There are some related blogs:
www.trustedsoa.org
www.modeldrivensecurity.org
Friday 27 July 2007
ZDnet discussion
There is a related discussion about middleware security and central security management at:
http://talkback.zdnet.com/5208-12408-0.html?forumID=1&threadID=27594&messageID=674416&start=-9996
http://talkback.zdnet.com/5208-12408-0.html?forumID=1&threadID=27594&messageID=674416&start=-9996
Middleware definition
For now, the term will be used for software that resides between an application and the inner workings of the system hosting the application, and that abstracts the complexities of the underlying technology from the application layer. In particular, middleware automatically handles all communications related to invocations between client and target applications, and supports application portability, mechanism flexibility, interoperability, and scalability.
(http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-564.pdf)
(http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-564.pdf)
Middleware security - setting the scene
This blog is about the issues, benefits, opportunities etc. of middleware security. We assume for now that middleware is software such as Web services, CORBA/CCM, JavaEE, OSGi and others (please extend the scope of this blog as needed).
Security for middleware in largeer IT environments is often important because confidential information is sent around between users and applications. The main security issues are (in our opinion):
Security for middleware in largeer IT environments is often important because confidential information is sent around between users and applications. The main security issues are (in our opinion):
1. security mechanisms for message protection, client/target authentication, token transfer etc. (this is the easy bit, see CORBAsec as an example)
2. central security management
2.1. identity management: federated identity management has been proposed and is being used (this is the easier half of security management)
2.2. access management: solutions such as http://www.openpmf.com/ are available (please post other products in the comments and I will weave them in). Simplifying the management complexity is one of the main issues here.
2.3. central compliance monitoring
3. non-repudiation: this is a big questionmark I think
4. accreditation: how to accredit a middleware based system (e.g. common criteria) if you don't know the deployment scenario?
I'm sure there is more, please comment.
Thursday 26 July 2007
Secure middleware or SecureMiddleware
Hello!
Are you looking for SecureMiddleware, the secure CORBA Component Model implementation? If so, please visit:
www.securemiddleware.com
Otherwise, please stay tuned for the discussion. Postings by anyone are welcome, this is intended as an open forum.
Are you looking for SecureMiddleware, the secure CORBA Component Model implementation? If so, please visit:
www.securemiddleware.com
Otherwise, please stay tuned for the discussion. Postings by anyone are welcome, this is intended as an open forum.
Subscribe to:
Posts (Atom)
