PowerPoint - The Open Group
Download
Report
Transcript PowerPoint - The Open Group
Some Research and Development
Opportunities
for the DCE Community
Paul Dale
[email protected]
Introduction
The Open Group has a technology delivery
capability - a unique attribute of the consortium
There are technology opportunities now - which
can add value to a DCE environment
The Research & Development Division has the
technical skills to carry out value-added
projects and proposals
— We would like to hear from you
Topics
JADE I and JADE II
Java-Kerberos
ADAGE
Strategic Consulting
Java and DCE (JADE)
COTS Browsers
Web Servers
F
I
R
E
W
A
L
L
DCESServers
JADE Benefits
Allows DCE clients to be written in Java
Allows deployment of DCE clients on demand as Java applets
in conjunction with a JADE client (now) and with no preinstalled software (JADE II)
Brings full DCE-based client-server security to Java
applications - a secure extension to the applet environment
No restrictions - an applet can talk to any DCE server
Allows DCE clients to easily include graphics and multi-media
via use of Java display widgets
Introduces a minimal object model
JADE I Final Release Feb ‘98
Stand-alone Java applications
Signed Java applets (with JADE libraries pre-installed)
Interoperates with existing DCE server apps
Supports Java access to all major DCE services
— Secure RPC, CDS Directory, Security, Time
Supports a wide range of DCE IDL datatypes
— scalars, strings, pointers, arrays, pipes, context handles, unions
Runs on top of existing DCE client libs
JADE I binary distribution is now
available on CD-ROM
Contents
— JADE IDL compiler (DCE 1.2.2 IDL compatible)
— Class Libraries, Interface Files, and Sample Application Source
— 3.7 MB of JavaDoc API documentation and IDL Mapping Specs
— Comprehensive test suite (14 categories of tests)
— JDK 1.1 compatible
Footprint
— 1.1 MB for class libs and DLLs (not including DCE client libs)
JADE II Now in progress
Pure Java Implementation of DCE client
Stub and API compatible with JADE I
DCE RPC Security through Java-Kerberos
NSI Directory support via LDAP
Beans support through JADE IDL Compiler
Client-side async RPCs (a.k.a “futures”)
SSL transport for JADE II and DCE ref. port
Demo applet available at
http://drdoom.camb.opengroup.org:8001/
Java-Kerberos
Pure Java implementation of Kerberos 5
Alpha version currently interoperates with
— MIT Kerberos 5
— DCE
— Cygnus Kerbnet
Also includes Kerberos 4 implementation
— Includes MIT, Andrew, and AFS compatibility
Downloadable as an applet or library
Java-Kerberos
Supports both Kerberos authentication and message
protection
— Currently provides 56-bit DES encryption
— Can be extended to other Kerberos e-types
Will include kinit/klist/kdestroy applets
Will support multiple cache mechanisms
— Pure Java based cache (shared between multiple VMs)
— Native method based cache (to platform’s existing
ticket file, e.g., disk or memory based)
— Cache interface for adding new cache implementations
Java-Kerberos in Use
Current alpha users
— NASA/JPL for message protection of Mars Pathfinder,
Galileo, and Cassini mission data transmissions
— Los Alamos National Laboratory for Global Warfare
Information System
— Cornell University for authentication of CORBA-based
student information applications
Java-Kerberos Demo Applet available at
— http://www.camb.opengroup.org/RI/www/jkrb/
Java-Kerberos in the future
Possible future enhancements
— Support for Pure Java GSS-API layer
— 40-bit DES version
— Triple DES version
— PKINIT (use of public-key certificates for initial
Kerberos authentication)
— Alternative crypto packages (e.g. JSAFE)
— Kerberized RMI implementation
Authorization for Distributed Applications
and Groups (ADAGE)
Distributed
Security Services
Distributed Applications
Application Server
(e.g. Web server
Application Client
(e.g. WebBrowser)
Identity and
Attribute Servers
Adage API
Visual
Policy Builder
Authorization
Language
Interpreter
Adage
Adage API
Adage Tools
Adage Services
Authorization
Decision
Engine
User
Authorization
Database
Engine
Authorization
Database
Adage Benefit High Level Authorization Policies
Policies may be complex, rich, and dynamic, based on roles,
business processes, legal constraints, time constraints, etc.
— Adage has rich support for groups, sets, roles, rules, relations
and constraints
— By contrast “ACLs are the assembly language of authorization”
— Implementing policies may require many low-level operations so
that it is practically impossible to assure that policies are
correctly implemented and maintained - ACL’s for 100,000
employees and 1,000,000 objects?
