[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

THIRD WORKSHOP ON DISTRIBUTED OBJECT COMPUTING SECURITY

To: cadse-orb@cs.fiu.edu
Subject: THIRD WORKSHOP ON DISTRIBUTED OBJECT COMPUTING SECURITY
From: Konstantin Beznosov <beznosov@baptisthealth.net>
Date: Fri, 9 Apr 1999 11:14:58 -0400 (EDT)
Reply-To: Konstantin Beznosov <beznosov@baptisthealth.net>
Sender: owner-cadse-orb@cs.fiu.edu

-- BEGIN included message

To: tc@omg.org, calls@omg.org, secsig@omg.org
Subject: DOCsec '99: http://www.omg.org/homepages/docsec/1999/
From: Richard Mark Soley <soley@omg.org>
Date: Fri, 09 Apr 1999 08:26:45 -0400

                            CALL FOR PRESENTATIONS
                                   FOR THE
                              THIRD WORKSHOP ON
                    DISTRIBUTED OBJECT COMPUTING SECURITY

                               12-15 July 1999


                          The Sheraton Inner Harbor
                           Baltimore, Maryland, USA

                               Sponsored by the
                           Object Management Group
                                   and the
                           National Security Agency

                                                        

INTRODUCTION

In today's highly competitive and constantly shifting IT environment of
inter-, intra-, and extra-nets, organizations are no longer concerned with
the question of whether to use Distributed Object Computing (DOC) in their
enterprise IT architecture - they quite simply have to if they are to remain
competitive. In many cases, enterprise IT architects don't even have the
option of which DOC model - CORBA, DCOM/ActiveX, or Java RMI - to use because
they already have operational or near-operational subsystems that are using
all three. The only real question is how to achieve inter-operation among the
three models to avoid a new generation of stovepipe systems. 

Adding the concerns associated with information technology security
complicate the challenges of DOC interoperability even more. The available
security technologies for any one DOC model are varying combinations of:
immature, unproven, poorly understood, poorly integrated, poorly implemented
and difficult to manage - but absolutely critical to the success of the
enterprise subsystems that use that model.  Compounding this problem with
each individual DOC technology is the fact that some aspects of the security
technologies of each model are incompatible with those of the others. 

Building on the success of two previous DOCsec (Distributed Object Computing
Security) Workshops, the OMG and the NSA are sponsoring this Third Workshop
on Distributed Object Computing Security to bring the developers of DOCsec
Specifications and Standards, Products and Systems together to share
knowledge, experiences, plans and requirements.  The Workshop is intended to
bring together individuals with experience in Object Oriented Technology,
Network and Operating System Security, and operational system planning,
development and deployment. With the recent emergence of commercially
available security products for all three DOC technologies, the focus of this
Workshop is expected to shift from developing standards-compliant products to
developing operable and interoperable secure solutions. 

The Workshop is open to all with an interest in and understanding of some
combination of secure IT systems integration, operational IT security
and CORBA, DCOM, or Java security specifications and products. The program
will consist of two days of tutorials in DOC, CORBA Security,
DCOM Security, and Java Security, followed by two days of sessions
describing case studies of fielded, or emerging, secure DOC systems. It is
also hoped that research and advanced product development activities will
be reported during the workshop.

The Workshop Program Committee is seeking proposals for presentations or
panels addressing any of the following topics: 

DOCsec Case Studies

In this year's workshop, we want a much stronger focus on the application of
DOCsec products and concepts to actual systems. Towards this end we'd
especially like proposals for short case study reviews of

     Creating secure enterprise systems using DOCsec products 
     Integrating enterprise legacy systems using DOCsec products 
     Integrating DOCsec security services with system and product legacy
        security services 
     Specializing existing and emerging DOCsec products for specific
        application domains or operational requirements 
     Providing application layer security policy support that can be
        established, implemented and administered for specific application
        domains or operational requirements 

DOCsec Specifications and Standards

     Interoperability standards among CORBAsec, DCOM Security, and Java/EJB
        Security 
     Capabilities provided by existing and emerging DOCsec specifications and
        standards 
     Capabilities missing from existing and emerging DOCsec specifications
        and standards 
     Emerging additions or refinements to CORBAsec, DCOM Security and Java/EJB
        Security specifications 
     Concise representation of the security models for CORBAsec, DCOM Security
        and Java/EJB Security 
     Concise representation of the object models for CORBAsec, DCOM Security
        and Java Security 

DOCsec Product Issues

     Issues associated with realizing the security specification(s) for each
        DOC model 
     Integrating DOCsec products with other DOC Services (e.g., transactions
        or naming) products 
     Security assurance issues in DOCsec Products 
     Security Architecture issues in DOCsec Products 
     DOCsec Product dependencies on OS security 
     DOCsec Product dependencies on network security 

DOCsec Operational Issues

     Security administration in homogeneous or heterogeneous configurations of
        existing and emerging DOCsec products 
     Validating the security posture of homogeneous or heterogeneous
        configurations of existing and emerging DOCsec products 
     Balancing dynamic operational performance requirements with both static 
        and dynamic security requirements 
     Establishing extra-domain security relationships in response to evolving
        operational requirements 

INSTRUCTIONS

Interested individuals or organizations are invited to submit a brief (one
printed page or 60 80-character email lines of text) abstract of the
presentation/position they are proposing for the Workshop. This abstract
should be submitted via email by 3 May 1999 to 

     docsec@omg.org

Authors of selected presentations will be notified by 11 June 1999. The final
Workshop agenda and registration details will be posted to the following URL
on or about 14 June 1999.

     http://www.omg.org/homepages/docsec/1999/
 

WORKSHOP COMMITTEE

 Chairs:
              Richard Soley, Object Management Group
              David Chizmadia, National Security Agency
 Members:
              Carol Burt, 2AB
              Konstantin Beznosov, Baptist Health Systems
              Bob Blakley, DASCOM
              Martin Chapman, IONA Technologies
              Ed Feustel, IDA
              Bret Hartman, Concept Five
              Polar Humenn, Adiron
              Gene Jarboe, Promia
              Jishnu Mukerji, Hewlett-Packard
              Jon Siegel, Object Management Group
              Andrew Watson, Object Management Group

-- END included message

Prev by Date: usage growth of telemedicine devices
Next by Date: CADSE workshop: Friday 5/14/99
Prev by thread: usage growth of telemedicine devices
Next by thread: CADSE workshop: Friday 5/14/99
Index(es):
- Date
- Thread