View
219
Download
0
Category
Tags:
Preview:
Citation preview
Some Research and Development Opportunities
for the DCE Community
Paul Dale
p.dale@opengroup.org
Introduction
The Open Group has a technology delivery capability - a unique attribute of the consortium
There are technology opportunities now - which can add value to a DCE environment
The Research & Development Division has the technical skills to carry out value-added projects and proposals
— We would like to hear from you
Topics
JADE I and JADE II
Java-Kerberos
ADAGE
Strategic Consulting
Java and DCE (JADE)
FIREWALL
COTS Browsers
Web Servers DCESServers
JADE Benefits
Allows DCE clients to be written in Java
Allows deployment of DCE clients on demand as Java applets in conjunction with a JADE client (now) and with no pre-installed software (JADE II)
Brings full DCE-based client-server security to Java applications - a secure extension to the applet environment
No restrictions - an applet can talk to any DCE server
Allows DCE clients to easily include graphics and multi-media via use of Java display widgets
Introduces a minimal object model
JADE I Final Release Feb ‘98
Stand-alone Java applications
Signed Java applets (with JADE libraries pre-installed)
Interoperates with existing DCE server apps
Supports Java access to all major DCE services— Secure RPC, CDS Directory, Security, Time
Supports a wide range of DCE IDL datatypes— scalars, strings, pointers, arrays, pipes, context handles, unions
Runs on top of existing DCE client libs
JADE I binary distribution is now available on CD-ROM
Contents— JADE IDL compiler (DCE 1.2.2 IDL compatible)
— Class Libraries, Interface Files, and Sample Application Source
— 3.7 MB of JavaDoc API documentation and IDL Mapping Specs
— Comprehensive test suite (14 categories of tests)
— JDK 1.1 compatible
Footprint— 1.1 MB for class libs and DLLs (not including DCE client libs)
JADE II Now in progress
Pure Java Implementation of DCE client
Stub and API compatible with JADE I
DCE RPC Security through Java-Kerberos
NSI Directory support via LDAP
Beans support through JADE IDL Compiler
Client-side async RPCs (a.k.a “futures”)
SSL transport for JADE II and DCE ref. port
Demo applet available athttp://drdoom.camb.opengroup.org:8001/
Java-Kerberos
Pure Java implementation of Kerberos 5
Alpha version currently interoperates with— MIT Kerberos 5
— DCE
— Cygnus Kerbnet
Also includes Kerberos 4 implementation— Includes MIT, Andrew, and AFS compatibility
Downloadable as an applet or library
Java-Kerberos
Supports both Kerberos authentication and message protection— Currently provides 56-bit DES encryption
— Can be extended to other Kerberos e-types
Will include kinit/klist/kdestroy applets
Will support multiple cache mechanisms— Pure Java based cache (shared between multiple VMs)
— Native method based cache (to platform’s existing ticket file, e.g., disk or memory based)
— Cache interface for adding new cache implementations
Java-Kerberos in Use
Current alpha users— NASA/JPL for message protection of Mars Pathfinder,
Galileo, and Cassini mission data transmissions
— Los Alamos National Laboratory for Global Warfare Information System
— Cornell University for authentication of CORBA-based student information applications
Java-Kerberos Demo Applet available at— http://www.camb.opengroup.org/RI/www/jkrb/
Java-Kerberos in the future
Possible future enhancements— Support for Pure Java GSS-API layer
— 40-bit DES version
— Triple DES version
— PKINIT (use of public-key certificates for initial Kerberos authentication)
— Alternative crypto packages (e.g. JSAFE)
— Kerberized RMI implementation
Authorization for Distributed Applications and Groups (ADAGE)
Application ServerApplication Server(e.g. Web server(e.g. Web server
Application ClientApplication Client(e.g. WebBrowser)(e.g. WebBrowser)
Distributed Applications
Identity and Identity and Attribute ServersAttribute Servers
DistributedSecurity Services
VisualVisualPolicy BuilderPolicy Builder
AuthorizationAuthorizationLanguageLanguageInterpreterInterpreter
Adage Tools
Adage
Adage ServicesAuthorizationAuthorization
DecisionDecisionEngineEngine
EngineEngineAuthorization Authorization
DatabaseDatabase
UserUserAuthorization Authorization
DatabaseDatabase
Adage API
Ad
age
AP
I
Adage Benefit - Adage Benefit - High Level Authorization PoliciesHigh Level Authorization Policies
Policies may be complex, rich, and dynamic, based on roles, business processes, legal constraints, time constraints, etc. —Adage has rich support for groups, sets, roles, rules, relations
and constraints
—By contrast “ACLs are the assembly language of authorization”
— Implementing policies may require many low-level operations so that it is practically impossible to assure that policies are correctly implemented and maintained - ACL’s for 100,000 employees and 1,000,000 objects?
