Security Training Seminars An integral part of The Open Group Security Programme

Transcription

1 Security Training Seminars An integral part of The Open Group Security Programme Dean Adams Director, Security & Electronic Commerce

2 Agenda Check! j Brief Overview of Security Program Key Projects Introduction to Security Training Seminars 2

3 Scope of Program For organisations implementing innovation in Security & Electronic Commerce, the security program aims to: reduce business risks reduce business costs improve competitiveness Support for a secure infrastructure at 3 levels: Internet Enterprise-wide network (Intranet) Platforms 3

4 The IT DialTone Management Services Transaction Processing Application Services Service Qualities Security Manageability Interoperability International Operation Scalability Portability Core Information Exchange Location Services Security Services 4

5 Scope of Program Business Business Requirements Requirements identification, identification, definition definition & prioritisation prioritisation Product Product Developments Developments & Industry Industry Trends Trends Generating, Generating, Participating-in Participating-in & Monitoring Monitoring Technical Technical Developments Developments Standards, Standards, Collaborative Collaborative Technology Technology & Pilot Pilot Trials Trials Defining Defining Branding Branding Programs Programs supported supported by by testing testing Support Support in in the the Marketplace Marketplace Launch, Launch, communications, communications, integration, integration, training, training, procurement procurement 5

6 Scope of Program - evolution Aim to provide a full service range to our partners Aim to provide a full service range to our partners major system vendors, application & middleware providers, end-user organizations mutually supportive activities, no throw over the wall attitude Standards Development Partnerships Consultancy Training Pilot Pilot Trials Trials Testing Brand Brand Peer Peer Networking Market Market Requirements 6

7 Conformance & The Brand Enforced by the X/Open Trade Mark Licence Agreement It conforms to the Standard It will continue to conform Any problems, fixed by the supplier within set time Guaranteed by the supplier Brand can be taken away! 7

8 Agenda Check! Brief Overview of Security Program j Key Projects Introduction to Security Training Seminars 8

9 Distributed Security Framework - (an application programmer s view) Users of Security Services Applications System Services (e.g. network, file-system, database, etc.) Common Security Services Distributed Authentication Common Security Services (provided through Generic interfaces) Distributed Audit Cryptographic Services Key & Cert Management Specific Mechanism Modules Eg. Kerberos SESAME CryptoKnight ETC. As Appropriate 9

10 Common Architecture for PKI Defines, characterises, integrates, positions, components of a PKI Based on use of X509.v3 (due to overwhelming recommendation from customer community) but does not preclude use of other approaches (e.g. SDSI) Provides for, but does not mandate Key Recovery Drafts available publicly via web server References and integrates specifications from other sources e.g. IETF, PC/SC, OpenCard 10

11 Business decisions and Regulatory Framework establish trust relationships Allow for hierarchical structure, direct relationships, and web-of-trust relationships as deemed appropriate for individual circumstances. Do not Dictate through technology 11

12 Business Decisions and Regulatory Framework establish separation/combination of Role... Registration Authorities can be local to user (e.g. lawyers office, local chamber of commerce. Can offer services from multiple competing services (act as broker), customer choice based on business and regulatory considerations. 12

13 CDSA A search on the Internet reveals Canadian Dam Safety Association Canadian Deaf Sports Association Comprehensive Digestive Stool Analysis But since this is a security presentation Common Data Security Architecture 13

14 Common Data Security Architecture (CDSA) For applications and services in a PKI environment Coherent architecture Comprehensive set of services Originally submitted by Intel Revision and addition from PKI Task Group Intel, IBM, Netscape, Entrust, Trusted Information Systems prepared revised specifications Fast-Track adoption Real commitment by suppliers to build into products 14

15 CDSA Fast Track Formal review & comment period completed final version being prepared for publication formal approval Publish final standard - awaiting completion of legal procedures Test suites in development Brand (certification scheme) definition and supporting processes being developed development partnerships in the pipeline 15

16 Common Data Security Architecture - CDSA Applications in C Applications in C++ Applications in Java System Security Services Layered Services Tools Method Wrapper Middleware Language Interface Adapter CSSM Security API EM-API Common Security Services Manager CSP Manager SPI Integrity Services TP Module Manager TPI CL Module Manager CLI Security Contexts DL Module Manager DLI Elective Module Mgr EMI Security Add-in Modules Cryptographic Service Provider Trust Model Library Certificate Library Data Storage Library New Category of Service 16 Data store

17 Single Sign-On To support distributed heterogeneous enterprise-wide network Completed so far: Pluggable Authentication Modules (PAM) publicly available on web server In the pipe Account Management built on LDAP based schema Detailed proposals for brand, test 17

18 Agenda Check! Brief Overview of Security Program Key Projects j Introduction to Security Training Seminars 18

19 Security Training Seminars New! Starts here in Amsterdam, establish as regular feature Integral part of Security Program supporting standardization and collaborative technology initiatives in the field Aims: practical advice of obvious value to the business short to medium term tactical advice medium to long term strategic advice supported by case examples 19

20 20 Security Training Seminars Managing: Dr. Phil Holmes background in education, information management and publishing Rob Tate background in practical commercial consultancy Security Training Alliance proposal for alliance of training partners working under common marketing banner common, shared set of training modules co-operation between partners in satisfying customer organization s training needs

21 Security Survival An Indispensable Guide to Securing Your Business Security Survival An indispensable guide to securing your business Essential advice for users and managers Helps prepare you for net security Obtain from: Prentice-Hall Regular & Internet The Open Group Regular & Internet Amazon Internet only Your guide to System Security 21 Covers DCE Security

22 Our Speakers Today Stan Dormer, (Aid to Industry) 30 years in IT and auditing co-founder of COMPACS conferences now in 21st year Pierre Noel (The Open Group) Pierre Noel (The Open Group) practical expertise in DCE, security, Single Sign On open transaction processing, and distributed systems principle Open Group consultant for Single Sign-On 22

23 Rules of Engagement Not a working group meeting Panel Question & Answer Session Feel free to provide feedback to Phil Holmes and Rob Tate either personally or via evaluation forms content, quality, suggestions for future topics interest in The Security Training Alliance Further opportunity for one on one discussion at the reception for interested parties 23