— Examples where ACL’s don’t help
“Access to the internet is only allowed between 7pm and 9pm”
“The creation and approval of a given purchase order must be
done by two different people, though the same person may both
create and approve different
purchase orders.”
Adage Benefit User Centered Security
Secure systems with usability as primary goal
Simplify authorization policy administration
– Visual tools - Visual Policy Builder GUI
– High-level authorization language (AL)
Ease of use promotes better security
Adage Benefit Consistent global policies, Distributed trust
Adage supports trust models for enterprise-wide policies
— Available to all applications on all sites
Authorization toolkit support for application developers
– Register application-specific authorization policy with Adage
– Request authorization decisions
Trust model between sites
— Authorization decisions based on trustworthiness of
authentication authorities
Citizenship metric - how trusted is an authentication authority?
Introduction chain metrics - Length, Number of chains, Age of
chains, Quality of chains
ADAGE was developed with DCE in mind
Adage is architected to not only take identities from a
DCE cell, but to take DCE group and other
information into account in its policies and rules.
Adage second snapshot now available (4/30/98).
Adage and DCE Possibilities
More Flexible Policies
— Adage can easily replace the ACL manager to provide more
flexible policies
Better Management
— A GUI (Visual Policy Builder) and Authorization Language
— Centralized authorization policy control and management
All applications use the same authorization policy
Authorization information only needs to be changed in one place
Adage and DCE Possibilities
Better Authorization in the Global Environment
— Adage's trust model would allow sites to form organizational
policy about external authentication servers in a more flexible
fashion
— DCE only supports hierarchical authentication servers
arranged via a namespace
General Security Policy Server
— Integrate authentication and encryption policy into Adage
— Restrict access to objects based on authentication type or
strength, or on whether the channel was encrypted or local
(within the firewall).
Infrastructure Investment Analysis (IIA)
The Open Group continues to offer technologybased consulting, especially in DCE
Over the last year, a new strategic consulting
capability has been developed
— A formal, quantitative methodology for
understanding the risks / rewards of IT
infrastructure plans and alternatives
Motivation
Managing the cost-reward and risk-reward of IT
infrastructure is increasingly a significant obligation of IT
departments
Everyone talks about the cost and business requirements
of IT solutions; nobody knows how to measure these
Few tools are available to assist IT departments through
the decision making process in the expanding networkbased, global IT environment
Yet competency in many businesses requires risk/reward
models, e.g. banks have models of acceptable risks in
originating loans
What is
Infrastructure Investment Analysis (IIA)?
A mathematical modeling capability
The skills and techniques required to model IT problems
The Open Group’s methodology is to
— Review and generate business and technical requirements
— Perform a technical analysis and initial risk modeling
— Model risk-mitigating technical solution(s)
— Build a decision-theoretic "roadmap" for realization of
solution(s)
Value of Risk Modeling
A common reaction: Models are too abstract - not real world
In reality, modeling
— Allows representation of hypothetical system
— Allows simplification of complex IT infrastructure
— Aids communication and agreement on goals, terms, methods
— Emphasizes discovery and clarification of assumptions
— Generates evidence about system under given assumptions
— Shifts debate from challenging evidence to challenging
assumptions
Modeling approaches do not exist today for IT; we have
taken the lead in defining a new methodology for industry
An Example - BITS
The Banking Industry Technology Secretariat (BITS) is
engaged in a Global Security Architecture project
As part of this we have modeled the risks and costeffectiveness of a single root CA as opposed to multiple
root CAs
— Thought provoking (but private) results
Now modeling the cost of several alternatives for
security technologies for e-commerce
Many kinds of risks
In the financial services sector, end-to-end risks
include
— Transaction risks (fraud, theft, timeliness)
— Strategic risks (infrastructure, interoperability, costeffectiveness)
— Reputation risks (loss of privacy or other trust)
— Regulatory compliance (existing or new)
An strategic consulting invitation
To work with a vendor neutral organization
To use a formal, quantitative, rather than opinionbased, approach to decision making
To understand trade-offs and alternatives
To justify decisions
To manage IT risks, costs and rewards
On specific IT planning challenges, such as DCE
applications
Creating Value for the DCE Community
New technology (e.g. JADE, ADAGE)
DCE Consulting
Strategic Consulting
Flexible working arrangements with buyers and
suppliers
How can we help improve your IT environment?