next up previous contents
Next: 5.2.1.5 Why did ICL Up: 5.2.1 DAIS Security Previous: 5.2.1.3 What is the

5.2.1.4 Does DAIS conform to CORBASEC specifications?

 
Linda Gricius (March, 1998):

Required functionality - DAIS Security provides near level 2 conformance with the CORBASEC specification. The only Level 2 features not supported are: Multiple credentials for a user Delegation Application level audit and access control Administration by standard policy objects.

Security Functionality Options - DAIS Security does not support non-repudiation - the only CORBASEC option at this time.

Security Replaceability - ORB replaceability isn't supported. The ORB interceptors in DAIS Security version 1 are not standard. Services replaceability is supported (ORB security objects are implemented to CORBA standard interfaces and could therefore be replaced).

Secure Interoperability - In DAIS, secure associations are established using SECIOP messages in DAIS Security, but the SECIOP messages are carried inside IIOP requests rather than following the interoperability standard.

DAIS Security does not support DCE-CIOP.

Conformance to CSI Spec - DAIS (i.e. SESAME) generates full identity and privileges (i.e. it has ECMA PACs), which points DAIS at CSI level 2. But level 2 also has controlled delegation. The first release of DAIS doesn't support delegation, which points DAIS back at level 0. So DAIS does level 0, and bits of level 2 (the privileges in addition to identity), but don't do controlled delegation.


next up previous contents
Next: 5.2.1.5 Why did ICL Up: 5.2.1 DAIS Security Previous: 5.2.1.3 What is the