presented here is more robust than the current CORBA Security
Specification's current access control model in the following ways:

1. Expressibility: The CONTROL Access Policy Language (SAL) is more
   expressive than the current CORBA security access control model, but
   still inclusive of the current CORBA security access control model.

2. Auditability: The Access Language is representable of the current
   access control policy in place. It can be comprehensively analyzed.

3. Architecturally: it is a push model, which is more scalable and
   efficient compared to the pull model of current CORBA security access
   control model.

4. Efficiency: access decisions are made locally without remote calls.

I will present these concepts and ideas, the deficiencies with the
current CORBA Control Access Control model, and lead toward a new
model of flexible enterprise security policy management.

-------------------------------------------------------------------
Polar Humenn                  Adiron, LLC
mailto:polar@adiron.com       2-212 CST      
Phone: 315-443-3171           Syracuse, NY 13244-4100
Fax:   315-443-4745           http://www.adiron.com