next up previous contents
Next: 5.2.1.6 What features does Up: 5.2.1 DAIS Security Previous: 5.2.1.4 Does DAIS conform

5.2.1.5 Why did ICL choose the CSI-ECMA security mechanism in its DAIS Security implementation?

 
Linda Gricius (April, 1998):

Perhaps the best known security mechanism is Kerberos, which was developed by MIT. Kerberos does not provide all of the functionality required by the full CORBA Security model. Therefore, DAIS Security uses a different mechanism called SESAME, because ICL believes that the functionality of the full CORBA model is required to implement enterprise strength security systems. Basically SESAME implements the CSI-ECMA protocol of the CORBA Security interoperability specification. SESAME V4 is essentially Kerberos V5 extended in various ways (and rewritten), in accordance with the ECMA Security standard, known as ECMA-219.

Regardless of the security mechanism used, the DAIS Security service accesses the mechanism via a generic API, called the Generic Security Services API or GSS-API. This is a standard API that presents the same interface to the caller, regardless of the mechanism underneath being used to implement the functions.


next up previous contents
Next: 5.2.1.6 What features does Up: 5.2.1 DAIS Security Previous: 5.2.1.4 Does DAIS conform