—Examples where ACL’s don’t help “Access to the internet is only allowed between 7pm and 9pm” “The creation and approval of a given purchase order must be
done by two different people, though the same person may both create and approve different purchase orders.”
Adage Benefit - Adage Benefit - User Centered SecurityUser Centered Security
Secure systems with usability as primary goal
Simplify authorization policy administration– Visual tools - Visual Policy Builder GUI– High-level authorization language (AL)
Ease of use promotes better security
Adage Benefit - Adage Benefit - Consistent global policies, Distributed trustConsistent global policies, Distributed trust
Adage supports trust models for enterprise-wide policies—Available to all applications on all sites
Authorization toolkit support for application developers– Register application-specific authorization policy with Adage– Request authorization decisions
Trust model between sites—Authorization decisions based on trustworthiness of
authentication authorities Citizenship metric - how trusted is an authentication authority? Introduction chain metrics - Length, Number of chains, Age of
chains, Quality of chains
ADAGE was developed with DCE in mind
Adage is architected to not only take identities from a DCE cell, but to take DCE group and other information into account in its policies and rules.
Adage second snapshot now available (4/30/98).
Adage and DCE Possibilities
More Flexible Policies — Adage can easily replace the ACL manager to provide more
flexible policies
Better Management — A GUI (Visual Policy Builder) and Authorization Language
— Centralized authorization policy control and management
All applications use the same authorization policy
Authorization information only needs to be changed in one place
Adage and DCE Possibilities
Better Authorization in the Global Environment— Adage's trust model would allow sites to form organizational policy
about external authentication servers in a more flexible fashion
— DCE only supports hierarchical authentication servers arranged via a namespace
General Security Policy Server— Integrate authentication and encryption policy into Adage
— Restrict access to objects based on authentication type or strength, or on whether the channel was encrypted or local (within the firewall).
Infrastructure Investment Analysis (IIA)
The Open Group continues to offer technology-based consulting, especially in DCE
Over the last year, a new strategic consulting capability has been developed
— A formal, quantitative methodology for understanding the risks / rewards of IT infrastructure plans and alternatives
Motivation
Managing the cost-reward and risk-reward of IT infrastructure is increasingly a significant obligation of IT departments
Everyone talks about the cost and business requirements of IT solutions; nobody knows how to measure these
Few tools are available to assist IT departments through the decision making process in the expanding network-based, global IT environment
Yet competency in many businesses requires risk/reward models, e.g. banks have models of acceptable risks in originating loans
What is Infrastructure Investment Analysis (IIA)?
A mathematical modeling capability
The skills and techniques required to model IT problems
The Open Group’s methodology is to— Review and generate business and technical requirements
— Perform a technical analysis and initial risk modeling
— Model risk-mitigating technical solution(s)
— Build a decision-theoretic "roadmap" for realization of solution(s)
Value of Risk Modeling
A common reaction: Models are too abstract - not real world In reality, modeling
—Allows representation of hypothetical system
—Allows simplification of complex IT infrastructure
—Aids communication and agreement on goals, terms, methods
—Emphasizes discovery and clarification of assumptions
—Generates evidence about system under given assumptions
—Shifts debate from challenging evidence to challenging assumptions
Modeling approaches do not exist today for IT; we have taken the lead in defining a new methodology for industry
An Example - BITS
The Banking Industry Technology Secretariat (BITS) is engaged in a Global Security Architecture project
As part of this we have modeled the risks and cost-effectiveness of a single root CA as opposed to multiple root CAs— Thought provoking (but private) results
Now modeling the cost of several alternatives for security technologies for e-commerce
Many kinds of risks
In the financial services sector, end-to-end risks include— Transaction risks (fraud, theft, timeliness)
— Strategic risks (infrastructure, interoperability, cost-effectiveness)
— Reputation risks (loss of privacy or other trust)
— Regulatory compliance (existing or new)
An strategic consulting invitation
To work with a vendor neutral organization
To use a formal, quantitative, rather than opinion-based, approach to decision making
To understand trade-offs and alternatives
To justify decisions
To manage IT risks, costs and rewards
On specific IT planning challenges, such as DCE applications
Creating Value for the DCE Community
New technology (e.g. JADE, ADAGE)
DCE Consulting
Strategic Consulting
Flexible working arrangements with buyers and suppliers
How can we help improve your IT environment?
Recommended